Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Email hacked, now super sluggish...MBAM, OTL logs included

Started by jmontes , Jun 22 2011 01:54 AM

  • Please log in to reply

#1
jmontes
Posted 22 June 2011 - 01:54 AM

jmontes

    New Member

  • Member
  • Pip
  • 7 posts
Hello!

Recently my email was hacked (5/19/11), but thankfully to GMail they didn't get very far. My account was suspended when someone tried to send various emails containing spam to my contacts. Upon receiving the news, I jumped on to 'Geeks To Go' to see how I should handle the situation. I came across a thread in which someone share some of the same symptoms as what I was facing. I ran MBAM on the same day, which found; 4 infected Registry Keys, 1 folder infected and 5 files infected. I have attached the first log down below. I also ran OTL, which I ran again today (log also down below). Then I had to take a last minute trip to visit family and haven't had time to continue...I have also realized that I don't want to cause any harm to my computer due to my limited knowledge. I hope that I haven't screwed up to bad.

Since then, my computer has been really slow. I know that this computer isn't a beast and what not, but the way it is currently responding is very unusual.

Thank in advance to whoever can help me out...And sorry for the long post.

Jay

Logs_

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6617

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/19/2011 8:45:48 AM
mbam-log-2011-05-19 (08-45-48).txt

Scan type: Quick scan
Objects scanned: 181322
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9B71D88C-C598-4935-C5D1-43AA4DB90836} (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836} (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Bifrost (Bifrose.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost (Bifrose.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\WINDOWS\system32\Bifrost (Backdoor.Bifrose) -> Delete on reboot.

Files Infected:
c:\WINDOWS\system32\Bifrost\server.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\Startup\Computer.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Kids\local settings\temp\server.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\documents and settings\Kids\application data\addons.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\Bifrost\klog.dat (Backdoor.Bifrose) -> Delete on reboot.


OTL logfile created on: 6/22/2011 12:02:50 AM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Kids\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 308.02 Mb Available Physical Memory | 30.10% Memory free
2.23 Gb Paging File | 0.92 Gb Available in Paging File | 41.45% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.78 Gb Total Space | 3.43 Gb Free Space | 6.76% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 0.12 Gb Free Space | 0.16% Space Free | Partition Type: NTFS
Drive E: | 23.75 Gb Total Space | 5.97 Gb Free Space | 25.13% Space Free | Partition Type: NTFS
Drive J: | 23.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive L: | 465.73 Gb Total Space | 309.42 Gb Free Space | 66.44% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Kids | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kids\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
PRC - C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe ()
PRC - C:\Program Files\DCPFLICS\DCPFLICS.exe ()
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Kids\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll ()
SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WSWNDA3100) -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (DCPFLICS) -- C:\Program Files\DCPFLICS\DCPFLICS.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (InstallShield Licensing Service) -- C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe (Macrovision )
SRV - (mi-raysat_3dsMax2009_32) -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (BCMH43XX) -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys (Broadcom Corporation)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\sscdserd.sys (MCCI Corporation)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (WIBUKEY) -- C:\WINDOWS\system32\drivers\WibuKey.sys (WIBU-SYSTEMS AG)
DRV - (nv4) -- C:\WINDOWS\system32\drivers\nv4.sys (NVIDIA Corporation)
DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (Sntnlusb) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)
DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)
DRV - (DS1410D) -- C:\WINDOWS\system32\drivers\ds1410d.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313


FF - HKLM\software\mozilla\Firefox\extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/01/28 00:33:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/19 09:04:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 18:02:31 | 000,000,000 | ---D | M]

