A LOT of trojans

mastersne · #1 September 20th, 2008, 04:56 PM

I recently had a problem with viruses on my computer and I took it to the personal computing services and they ran numerous antivirus/ spyware removal programs for over 5 hours. And when i left they said everything was fine and dandy. But when i got back to my apartment and turned on my computer, windows detected trojans and now around every 10 min or so it pops up a window saying it detected one of the following.
Either
Trojan-Downloader.Win32.Agent.bq
OR
Trojan-Spy-Win32.Keylogger.aa

I ran OTViewIt and ill paste the log:
OTViewIt logfile created on: 9/20/2008 11:46:39 AM - Run 1
OTViewIt by OldTimer - Version 1.0.7.0 Folder = C:\Documents and Settings\Master Sne\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 274.62 Mb Available Physical Memory | 27.07% Memory free
2.38 Gb Paging File | 1.67 Gb Available in Paging File | 69.90% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.44 Gb Total Space | 7.43 Gb Free Space | 10.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 18.55 Gb Total Space | 1.27 Gb Free Space | 6.86% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MASTERSNE
Current User Name: Master Sne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
Files within: 30 Days

========== Processes - Non-Microsoft Only ==========
[2005/11/12 03:41:48 | 00,018,944 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
[2008/04/18 05:30:43 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
[2008/09/17 11:54:20 | 00,065,536 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xmhizsta\pedmneda.exe
[2008/07/09 17:33:34 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2008/09/17 11:54:20 | 00,090,112 | ---- | M] () -- C:\WINDOWS\system32\fmxunqfg.exe
[2008/09/20 11:46:27 | 00,424,448 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Master Sne\Desktop\OTViewIt.exe
[2008/09/17 11:54:20 | 00,090,112 | ---- | M] () -- C:\WINDOWS\system32\fmxunqfg.exe

========== (O23) Win32 Services - Non-Microsoft Only ==========

[2008/04/18 05:30:43 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater [Auto | Running])
[2005/11/12 03:41:48 | 00,018,944 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])

========== Driver Services - Non-Microsoft Only ==========

File not found -- C:\ComboFix\catchme.sys -- (catchme [On_Demand | Stopped])
[2008/09/12 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/08/25 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080917.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/08/25 04:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080917.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
File not found -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"SearchMigratedDefaultName"=Search
"SearchMigratedDefaultURL"=http://windowsisearch.com/search?q={searchTerms}
"Start Page"=http://www.comcast.net/

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
"Start Page"=http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL\w]
""=http://windowsisearch.com/search?q=%s

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
"Default_Search_URL"=http://windowsisearch.com
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://windowsisearch.com
"SearchMigratedDefaultName"=Search
"SearchMigratedDefaultURL"=http://windowsisearch.com/search?q={searchTerms}
"Start Page"=about:blank

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://windowsisearch.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=cand

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\w]
""=http://windowsisearch.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{144A6B24-0EBC-4D89-BF09-A06A718E57B5}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{5CBE2611-C31B-401F-89BC-4CBB25E853D7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{7EFBC57C-CD57-481F-B794-648FCE9C9116}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvChe ck.exe -CheckReg ()
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"appapi"=C:\WINDOWS\system32\fmxunqfg.exe ()
"ares destiny"="C:\Program Files\Ares Destiny\Ares.exe" -h File not found
"Somefox"=C:\DOCUME~1\MASTER~1\LOCALS~1\Temp\a .exe File not found
"wblogon"=C:\WINDOWS\system32\algg.exe File not found

mastersne · #2 September 20th, 2008, 04:57 PM

========== (O4) Startup Folders ==========

File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Odometer.exe.lnk = C:\Program Files\Odometer\Odometer.exe
[2007/12/03 20:18:18 | 00,006,144 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
"NoDrives"=0

"0v6In41lPv"=C:\Documents and Settings\All Users\Application Data\xmhizsta\pedmneda.exe -- [2008/09/17 11:54:20 | 00,065,536 | ---- | M] ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\R oyale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale. the -- File not found
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\System]
"DisableTaskMgr"=1
"NoDispBackgroundPage"=1
"NoDispScrSavPage"=1

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AIM Search: c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html [2006/09/07 16:59:50 | 00,000,747 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- Reg Error: Key does not exist or could not be opened. File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/control...ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains\]
3 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{5F8469B4-B055-49DD-83F7-62B522420ECC}: http://upload.facebook.com/controls/...toUploader.cab -- Facebook Photo Uploader Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/...ndows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab -- Java Plug-in 1.5.0_03
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_03
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub...sh/swflash.cab -- Shockwave Flash Object
{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}: http://download.microsoft.com/downlo...4/clearadj.cab -- CTAdjust Class
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}: -- Reg Error: Value does not exist or could not be read.

========== (O17) DNS Name Servers ==========

{0EDE5F68-098E-4A78-8AA8-F19EEEC430B6} (Servers: | Description: 1394 Net Adapter)
{2E67D1E9-360C-4529-B80C-1B7241B016B3} (Servers: | Description: Dell Wireless 1390 WLAN Mini-Card)
{43D74EA1-18D0-404D-993B-97BED984E954} (Servers: | Description: )
{82246E8D-CEBC-40E5-BB27-BF82CF115A18} (Servers: | Description: )
{EB839A4B-CDAE-4175-82F6-88B3EACA71BC} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/08/16 05:43:04 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun]
""=Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command]
""=E:\setup.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{93dfe8ed-4f4a-11db-acf2-00038a000015}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{93dfe8ed-4f4a-11db-acf2-00038a000015}\Shell\AutoRun]
""=Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{93dfe8ed-4f4a-11db-acf2-00038a000015}\Shell\AutoRun\command]
""=E:\LaunchU3.exe -- File not found

mastersne · #3 September 20th, 2008, 04:57 PM

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{a3b84850-c86f-11db-ad65-00038a000015}\Shell\Auto\command]
""=RavMonE.exe e

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{a3b84850-c86f-11db-ad65-00038a000015}\Shell\AutoRun]
""=Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\F\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\F\Shell\AutoRun]
""=Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\F\Shell\AutoRun\co mmand]
""=F:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/09/20 11:46:26 | 00,424,448 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Master Sne\Desktop\OTViewIt.exe
[2008/09/20 00:41:20 | 00,142,848 | ---- | C] () -- C:\Documents and Settings\Master Sne\My Documents\dan lee lab #1.doc
[2008/09/19 18:28:31 | 01,240,726 | ---- | C] () -- C:\Documents and Settings\Master Sne\Desktop\chicken awesomeness.psd
[2008/09/19 16:11:49 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/09/19 16:07:24 | 10,637,14816 | -HS- | C] () -- C:\hiberfil.sys
[2008/09/19 15:54:32 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\swxcacls.exe
[2008/09/19 15:54:32 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2008/09/19 15:54:32 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\swsc.exe
[2008/09/19 15:54:32 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/09/19 15:54:32 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/09/19 15:54:32 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/09/19 15:54:32 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/09/19 15:54:32 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFind.exe
[2008/09/19 15:54:32 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\Nircmd.exe
[2008/09/19 15:51:44 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/09/19 15:51:43 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/19 15:51:42 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/18 09:52:07 | 00,073,216 | ---- | C] () -- C:\Documents and Settings\Master Sne\My Documents\ps 333 notes set #1.doc
[2008/09/17 11:54:20 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\fmxunqfg.exe
[2008/09/17 11:53:56 | 00,123,396 | ---- | C] () -- C:\WINDOWS\System32\msxml71.dll
[2008/09/15 23:12:30 | 00,123,643 | ---- | C] () -- C:\Documents and Settings\Master Sne\Desktop\Absentee_ballot-eng-7.18.07.pdf
[2008/09/14 21:41:34 | 02,178,342 | ---- | C] () -- C:\WINDOWS\System32\WebEx Document Loader Port
[2008/09/14 16:25:17 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Master Sne\Desktop\True North.doc
[2008/09/14 12:36:41 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\Master Sne\My Documents\CH 421 Lab #1.xls
[2008/09/14 11:57:53 | 00,057,344 | ---- | C] () -- C:\Documents and Settings\Master Sne\My Documents\CH 421 Lab #1.doc
[2008/09/09 18:28:36 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2008/09/09 18:23:48 | 00,023,992 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\pnarp.sys
[2008/09/09 18:23:40 | 00,025,272 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\purendis.sys
[2008/09/09 10:26:24 | 00,015,086 | ---- | C] () -- C:\WINDOWS\ComcastWebmail.ico
[2008/09/09 10:09:46 | 00,001,256 | ---- | C] () -- C:\net_save.dna
[2008/09/05 14:11:48 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Master Sne\My Documents\things to do.doc

========== Files - Modified Within 30 days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\Master Sne\My Documents\*.tmp files]
[2008/09/20 11:46:27 | 00,424,448 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Master Sne\Desktop\OTViewIt.exe
[2008/09/20 00:41:20 | 00,142,848 | ---- | M] () -- C:\Documents and Settings\Master Sne\My Documents\dan lee lab #1.doc
[2008/09/19 19:24:17 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Master Sne\My Documents\CH 421 Lab #1.xls
[2008/09/19 18:58:42 | 00,057,344 | ---- | M] () -- C:\Documents and Settings\Master Sne\My Documents\CH 421 Lab #1.doc
[2008/09/19 17:16:43 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2008/09/19 17:15:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/09/19 17:15:48 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/09/19 17:15:45 | 10,637,14816 | -HS- | M] () -- C:\hiberfil.sys
[2008/09/19 16:15:05 | 00,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
[2008/09/19 16:11:49 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/09/19 16:10:26 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/19 16:00:46 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/09/19 15:51:44 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/09/19 10:59:30 | 00,004,876 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/09/18 17:21:30 | 01,240,726 | ---- | M] () -- C:\Documents and Settings\Master Sne\Desktop\chicken awesomeness.psd
[2008/09/18 09:52:08 | 00,073,216 | ---- | M] () -- C:\Documents and Settings\Master Sne\My Documents\ps 333 notes set #1.doc
[2008/09/17 23:08:08 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/09/17 11:54:20 | 00,090,112 | ---- | M] () -- C:\WINDOWS\System32\fmxunqfg.exe
[2008/09/17 11:53:56 | 00,123,396 | ---- | M] () -- C:\WINDOWS\System32\msxml71.dll
[2008/09/15 23:12:30 | 00,123,643 | ---- | M] () -- C:\Documents and Settings\Master Sne\Desktop\Absentee_ballot-eng-7.18.07.pdf
[2008/09/14 21:43:41 | 02,178,342 | ---- | M] () -- C:\WINDOWS\System32\WebEx Document Loader Port
[2008/09/14 16:17:51 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Master Sne\Desktop\True North.doc
[2008/09/13 00:16:06 | 03,290,621 | ---- | M] () -- C:\Documents and Settings\Master Sne\Application Data\com.kennettnet.MusicRescueProfiles.plist
[2008/09/13 00:16:02 | 00,003,297 | ---- | M] () -- C:\Documents and Settings\Master Sne\Application Data\com.kennettnet.MusicRescue.plist
[2008/09/10 22:57:27 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Master Sne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/10 22:45:32 | 00,006,580 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/09/10 21:42:51 | 00,052,736 | ---- | M] () -- C:\Documents and Settings\Master Sne\My Documents\RESUME.doc
[2008/09/10 07:39:08 | 00,173,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/10 07:28:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/10 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/10 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/09 18:36:48 | 00,046,712 | ---- | M] () -- C:\Documents and Settings\Master Sne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/09 18:34:42 | 00,590,502 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/09 18:34:42 | 00,492,250 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/09 18:34:42 | 00,089,208 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/09 10:09:46 | 00,001,256 | ---- | M] () -- C:\net_save.dna
[2008/09/05 14:13:34 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Master Sne\My Documents\things to do.doc
[2008/08/26 16:28:12 | 16,208,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

< End of report >

THANKSSSS