I am not sure if i am infected. While searching through image results on Google images with Firefox 4.0b6 a new tab popped open and brought me to hxxp://www3.new-protectionsoft26.in. It said I am infected with several viruses. I quickly recognized this as a Rouge alert and terminated Firefox via task manager. I don't appear to be infected. I did however find three copies of a suspicious file which VirusTotal detected by 17 scanners various things including variants of Koobface-G TDSS. Most however just said it was a generic Fake-AV or Trojan. So far I have scanned with Malwarebytes Kaspersky's TDSSKiller and I Have McAfee VirusScan installed all of which came up negative except for malwarebytes which said that windows security was disabled. I expected this, however, because I intentionally did this to avoid the annoying popups that McAfee was out of date, when I knew that it was not. Could someone please take a look at my OTL log to confirm that I am not infected. Once again I have no symptoms. There are no popups, or search redirects. I am able to fully access task manager and regedit. I did scan scan with HijackThis, before I realized that it should be an OTL log. I have this log available if you would like to see it. Thank you for your help!
OTL logfile created on: 10/29/2010 3:21:03 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Estano\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.71 Gb Total Space | 78.34 Gb Free Space | 70.13% Space Free | Partition Type: NTFS
Computer Name: HOME-WSUGSMUL5V | User Name: Estano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2010/10/29 15:05:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Estano\Desktop\OTL.exe
PRC - [2010/09/15 21:15:00 | 000,923,096 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 2\firefox.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/12/10 11:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
PRC - [2009/11/27 12:04:44 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2009/10/22 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2009/10/22 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/10/22 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2009/10/22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009/10/22 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009/10/22 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/08/25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/08/25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/08/25 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/02/20 13:23:26 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/02/25 21:52:30 | 001,855,488 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe
========== Modules (SafeList) ==========
MOD - [2010/10/29 15:05:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Estano\Desktop\OTL.exe
MOD - [2004/08/04 00:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/27 12:04:44 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2009/11/05 16:08:36 | 000,360,529 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/10/22 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009/10/22 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2009/10/22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009/10/22 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/02/20 13:23:26 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/06/24 09:41:36 | 000,057,344 | ---- | M] (Cepstral, LLC) [Auto | Stopped] -- C:\Program Files\Cepstral\bin\CepstralLicSrv.exe -- (Cepstral License Server)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\Belkin\F5D705~1\GTNDIS5.SYS -- (GTNDIS5)
DRV - [2010/07/09 18:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/11/25 12:21:00 | 001,710,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2009/10/22 20:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/10/22 20:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/10/22 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/10/22 20:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009/10/22 20:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/10/22 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/01/30 17:13:20 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/09/25 18:07:00 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/05/07 22:53:36 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/05/07 22:52:56 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2008/05/07 22:52:50 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/10/02 04:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006/04/17 16:54:12 | 000,014,336 | ---- | M] (YAMAHA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ymidusb.sys -- (YMIDUSB)
DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2002/11/17 23:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci)
DRV - [1999/06/10 13:20:00 | 000,006,112 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cdenable.sys -- (cdenable)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/22 18:48:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 2\components [2010/10/06 14:04:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 2\plugins
[2010/08/14 19:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Estano\Application Data\Mozilla\Extensions
[2010/09/20 07:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Estano\Application Data\Mozilla\Firefox\Profiles\yl8wyk8i.default\extensions
[2010/09/20 07:29:14 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Estano\Application Data\Mozilla\Firefox\Profiles\yl8wyk8i.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
O1 HOSTS File: ([2003/07/16 12:23:48 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1282080104421 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Estano\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Estano\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/13 13:34:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/10/29 15:05:32 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Estano\Desktop\OTL.exe
[2010/10/29 14:56:13 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Estano\Desktop\HijackThis.exe
[2010/10/27 08:59:53 | 004,411,392 | ---- | C] (Gabest) -- C:\Documents and Settings\Estano\Desktop\mplayerc.exe
[2010/10/26 20:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Cepstral
[2010/10/26 19:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource
[2010/10/15 21:06:28 | 000,007,424 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System\NOBOOT1.VBX
[2010/10/15 21:06:27 | 000,000,000 | ---D | C] -- C:\KISS
[2010/10/06 14:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/06 14:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/06 14:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/06 13:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/06 09:27:25 | 000,000,000 | ---D | C] -- C:\TLCWIN
[2010/10/06 08:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/04 21:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Tunatic
[2010/10/04 21:29:49 | 002,228,534 | ---- | C] ( ) -- C:\Documents and Settings\Estano\My Documents\audacity-win-1.2.6.exe
[2010/10/04 21:29:37 | 001,512,927 | ---- | C] (Audacity Team ) -- C:\Documents and Settings\Estano\My Documents\LADSPA_plugins-win-0.4.15.exe
[2010/10/04 21:29:21 | 000,421,346 | ---- | C] ( ) -- C:\Documents and Settings\Estano\My Documents\Lame_v3.98.2_for_Audacity_on_Windows.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/10/29 15:15:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/29 15:05:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Estano\Desktop\OTL.exe
[2010/10/29 14:56:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Estano\Desktop\HijackThis.exe
[2010/10/29 14:48:57 | 000,271,347 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\packupdate107_179.zip
[2010/10/29 13:53:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/29 13:53:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/29 12:02:33 | 000,691,205 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\Wfm.jpg
[2010/10/29 11:52:53 | 000,002,401 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Run WeatherSTAR 4000 emulator.lnk
[2010/10/29 10:38:49 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\Microsoft Office Word 2003.lnk
[2010/10/29 10:33:37 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\Estano\My Documents\RSE2.doc
[2010/10/29 10:16:52 | 000,000,534 | ---- | M] () -- C:\WINDOWS\entpack.ini
[2010/10/29 10:16:01 | 000,208,764 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\chip.zip
[2010/10/29 09:50:53 | 001,278,081 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\pi.mp3
[2010/10/28 22:35:35 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/28 17:09:47 | 000,042,324 | ---- | M] () -- C:\Documents and Settings\Estano\My Documents\waitingformagictotalremix7.ove
[2010/10/28 16:25:58 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\WFMAOB.mid
[2010/10/28 09:32:36 | 000,000,032 | ---- | M] () -- C:\WINDOWS\CD_Start.INI
[2010/10/27 14:34:42 | 000,528,762 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\io9000.wav
[2010/10/27 09:39:46 | 000,031,119 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\wfm.mid
[2010/10/27 09:38:22 | 020,556,538 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\Track08-2.wav
[2010/10/27 09:01:33 | 041,113,004 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\Track08.wav
[2010/10/27 08:59:43 | 002,079,423 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\mplayerc_20100214.zip
[2010/10/26 19:55:05 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Simple TTS Reader.lnk
[2010/10/26 19:36:27 | 000,733,274 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\splash.wav
[2010/10/26 13:26:21 | 000,282,340 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\tgo.wav
[2010/10/26 13:17:07 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Estano\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/26 13:16:58 | 180,964,174 | ---- | M] () -- C:\vidplay1.avi
[2010/10/26 12:50:54 | 000,069,802 | ---- | M] () -- C:\Documents and Settings\Estano\My Documents\tgo.wv
[2010/10/18 10:47:38 | 000,074,149 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\cb.jpg
[2010/10/16 18:14:34 | 000,151,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/15 21:09:47 | 000,000,797 | ---- | M] () -- C:\WINDOWS\KISS.dal
[2010/10/15 21:09:47 | 000,000,576 | ---- | M] () -- C:\WINDOWS\KISS.INI
[2010/10/15 09:28:27 | 056,053,629 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\videoplayback[1].mp4
[2010/10/15 08:46:05 | 000,006,973 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\nirvana-a.jpg
[2010/10/14 19:05:09 | 000,055,829 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\1988-Ford-F25.jpg
[2010/10/14 17:34:28 | 000,194,266 | ---- | M] () -- C:\Documents and Settings\Estano\My Documents\youcantguesswhatisinhere.7z
[2010/10/06 14:04:11 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/06 09:28:17 | 000,000,632 | ---- | M] () -- C:\WINDOWS\E-REGTLC.INI
[2010/10/06 09:27:25 | 000,000,106 | ---- | M] () -- C:\WINDOWS\TLCAPPS.INI
[2010/10/06 08:04:26 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/04 22:10:10 | 000,043,137 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\2 unlimited - no limit(2).mid
[2010/10/04 22:08:48 | 000,039,049 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\no_limit.mid
[2010/10/04 21:45:12 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\Tunatic.lnk
[2010/10/04 21:43:34 | 000,009,096 | ---- | M] () -- C:\Documents and Settings\Estano\My Documents\foofle.wav
[2010/10/04 21:30:10 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Estano\Desktop\Audacity.lnk
[2010/10/04 21:29:50 | 002,228,534 | ---- | M] ( ) -- C:\Documents and Settings\Estano\My Documents\audacity-win-1.2.6.exe
[2010/10/04 21:29:38 | 001,512,927 | ---- | M] (Audacity Team ) -- C:\Documents and Settings\Estano\My Documents\LADSPA_plugins-win-0.4.15.exe
[2010/10/04 21:29:25 | 000,421,346 | ---- | M] ( ) -- C:\Documents and Settings\Estano\My Documents\Lame_v3.98.2_for_Audacity_on_Windows.exe
[2010/10/04 21:27:26 | 000,603,738 | ---- | M] () -- C:\Documents and Settings\Estano\My Documents\tgo.wav
[2010/09/29 15:44:09 | 000,034,050 | ---- | M] () -- C:\WINDOWS\System32\CoreWavPack-uninstall.exe
[2010/09/29 15:43:42 | 000,349,972 | ---- | M] () -- C:\Documents and Settings\Estano\My Documents\wavpack-4.60.1.zip
[2010/09/29 15:43:36 | 000,106,335 | ---- | M] () -- C:\Documents and Settings\Estano\My Documents\CoreWavPack-1.1.1-Setup.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/10/29 14:48:57 | 000,271,347 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\packupdate107_179.zip
[2010/10/29 12:02:31 | 000,691,205 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\Wfm.jpg
[2010/10/29 10:16:46 | 000,000,534 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2010/10/29 10:16:00 | 000,208,764 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\chip.zip
[2010/10/29 09:50:51 | 001,278,081 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\pi.mp3
[2010/10/28 16:25:58 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\WFMAOB.mid
[2010/10/27 14:34:39 | 000,528,762 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\io9000.wav
[2010/10/27 10:16:57 | 000,042,324 | ---- | C] () -- C:\Documents and Settings\Estano\My Documents\waitingformagictotalremix7.ove
[2010/10/27 09:39:42 | 000,031,119 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\wfm.mid
[2010/10/27 09:36:38 | 020,556,538 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\Track08-2.wav
[2010/10/27 09:00:49 | 041,113,004 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\Track08.wav
[2010/10/27 08:59:43 | 002,079,423 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\mplayerc_20100214.zip
[2010/10/26 19:55:05 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Simple TTS Reader.lnk
[2010/10/26 19:36:27 | 000,733,274 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\splash.wav
[2010/10/26 13:26:21 | 000,282,340 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\tgo.wav
[2010/10/26 13:16:31 | 180,964,174 | ---- | C] () -- C:\vidplay1.avi
[2010/10/26 12:50:54 | 000,069,802 | ---- | C] () -- C:\Documents and Settings\Estano\My Documents\tgo.wv
[2010/10/25 15:18:10 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\Estano\My Documents\RSE2.doc
[2010/10/18 10:47:32 | 000,074,149 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\cb.jpg
[2010/10/15 21:07:23 | 000,039,731 | ---- | C] () -- C:\WINDOWS\SETUP1.EXE
[2010/10/15 21:07:23 | 000,007,008 | ---- | C] () -- C:\WINDOWS\System\SETUPKIT.DLL
[2010/10/15 21:06:28 | 000,180,480 | ---- | C] () -- C:\WINDOWS\System\LTKRN62W.DLL
[2010/10/15 21:06:28 | 000,161,792 | ---- | C] () -- C:\WINDOWS\System\LFFAX62W.DLL
[2010/10/15 21:06:28 | 000,140,928 | ---- | C] () -- C:\WINDOWS\System\LFCMP62W.DLL
[2010/10/15 21:06:28 | 000,055,136 | ---- | C] () -- C:\WINDOWS\System\LTIMG62W.DLL
[2010/10/15 21:06:28 | 000,054,320 | ---- | C] () -- C:\WINDOWS\System\LTVBX62W.VBX
[2010/10/15 21:06:28 | 000,040,640 | ---- | C] () -- C:\WINDOWS\System\LFTIF62W.DLL
[2010/10/15 21:06:28 | 000,025,216 | ---- | C] () -- C:\WINDOWS\System\LTFIL62W.DLL
[2010/10/15 21:06:28 | 000,016,960 | ---- | C] () -- C:\WINDOWS\System\LTTWN62W.DLL
[2010/10/15 21:06:28 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System\LFBMP62W.DLL
[2010/10/15 21:06:28 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System\LFGIF62W.DLL
[2010/10/15 21:06:28 | 000,004,698 | ---- | C] () -- C:\WINDOWS\System\VRBTD.386
[2010/10/15 21:06:27 | 000,127,023 | ---- | C] () -- C:\WINDOWS\KISS.SCR
[2010/10/15 21:06:27 | 000,000,797 | ---- | C] () -- C:\WINDOWS\KISS.dal
[2010/10/15 21:06:27 | 000,000,576 | ---- | C] () -- C:\WINDOWS\KISS.INI
[2010/10/15 09:30:30 | 056,053,629 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\videoplayback[1].mp4
[2010/10/15 08:46:01 | 000,006,973 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\nirvana-a.jpg
[2010/10/14 19:05:07 | 000,055,829 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\1988-Ford-F25.jpg
[2010/10/14 17:34:27 | 000,194,266 | ---- | C] () -- C:\Documents and Settings\Estano\My Documents\youcantguesswhatisinhere.7z
[2010/10/06 14:11:02 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/06 14:04:11 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/06 09:28:10 | 000,000,632 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2010/10/06 09:27:25 | 000,000,106 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2010/10/06 08:04:26 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/04 22:10:08 | 000,043,137 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\2 unlimited - no limit(2).mid
[2010/10/04 22:08:46 | 000,039,049 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\no_limit.mid
[2010/10/04 21:45:12 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Estano\Desktop\Tunatic.lnk
[2010/10/04 21:41:43 | 000,009,096 | ---- | C] () -- C:\Documents and Settings\Estano\My Documents\foofle.wav
[2010/10/04 21:27:26 | 000,603,738 | ---- | C] () -- C:\Documents and Settings\Estano\My Documents\tgo.wav
[2010/09/29 15:44:34 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\Estano\My Documents\wavpack.exe
[2010/09/29 15:44:09 | 000,034,050 | ---- | C] () -- C:\WINDOWS\System32\CoreWavPack-uninstall.exe
[2010/09/29 15:43:42 | 000,349,972 | ---- | C] () -- C:\Documents and Settings\Estano\My Documents\wavpack-4.60.1.zip
[2010/09/29 15:43:35 | 000,106,335 | ---- | C] () -- C:\Documents and Settings\Estano\My Documents\CoreWavPack-1.1.1-Setup.exe
[2010/08/30 08:05:49 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2010/08/27 22:31:31 | 000,001,115 | ---- | C] () -- C:\WINDOWS\HFVExplorer.INI
[2010/08/27 21:52:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010/08/27 21:43:20 | 000,006,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdenable.sys
[2010/08/23 12:23:07 | 000,000,508 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2010/08/17 17:12:15 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2010/08/16 13:38:46 | 000,000,103 | ---- | C] () -- C:\WINDOWS\maketerr.ini
[2010/08/16 12:16:15 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2010/08/16 12:00:40 | 000,000,166 | ---- | C] () -- C:\WINDOWS\BasiliskII.ini
[2010/08/16 11:27:21 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Estano\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/15 09:29:54 | 000,000,638 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/08/14 21:34:16 | 000,000,507 | ---- | C] () -- C:\WINDOWS\LMAAM2DD.ini
[2010/08/14 21:16:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/14 20:36:07 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Estano\Local Settings\Application Data\fusioncache.dat
[2010/08/14 17:47:08 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/14 17:19:46 | 000,839,680 | R--- | C] () -- C:\WINDOWS\System32\timiditydrv.dll
[2010/08/13 14:40:39 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2010/08/13 14:39:26 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2010/08/13 14:37:40 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010/08/13 14:37:40 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010/08/13 09:26:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/06/19 08:59:36 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/04/20 07:57:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2003/07/16 12:37:58 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2010/09/05 11:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buena Vista Games
[2010/08/14 20:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/08/19 16:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAMAHA
[2010/08/28 22:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/18 12:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Estano\Application Data\GenieSoft
[2010/08/19 14:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Estano\Application Data\Open Watcom
[2010/10/21 15:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Estano\Application Data\Sony Online Entertainment
[2010/09/08 17:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Estano\Application Data\Unity
========== Purity Check ==========
< End of report >
Edited by Printer66, 29 October 2010 - 01:35 PM.