[2008/09/02 00:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kids\Application Data\Mozilla\Extensions
[2011/06/21 14:41:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\gnotjeod.default\extensions
[2010/10/22 08:42:13 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\gnotjeod.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/10/22 08:42:10 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\gnotjeod.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2011/06/21 14:41:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\gnotjeod.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/09/04 02:25:21 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\gnotjeod.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010/10/22 08:42:13 | 000,000,000 | ---D | M] ("Better Gmail 2") -- C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\gnotjeod.default\extensions\[email protected]
[2011/03/25 18:02:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/05/19 09:04:08 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/01/07 17:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/03/27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
[2010/07/12 09:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/07/27 09:16:53 | 000,000,057 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivX Download Manager] File not found
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10s_Plugin.exe (Adobe Systems, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\Kids\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Kids\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://i245.photobuc...pg?t=1248751460
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/01 23:09:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/06 08:21:18 | 000,000,082 | R--- | M] () - J:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2011/05/23 03:30:49 | 000,000,000 | ---D | M] - L:\AutoCad -- [ NTFS ]
O33 - MountPoints2\{4d99be8c-a04e-11df-a767-000802c323ea}\Shell - "" = AutoRun
O33 - MountPoints2\{4d99be8c-a04e-11df-a767-000802c323ea}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4d99be8c-a04e-11df-a767-000802c323ea}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{50da0ecb-f916-11df-a779-000802c323ea}\Shell - "" = AutoRun
O33 - MountPoints2\{50da0ecb-f916-11df-a779-000802c323ea}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{50da0ecb-f916-11df-a779-000802c323ea}\Shell\AutoRun\command - "" = J:\unlock.exe -- [2010/09/08 10:51:20 | 005,054,752 | R--- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/16 13:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/16 13:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/16 13:14:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/09 16:17:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kids\Application Data\Brother
[2011/06/09 16:14:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2011/06/09 16:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brother HL-4040CN
[2011/06/09 16:13:49 | 000,019,537 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BRPAR.SYS
[2011/06/09 16:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\Brownie
[2011/06/09 16:09:56 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BROSNMP.DLL
[2011/06/09 16:09:56 | 000,100,920 | ---- | C] (Brother Industries Ltd) -- C:\WINDOWS\System32\BRRBTOOL.EXE
[2011/06/09 16:09:55 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BRLMW03A.DLL
[2011/06/09 16:09:55 | 000,024,223 | ---- | C] (Brother Industries, Ltd) -- C:\WINDOWS\System32\brlm03a.dll
[2011/06/09 16:09:54 | 000,192,512 | ---- | C] (brother) -- C:\WINDOWS\System32\Pdrvinst.dll
[2011/06/09 16:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2011/06/09 16:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kids\Desktop\Fonts
[2011/06/09 16:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kids\Desktop\inthelp
[2011/06/09 16:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kids\Desktop\driver
[2011/06/07 14:35:14 | 025,875,218 | ---- | C] (A.I.SOFT,INC.) -- C:\Documents and Settings\Kids\Desktop\Y06F_C1-inst-A1-enus.EXE
[2011/06/05 17:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kids\Desktop\Disc 1 [MAY]

========== Files - Modified Within 30 Days ==========

[2011/06/21 18:39:08 | 000,000,465 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/06/21 16:22:28 | 006,152,605 | ---- | M] () -- C:\Documents and Settings\Kids\Desktop\This_Is_My_Work_2011_SS_NA.pdf
[2011/06/21 14:14:47 | 000,187,392 | ---- | M] () -- C:\Documents and Settings\Kids\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/18 15:59:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/16 14:00:00 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/16 12:47:49 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/06/16 12:47:17 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/06/16 12:46:34 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/16 12:46:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/16 12:46:06 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/09 16:14:24 | 000,000,026 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2011/06/09 16:14:22 | 000,000,034 | ---- | M] () -- C:\WINDOWS\System32\bd4040cn.dat
[2011/06/09 16:14:01 | 000,020,605 | ---- | M] () -- C:\WINDOWS\HL-4040CN.INI
[2011/06/09 16:14:01 | 000,000,147 | ---- | M] () -- C:\WINDOWS\BRVIDEO.INI
[2011/06/09 16:14:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\brmx2001.ini
[2011/06/09 16:14:00 | 000,000,023 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2011/06/07 14:36:52 | 025,875,218 | ---- | M] (A.I.SOFT,INC.) -- C:\Documents and Settings\Kids\Desktop\Y06F_C1-inst-A1-enus.EXE
[2011/06/07 14:28:25 | 000,202,229 | ---- | M] () -- C:\Documents and Settings\Kids\Desktop\ud150.pdf
[2011/06/07 14:05:22 | 000,000,983 | ---- | M] () -- C:\Documents and Settings\Kids\Start Menu\Programs\Startup\Dropbox.lnk
[2011/06/06 12:09:16 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Kids\Application Data\Adobe PNG Format CS5 Prefs
[2011/06/05 18:04:34 | 000,115,603 | ---- | M] () -- C:\Documents and Settings\Kids\Desktop\barack_obama_print-1319px.png
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/06/21 14:48:04 | 006,152,605 | ---- | C] () -- C:\Documents and Settings\Kids\Desktop\This_Is_My_Work_2011_SS_NA.pdf
[2011/06/16 14:00:00 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/09 16:14:24 | 000,000,465 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/06/09 16:14:24 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/06/09 16:14:22 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\bd4040cn.dat
[2011/06/09 16:14:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011/06/09 16:14:00 | 000,000,147 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2011/06/09 16:14:00 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2011/06/09 16:13:40 | 000,020,605 | ---- | C] () -- C:\WINDOWS\HL-4040CN.INI
[2011/06/09 16:09:56 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2011/06/09 16:09:55 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011/06/09 16:09:54 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BAOCH06A.DAT
[2011/06/07 14:10:08 | 000,202,229 | ---- | C] () -- C:\Documents and Settings\Kids\Desktop\ud150.pdf
[2011/06/05 18:04:29 | 000,115,603 | ---- | C] () -- C:\Documents and Settings\Kids\Desktop\barack_obama_print-1319px.png
[2011/04/18 20:52:59 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2011/03/16 14:55:52 | 001,493,424 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/18 11:21:31 | 000,000,015 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2010/12/28 16:02:17 | 000,139,619 | ---- | C] () -- C:\WINDOWS\hpoins15.dat
[2010/12/28 16:02:17 | 000,001,039 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat
[2010/12/28 13:46:57 | 000,121,299 | ---- | C] () -- C:\WINDOWS\hpoins15.dat.temp
[2010/12/28 13:46:56 | 000,001,037 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat.temp
[2010/12/03 22:09:40 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Kids\Application Data\Adobe IllExport Filter CS5 Prefs
[2010/09/08 00:13:44 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Kids\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2010/08/01 14:14:46 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Kids\Application Data\Adobe PNG Format CS5 Prefs
[2010/07/30 11:03:14 | 000,000,508 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2010/07/30 08:46:40 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/07/30 08:46:40 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/07/30 08:46:40 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/07/30 08:46:40 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/07/30 08:46:40 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/07/30 08:46:40 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/07/30 08:46:40 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/07/30 08:46:40 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/07/30 08:46:40 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/07/30 08:46:40 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/07/30 08:46:40 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/07/30 08:46:40 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/07/30 08:46:40 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/07/30 08:46:40 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/07/30 08:46:40 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/07/30 08:46:40 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/05/29 17:20:00 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/29 17:20:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/29 17:20:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/29 17:20:00 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/29 17:20:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/03 13:11:27 | 000,012,748 | -HS- | C] () -- C:\Documents and Settings\Kids\Local Settings\Application Data\XORQ
[2010/04/03 13:11:27 | 000,012,748 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\XORQ
[2010/03/29 15:15:21 | 000,012,984 | -HS- | C] () -- C:\Documents and Settings\Kids\Local Settings\Application Data\5lRk1
[2010/03/29 15:15:21 | 000,012,984 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5lRk1
[2010/01/23 15:13:49 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/19 13:20:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/21 22:42:50 | 003,803,626 | ---- | C] () -- C:\WINDOWS\System32\loyyex.dll
[2009/12/21 22:42:50 | 003,718,828 | ---- | C] () -- C:\WINDOWS\System32\swinwinjm.dll
[2009/12/21 22:42:50 | 003,718,828 | ---- | C] () -- C:\WINDOWS\System32\ripapiloapi.dll
[2009/12/21 22:42:50 | 003,458,102 | ---- | C] () -- C:\WINDOWS\System32\apiorgy.dll
[2009/12/21 22:42:50 | 003,268,631 | ---- | C] () -- C:\WINDOWS\System32\abety.dll
[2009/12/21 22:42:50 | 003,080,638 | ---- | C] () -- C:\WINDOWS\System32\pjmuplin.dll
[2009/12/21 22:42:50 | 003,036,579 | ---- | C] () -- C:\WINDOWS\System32\pogandar.dll
[2009/12/21 22:42:50 | 003,036,579 | ---- | C] () -- C:\WINDOWS\System32\lincoyerr.dll
[2009/12/21 22:42:50 | 003,036,061 | ---- | C] () -- C:\WINDOWS\System32\apiorjmrip.dll
[2009/12/21 22:42:50 | 002,489,294 | ---- | C] () -- C:\WINDOWS\System32\andornilo.dll
[2009/08/29 19:23:00 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/29 19:22:58 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/08/29 19:22:52 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/29 19:22:52 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/29 19:22:51 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/08/29 19:22:45 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/09 11:09:03 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Kids\Application Data\$_hpcst$.hpc
[2008/09/23 21:18:54 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/12 10:58:14 | 000,057,552 | ---- | C] () -- C:\WINDOWS\System32\WkDos.exe
[2008/09/11 00:56:27 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/09/08 18:23:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/05 19:17:02 | 001,228,854 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\OrbError.bmp
[2008/09/04 11:38:55 | 000,187,392 | ---- | C] () -- C:\Documents and Settings\Kids\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/02 05:54:25 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2008/09/02 05:53:34 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
[2008/09/02 04:32:32 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\BongoSDK.10.v40.dll
[2008/09/02 04:32:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\BongoSDK.dll
[2008/09/02 00:03:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/01 23:26:00 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2008/09/01 23:12:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/01 23:07:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/01 15:55:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/01 15:54:24 | 006,364,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 05:00:00 | 000,435,590 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 05:00:00 | 000,068,360 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/23 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 05:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/10/24 13:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASGvis
[2009/12/06 04:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/07/30 08:40:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/01/23 20:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Anarchy
[2010/07/30 10:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/02/07 01:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2009/05/30 12:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McNeel
[2008/09/04 17:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2010/07/27 09:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/01/26 12:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/05/16 15:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime
[2010/02/14 22:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/23 02:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TSplines
[2010/11/29 03:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/06/12 23:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/29 11:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\ArchVision Viewport
[2009/08/01 16:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\Autodesk
[2011/06/20 16:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\BitTorrent
[2010/07/30 08:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\Canon
[2009/10/28 16:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/16 12:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\DNA
[2011/06/16 12:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\Dropbox
[2010/12/15 02:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\Local
[2010/04/05 21:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\OxelonMC
[2009/03/02 12:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\Research In Motion
[2010/07/27 11:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/06/16 12:47:17 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF

< End of report >

Edited by jmontes, 22 June 2011 - 01:59 AM.

  • 0

Advertisements

#2
jmontes
Posted 01 July 2011 - 09:50 PM

jmontes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Bump!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP