(you can delete the topic I accidentally posted in the other sub forum >_>)
Problems With Rogue Antispyware and Redirection Problems [Closed]
Started by
Androyddd
, Apr 24 2010 10:53 AM
-
This topic is locked
#1
Posted 24 April 2010 - 10:53 AM
Androyddd
-
- Member
-
- 3 posts
New Member
(you can delete the topic I accidentally posted in the other sub forum >_>)
#2
Posted 24 April 2010 - 11:45 AM
andrewuk
-
- Malware Removal
-
- 5,297 posts
Trusted Helper
Hello Androyddd
welcome to this part of geekstogo
lets get some upto date logs for me to analyse.
====STEP 1====
go to http://www.geekstogo...uide-t2852.html and run GMER Rootkit Scanner in Step Four: Rootkit Detection
====STEP 2====
from the same page, go to Step Five: Post an OTL Log and run the OTL log, include the custom scan as explained on that page.
In your next reply could i see:
1. the GMER log
2. the OTL log
The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.
andrewuk
welcome to this part of geekstogo
lets get some upto date logs for me to analyse.
====STEP 1====
go to http://www.geekstogo...uide-t2852.html and run GMER Rootkit Scanner in Step Four: Rootkit Detection
====STEP 2====
from the same page, go to Step Five: Post an OTL Log and run the OTL log, include the custom scan as explained on that page.
In your next reply could i see:
1. the GMER log
2. the OTL log
The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.
andrewuk
#3
Posted 24 April 2010 - 07:22 PM
Androyddd
- Topic Starter
-
- Member
-
- 3 posts
New Member
GMER
OTL.txt
GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-24 18:04:29 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\Andrew\LOCALS~1\Temp\uxwoikoc.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB99CD000, 0x1C5D38, 0xE8000020] .rsrc C:\WINDOWS\system32\DRIVERS\mouclass.sys entry point in ".rsrc" section [0xBA4A4814] ? C:\WINDOWS\system32\cbdf.sys The process cannot access the file because it is being used by another process. ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Explorer.EXE[232] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A .text C:\WINDOWS\Explorer.EXE[232] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A .text C:\WINDOWS\Explorer.EXE[232] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C .text C:\WINDOWS\System32\svchost.exe[1000] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A .text C:\WINDOWS\System32\svchost.exe[1000] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84] .text C:\WINDOWS\System32\svchost.exe[1000] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A .text C:\WINDOWS\System32\svchost.exe[1000] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C .text C:\WINDOWS\System32\svchost.exe[1000] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00DE000A .text C:\Program Files\Mozilla Firefox\firefox.exe[2896] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 011D000A .text C:\Program Files\Mozilla Firefox\firefox.exe[2896] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 011E000A .text C:\Program Files\Mozilla Firefox\firefox.exe[2896] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 011C000C ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Tcp cbdf.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device -> \Driver\atapi \Device\Harddisk0\DR0 8A813AC8 ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\DRIVERS\mouclass.sys suspicious modification File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ----
OTL.txt
OTL logfile created on: 4/24/2010 6:10:15 PM - Run 2
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Andrew\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.52 Gb Total Space | 11.37 Gb Free Space | 12.84% Space Free | Partition Type: NTFS
Drive D: | 37.27 Gb Total Space | 37.19 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
Drive E: | 4.63 Gb Total Space | 2.24 Gb Free Space | 48.36% Space Free | Partition Type: FAT32
Drive F: | 650.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CARE-536F9C51C8
Current User Name: Andrew
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2010/04/24 09:29:14 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\My Documents\Downloads\OTL.exe
PRC - [2010/04/23 04:26:21 | 000,037,380 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
PRC - [2010/04/02 17:17:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/09/17 14:27:18 | 000,565,248 | ---- | M] (FRYS Corp.) -- C:\Program Files\FRYS\FR-300USB revA\wirelesscm.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr .exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc .exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/10/16 20:20:20 | 000,073,728 | ---- | M] () -- C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - [2010/04/24 09:29:14 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\My Documents\Downloads\OTL.exe
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2010/04/23 04:26:21 | 000,037,380 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/07 12:44:18 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/02/11 19:12:38 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\FRYS\FR-300USB revA\WLSVC.exe -- (WLSVC)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2010/04/23 07:10:06 | 000,075,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\cbdf.sys -- (cbdf)
DRV - [2009/09/29 21:18:22 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/08/05 22:23:22 | 000,588,032 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/03/25 15:29:52 | 000,130,432 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 10:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2008/01/04 20:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2006/11/30 23:54:02 | 000,610,816 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/07/26 18:24:00 | 004,258,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2001/09/18 12:00:00 | 000,167,816 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\omcamvid.sys -- (OVT511Plus)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MASPINT.SYS -- (MASPINT)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.saveswatts.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.7.4
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.1.6
FF - prefs.js..extensions.enabledItems: [email protected]:0.1.4
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351}:0.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=108&ei=utf-8&yahoo_domain=search.yahoo.com&p="
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/19 08:47:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/24 07:07:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/24 07:08:16 | 000,000,000 | ---D | M]
[2009/01/03 23:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Extensions
[2010/04/24 07:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\k88tyz8v.default\extensions
[2009/11/01 00:42:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\k88tyz8v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/20 20:25:21 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\k88tyz8v.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}(2)
[2010/04/03 08:49:23 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\k88tyz8v.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010/04/04 18:50:36 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\k88tyz8v.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/04/23 20:58:10 | 000,000,000 | ---D | M] (Personas Rotator) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\k88tyz8v.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
[2010/04/22 09:51:11 | 000,000,000 | ---D | M] (Personas Rotator) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\k88tyz8v.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}(2)
[2010/04/23 20:58:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\k88tyz8v.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/04/22 09:51:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\k88tyz8v.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}(2)
[2010/04/03 08:14:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\k88tyz8v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/22 09:51:25 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\k88tyz8v.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}(2)
[2010/04/03 08:49:19 | 000,000,000 | ---D | M] (Yoono) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\k88tyz8v.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
[2010/04/03 08:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\k88tyz8v.default\extensions\[email protected]
[2010/04/03 08:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\k88tyz8v.default\extensions\[email protected]
[2010/02/12 19:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\k88tyz8v.default\extensions\[email protected]
[2010/04/22 09:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\k88tyz8v.default\extensions\mablu@jperryextens(2).ion
[2010/03/20 20:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\k88tyz8v.default\extensions\personas@christopher(2).beard
[2010/04/22 09:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\k88tyz8v.default\extensions\personas@christopher(3).beard
[2010/04/23 20:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\k88tyz8v.default\extensions\[email protected]
[2010/03/21 17:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\k88tyz8v.default\extensions\[email protected]
[2009/01/09 17:47:57 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\k88tyz8v.default\searchplugins\yahoo-search.xml
[2010/04/23 21:04:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/07/02 05:22:26 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2008/07/02 05:22:32 | 000,125,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2008/07/02 05:24:58 | 000,046,408 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
[2009/09/24 10:51:46 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2008/07/02 05:22:50 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
O1 HOSTS File: ([2010/01/27 16:28:42 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {67de242b-710e-4431-a246-8a2ba7a9a707} - File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe File not found
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found
O4 - HKCU..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe (iXi Tools)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr .exe (Microsoft Corporation)
O4 - HKCU..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe File not found
O4 - HKCU..\Run: [smss32.exe] C:\WINDOWS\System32\smss32.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\FRYS\FR-300USB revA\wirelesscm.exe (FRYS Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (jizasise.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\yemikome.dll) - C:\WINDOWS\System32\yemikome.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\nomifeyi.dll) - C:\WINDOWS\System32\nomifeyi.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\judopuje.dll) - C:\WINDOWS\System32\judopuje.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\winusime.dll) - C:\WINDOWS\System32\winusime.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\wuziviba.dll) - C:\WINDOWS\System32\wuziviba.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\goyevayo.dll) - C:\WINDOWS\System32\goyevayo.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\boyokoso.dll) - C:\WINDOWS\System32\boyokoso.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\wopoyobe.dll) - C:\WINDOWS\System32\wopoyobe.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Malwarebytes Corporation )
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: nadelipob - {01ac0cd8-831f-46d8-836e-21241060b97f} - C:\WINDOWS\System32\sotugulu.dll File not found
O21 - SSODL: tepesitus - {22803a2d-b608-4d51-967b-43a6f78f284b} - CLSID or File not found.
O22 - SharedTaskScheduler: {01ac0cd8-831f-46d8-836e-21241060b97f} - tokatiluy - C:\WINDOWS\System32\sotugulu.dll File not found
O24 - Desktop Components:0 () - http://img443.imageshack.us/img443/7622/1183070899231it8.jpg
O24 - Desktop Components:1 () - http://s.deviantart.com/styles/blank.png
O24 - Desktop Components:2 () - http://www.cnw.com/~josh/icons/trogdor.gif
O24 - Desktop Components:3 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Desktop Background.bmp
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MsMpEng.exe: Debugger - C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msseces.exe: Debugger - C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (EM\) - File not found
O30 - LSA: Security Packages - (.ACE\CORE-STATI) - File not found
O30 - LSA: Security Packages - (settings..) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/01 22:51:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - E:\autorun.inf.aug.8 -- [ FAT32 ]
O32 - AutoRun File - [2005/05/23 23:50:31 | 000,191,610 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/05/01 22:50:33 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)
[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]
[2010/04/24 17:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2010/04/24 07:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/24 07:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/24 07:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/24 07:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/24 06:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/23 22:52:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/23 22:52:51 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/23 20:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\D-Link
[2010/04/23 08:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/23 07:10:00 | 000,163,329 | ---- | C] (Villlys Inc.) -- C:\WINDOWS\System32\18467.exe
[2010/04/23 07:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/04/23 06:28:56 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/04/23 06:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\Securityessentials2010
[2010/04/23 04:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/04/22 18:45:18 | 001,038,856 | ---- | C] (ADC ltd.) -- C:\Program Files\wpp.exe
[2010/04/22 14:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/04/22 14:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/22 11:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/22 06:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/20 15:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\scdata
[2010/04/15 00:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FRYS
[2010/04/15 00:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\FRYS
[2010/04/15 00:25:52 | 000,588,032 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\RTL8192su.sys
[2010/04/15 00:25:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\pcidevice
[2010/04/11 22:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\My Documents\My Received Files
[2010/04/11 22:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal Viewer
[2010/04/10 12:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Tracing
[2010/04/10 12:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/04/10 12:46:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/04/10 12:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/04/10 12:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/04/10 12:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/04/08 13:41:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Desktop\no$gba-w.2.6a
[2010/04/04 16:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\My Documents\My Drivers
[2010/04/04 16:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\Innovative Solutions
[2010/04/04 16:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/04/03 13:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Desktop\Gang garrison Stuff
[2010/04/03 10:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/02 16:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/02 16:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\SUPERAntiSpyware.com
[2010/04/02 16:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/02 16:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Malwarebytes
[2010/04/02 16:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/02 16:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/27 16:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\uTorrent
[2010/03/27 07:00:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Ulead Systems
[2010/03/27 06:59:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Softwrap
[2010/03/27 06:59:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Fonts
[2010/03/27 06:59:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Config
[2010/03/27 06:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/03/27 06:58:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Noslip
[2010/03/21 17:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2010/03/21 11:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\PeaZip
[2010/03/20 19:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/03/20 08:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Desktop\4749 - Pokemon SoulSilver (U)(Xenophobia)
[2010/03/20 08:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\WinRAR
[2010/03/20 08:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/03/20 08:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\My Documents\My Flash
[2010/03/20 08:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\ConvexSoft
[2010/03/19 08:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/03/06 21:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\My Documents\Electronic Arts
[2010/03/02 20:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\dwhelper
[2010/03/02 18:20:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Image Zone Express
[2010/03/02 18:20:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\My Documents\My Scans
[2010/02/24 20:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\Temp
[2010/02/13 22:01:04 | 000,130,432 | R--- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtnicxp.sys
[2010/02/13 18:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\ATI
[2010/02/13 18:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\ATI
[2010/02/13 17:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/02/13 17:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010/02/13 16:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/02/13 16:04:04 | 000,000,000 | ---D | C] -- C:\ATI
[2010/02/13 15:55:45 | 000,000,000 | ---D | C] -- C:\Intel Desktop Board
[2010/02/13 15:48:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~0
[2010/02/13 15:48:50 | 000,000,000 | ---D | C] -- C:\Program Files\iXi Tools
[2010/02/13 13:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\My Documents\Bioshock
[2010/02/13 13:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Bioshock
[2010/02/13 13:38:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Andrew\Application Data\SecuROM
[2010/02/13 03:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/12 23:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\HP
[2010/02/12 15:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Artifact Pics 11.24.09 Cabins B and J
[2010/02/12 15:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Cowell Exc Pics
[2010/02/12 15:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Cabin B.Dos Milagres Medallion Exc 11.7.09
[2010/02/12 15:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Cabin A Exterior Photos
[2010/02/12 14:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Braid
[2010/02/12 13:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Real
[2010/02/11 17:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/01/30 13:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2010/01/27 00:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/01/25 10:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[7 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[44 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]
[2010/04/24 18:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2010/04/24 18:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/04/24 18:00:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/04/24 18:00:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/04/24 18:00:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At235.job
[2010/04/24 18:00:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At211.job
[2010/04/24 18:00:10 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At187.job
[2010/04/24 18:00:10 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At163.job
[2010/04/24 18:00:10 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At139.job
[2010/04/24 18:00:10 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At115.job
[2010/04/24 18:00:03 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\xrotcvdp.job
[2010/04/24 17:50:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/24 17:43:54 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/04/24 17:43:48 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/24 17:43:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/24 17:43:36 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1604221776-682003330-1005.job
[2010/04/24 17:43:35 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1604221776-682003330-1004.job
[2010/04/24 17:43:35 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1604221776-682003330-1003.job
[2010/04/24 17:43:34 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1604221776-682003330-1006.job
[2010/04/24 17:43:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/24 17:43:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/24 17:41:55 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\Andrew\ntuser.dat
[2010/04/24 17:41:55 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Andrew\ntuser.ini
[2010/04/24 17:01:03 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\20MRPY.dat
[2010/04/24 17:00:58 | 000,065,540 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QU714bq0.exe
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At240.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At239.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At238.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At237.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At236.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At234.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At233.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At232.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At231.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At230.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At229.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At228.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At227.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At226.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At225.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At224.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At223.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At222.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At221.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At220.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At219.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At218.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At217.job
[2010/04/24 12:35:56 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/04/24 12:35:56 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/04/24 12:35:56 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At205.job
[2010/04/24 12:35:56 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At181.job
[2010/04/24 12:35:56 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At157.job
[2010/04/24 12:35:56 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At133.job
[2010/04/24 12:22:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At109.job
[2010/04/24 12:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2010/04/24 12:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/04/24 11:35:45 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/04/24 11:34:45 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At180.job
[2010/04/24 11:34:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At204.job
[2010/04/24 11:34:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/04/24 11:28:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At156.job
[2010/04/24 11:24:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At132.job
[2010/04/24 11:22:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At108.job
[2010/04/24 11:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2010/04/24 11:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At216.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At215.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At214.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At213.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At212.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At210.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At209.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At208.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At207.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At206.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At203.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At202.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At201.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At200.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At199.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At198.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At197.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At196.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At195.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At194.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At193.job
[2010/04/24 10:33:46 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1604221776-682003330-1005.job
[2010/04/24 10:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2010/04/24 10:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/04/24 10:02:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At131.job
[2010/04/24 10:01:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At179.job
[2010/04/24 10:01:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At107.job
[2010/04/24 10:01:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At155.job
[2010/04/24 10:01:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/04/24 10:01:09 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/04/24 09:58:54 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/24 09:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2010/04/24 09:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/04/24 09:00:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/04/24 09:00:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/04/24 09:00:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At178.job
[2010/04/24 09:00:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At154.job
[2010/04/24 09:00:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At130.job
[2010/04/24 09:00:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At106.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At192.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At191.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At190.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At189.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At188.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At186.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At185.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At184.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At183.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At182.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At177.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At176.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At175.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At174.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At173.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At172.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At171.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At170.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At169.job
[2010/04/24 08:48:31 | 005,365,464 | -H-- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\IconCache.db
[2010/04/24 08:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/04/24 08:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2010/04/24 08:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/04/24 08:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/04/24 08:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At153.job
[2010/04/24 08:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At129.job
[2010/04/24 08:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At105.job
[2010/04/24 07:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2010/04/24 07:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/04/24 07:00:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/04/24 07:00:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/04/24 07:00:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At152.job
[2010/04/24 07:00:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At128.job
[2010/04/24 07:00:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At104.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At168.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At167.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At166.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At165.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At164.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At162.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At161.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At160.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At159.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At158.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At151.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At150.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At149.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At148.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At147.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At146.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At145.job
[2010/04/24 00:24:55 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1604221776-682003330-1003.job
[2010/04/24 00:20:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/04/24 00:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2010/04/24 00:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/04/23 23:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2010/04/23 23:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/04/23 23:00:09 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/04/23 23:00:09 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/04/23 23:00:09 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At144.job
[2010/04/23 23:00:09 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At120.job
[2010/04/23 22:58:43 | 000,014,172 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0D2HvP
[2010/04/23 22:58:42 | 000,014,172 | -HS- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\0D2HvP
[2010/04/23 22:52:56 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At143.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At142.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At141.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At140.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At138.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At137.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At136.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At135.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At134.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At127.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At126.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At125.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At124.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At123.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At122.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At121.job
[2010/04/23 22:48:34 | 000,014,176 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\681650596
[2010/04/23 22:48:33 | 000,014,176 | -HS- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\681650596
[2010/04/23 22:32:20 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1604221776-682003330-1006.job
[2010/04/23 22:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2010/04/23 22:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/04/23 22:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/04/23 22:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/04/23 22:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At119.job
[2010/04/23 21:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2010/04/23 21:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At118.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At117.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At114.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At113.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At112.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At110.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At103.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At102.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At101.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
[2010/04/23 20:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2010/04/23 20:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/04/23 20:03:27 | 000,508,290 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/23 20:03:27 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/23 20:03:27 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/23 19:48:39 | 000,222,208 | -HS- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\ave.exe
[2010/04/23 19:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2010/04/23 19:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/04/23 19:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/04/23 19:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/04/23 18:39:39 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2010/04/23 17:53:08 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\fuyugosu
[2010/04/23 17:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/04/23 17:00:21 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/04/23 17:00:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/04/23 07:10:06 | 000,075,264 | ---- | M] () -- C:\WINDOWS\System32\cbdf.sys
[2010/04/23 07:10:03 | 000,163,329 | ---- | M] (Villlys Inc.) -- C:\WINDOWS\System32\18467.exe
[2010/04/23 06:49:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010/04/23 06:49:34 | 000,004,278 | ---- | M] () -- C:\WINDOWS\System32\warnings.html
[2010/04/23 06:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/04/23 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/04/23 05:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/04/23 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/04/23 04:29:14 | 000,004,736 | ---- | M] () -- C:\WINDOWS\System32\o.sys
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/04/22 18:45:22 | 001,038,856 | ---- | M] (ADC ltd.) -- C:\Program Files\wpp.exe
[2010/04/22 13:32:19 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/22 10:17:30 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2010/04/22 10:17:30 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk
[2010/04/22 09:40:14 | 000,000,056 | ---- | M] () -- C:\Program Files\wp4.dat
[2010/04/22 09:40:14 | 000,000,002 | ---- | M] () -- C:\Program Files\wp3.dat
[2010/04/22 06:51:40 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/04/22 06:34:18 | 000,000,000 | ---- | M] () -- C:\Program Files\extra.dat
[2010/04/20 15:41:27 | 000,000,036 | ---- | M] () -- C:\Program Files\skynet.dat
[2010/04/20 12:37:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/18 03:56:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Fetch.job
[2010/04/17 19:54:45 | 000,123,078 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\bookmarks.html
[2010/04/17 19:05:46 | 000,011,090 | -HS- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\uk267W7
[2010/04/17 19:05:46 | 000,011,090 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\uk267W7
[2010/04/17 18:43:31 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1604221776-682003330-1004.job
[2010/04/16 17:49:11 | 000,113,152 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\A Figueroa recommendation letter.doc
[2010/04/16 17:48:45 | 000,073,980 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\A Figueroa recommendation letter.pdf
[2010/04/16 17:00:16 | 000,017,216 | -HS- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\B8u2j7
[2010/04/16 17:00:16 | 000,017,216 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\B8u2j7
[2010/04/11 18:11:38 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/04/11 17:20:47 | 000,166,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/11 16:50:59 | 000,017,418 | -HS- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\A28k41
[2010/04/11 16:50:59 | 000,017,418 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\A28k41
[2010/04/11 16:50:14 | 000,179,712 | -HS- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\3636163650.dll
[2010/04/11 12:53:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/10 20:13:20 | 000,027,392 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/10 12:49:41 | 000,038,752 | ---- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/08 21:07:42 | 000,018,844 | -HS- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\D5utAxJ7mBs
[2010/04/08 21:07:42 | 000,018,844 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\D5utAxJ7mBs
[2010/04/08 13:45:08 | 000,018,242 | -HS- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\Ls4taj0t
[2010/04/08 13:45:08 | 000,018,242 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\Ls4taj0t
[2010/04/06 21:18:55 | 000,013,400 | -HS- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\3Yfi
[2010/04/06 21:18:55 | 000,013,400 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3Yfi
[2010/04/04 18:03:51 | 000,804,758 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2010/04/03 09:10:47 | 000,016,592 | -HS- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\XORQ
[2010/04/03 09:10:47 | 000,016,592 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\XORQ
[2010/04/02 17:19:50 | 000,001,297 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\WinXP_EXE_Fix.reg
[2010/04/02 16:19:59 | 000,014,904 | -HS- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\0S70
[2010/04/02 16:19:59 | 000,014,904 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0S70
[2010/04/02 16:07:51 | 000,000,339 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\fixme.reg
[2010/04/02 16:04:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Andrew\NOTEPAD
[2010/03/31 15:50:49 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/03/30 23:11:58 | 000,185,344 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\2009-SDW-00005 ARB Request for Reconsideration 3.doc
[2010/03/30 19:09:02 | 000,174,592 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\2009-SDW-00005 ARB Request for Reconsideration.doc
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/30 00:00:43 | 000,165,611 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\BOYD_MICHAEL_v_US_ENVIRONMENTAL_PRO_2009SDW00005_(MAR_17_2010)_121140_CADEC_SD.pdf
[2010/03/30 00:00:05 | 000,105,984 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\2009-SDW-00005 Request for Reconsideration.doc
[2010/03/29 23:59:31 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\anti-retaliation provisions is not limited to discriminatory actions that affect the terms and conditions of employment.doc
[2010/03/27 17:45:35 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/27 07:00:13 | 000,066,548 | ---- | M] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/03/27 07:00:13 | 000,017,632 | ---- | M] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/03/27 07:00:13 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw
[2010/03/20 20:08:19 | 000,013,964 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hkc0anuhUQr
[2010/03/20 20:08:18 | 000,013,964 | -HS- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\hkc0anuhUQr
[2010/03/19 08:47:40 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/03/19 08:45:51 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/03/09 22:02:27 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PreTrial Request to Discuss Settlement.doc
[2010/03/09 17:52:34 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\2009 SDW 00005 Boyd v USEPA Index of Exhibits.doc
[2010/03/09 17:51:48 | 000,168,960 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PreTrial Statement of Complainant-final 1.doc
[2010/03/09 17:30:55 | 000,168,960 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PreTrial Statement of Complainant-final.doc
[2010/02/13 22:19:23 | 000,001,600 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Team Fortress 2 Dedicated Server.lnk
[2010/02/13 16:23:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2010/02/13 14:56:31 | 000,001,616 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Team Fortress 2.lnk
[2010/02/12 14:40:23 | 000,001,560 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Braid Demo.lnk
[7 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[44 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\fuyugosu
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At240.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At239.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At238.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At237.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At236.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At235.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At234.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At233.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At232.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At231.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At230.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At229.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At228.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At227.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At226.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At225.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At224.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At223.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At222.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At221.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At220.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At219.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At218.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At217.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At216.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At215.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At214.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At213.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At212.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At211.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At210.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At209.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At208.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At207.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At206.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At205.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At204.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At203.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At202.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At201.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At200.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At199.job
[2010/04/24 10:55:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At198.job
[2010/04/24 10:55:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At197.job
[2010/04/24 10:55:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At196.job
[2010/04/24 10:55:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At195.job
[2010/04/24 10:55:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At194.job
[2010/04/24 10:55:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At193.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At192.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At191.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At190.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At189.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At188.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At187.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At186.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At185.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At184.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At183.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At182.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At181.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At180.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At179.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At178.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At177.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At176.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At175.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At174.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At173.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At172.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At171.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At170.job
[2010/04/24 08:53:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At169.job
[2010/04/24 07:12:31 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At168.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At167.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At166.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At165.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At164.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At163.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At162.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At161.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At160.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At159.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At158.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At157.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At156.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At155.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At154.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At153.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At152.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At151.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At150.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At149.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At148.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At147.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At146.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At145.job
[2010/04/23 22:52:56 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/23 22:51:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At144.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At143.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At142.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At141.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At140.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At139.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At138.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At137.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At136.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At135.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At134.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At133.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At132.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At131.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At130.job
[2010/04/23 22:51:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At129.job
[2010/04/23 22:51:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At128.job
[2010/04/23 22:51:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At127.job
[2010/04/23 22:51:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At126.job
[2010/04/23 22:51:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At125.job
[2010/04/23 22:51:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At124.job
[2010/04/23 22:51:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At123.job
[2010/04/23 22:51:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At122.job
[2010/04/23 22:51:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At121.job
[2010/04/23 22:48:33 | 000,014,176 | -HS- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\681650596
[2010/04/23 22:48:33 | 000,014,176 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\681650596
[2010/04/23 22:32:21 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1604221776-682003330-1006.job
[2010/04/23 22:32:20 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1604221776-682003330-1006.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At99.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At98.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At97.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At120.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At119.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At118.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At117.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At116.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At115.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At114.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At113.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At112.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At111.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At110.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At109.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At108.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At107.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At106.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At105.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At104.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At103.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At102.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At101.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At100.job
[2010/04/23 19:48:40 | 000,014,172 | -HS- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\0D2HvP
[2010/04/23 19:48:40 | 000,014,172 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0D2HvP
[2010/04/23 19:48:39 | 000,222,208 | -HS- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\ave.exe
[2010/04/23 18:16:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2010/04/23 18:16:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2010/04/23 18:16:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2010/04/23 18:16:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2010/04/23 18:16:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2010/04/23 18:16:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2010/04/23 18:16:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2010/04/23 18:16:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2010/04/23 18:16:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2010/04/23 18:16:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2010/04/23 18:16:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2010/04/23 18:16:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2010/04/23 18:16:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2010/04/23 18:16:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2010/04/23 18:16:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2010/04/23 18:16:21 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2010/04/23 18:16:21 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2010/04/23 18:16:21 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2010/04/23 18:16:21 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2010/04/23 18:16:21 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2010/04/23 18:16:21 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2010/04/23 18:16:21 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2010/04/23 18:16:21 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2010/04/23 18:16:21 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2010/04/23 16:44:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/04/23 16:44:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/04/23 16:44:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/04/23 16:44:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/04/23 16:44:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/04/23 16:44:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/04/23 16:44:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/04/23 16:44:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/04/23 16:44:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/04/23 16:44:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/04/23 16:44:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/04/23 16:44:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/04/23 16:44:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/04/23 16:44:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/04/23 16:44:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/04/23 16:44:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/04/23 16:44:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/04/23 16:44:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/04/23 16:44:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/04/23 16:44:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/04/23 16:44:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/04/23 16:44:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/04/23 16:44:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/04/23 16:44:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/04/23 07:00:51 | 000,072,206 | ---- | C] () -- C:\WINDOWS\Fonts\eSrnu0M.exe_
[2010/04/23 06:42:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010/04/23 04:29:14 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\o.sys
[2010/04/23 04:28:33 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\20MRPY.dat
[2010/04/23 04:28:28 | 000,065,540 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QU714bq0.exe
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/04/23 04:28:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/04/23 04:26:38 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\cbdf.sys
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/04/23 04:26:10 | 000,004,278 | ---- | C] () -- C:\WINDOWS\System32\warnings.html
[2010/04/22 10:17:30 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2010/04/22 10:17:30 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk
[2010/04/22 10:17:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wlndis50.sys
[2010/04/22 10:17:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2010/04/22 10:17:23 | 000,010,667 | ---- | C] () -- C:\WINDOWS\System32\wlndis50.cat
[2010/04/22 10:17:23 | 000,001,593 | ---- | C] () -- C:\WINDOWS\System32\wlndis50.inf
[2010/04/22 06:34:18 | 000,000,000 | ---- | C] () -- C:\Program Files\extra.dat
[2010/04/20 15:41:27 | 000,000,056 | ---- | C] () -- C:\Program Files\wp4.dat
[2010/04/20 15:41:27 | 000,000,036 | ---- | C] () -- C:\Program Files\skynet.dat
[2010/04/20 15:41:27 | 000,000,002 | ---- | C] () -- C:\Program Files\wp3.dat
[2010/04/20 07:36:33 | 005,242,880 | ---- | C] () -- C:\Documents and Settings\Andrew\ntuser.dat
[2010/04/17 19:54:44 | 000,123,078 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\bookmarks.html
[2010/04/17 19:03:24 | 000,011,090 | -HS- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\uk267W7
[2010/04/17 19:03:24 | 000,011,090 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\uk267W7
[2010/04/17 18:43:32 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1604221776-682003330-1004.job
[2010/04/17 18:43:31 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1604221776-682003330-1004.job
[2010/04/16 17:48:44 | 000,073,980 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\A Figueroa recommendation letter.pdf
[2010/04/16 17:01:50 | 000,113,152 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\A Figueroa recommendation letter.doc
[2010/04/16 16:52:11 | 000,017,216 | -HS- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\B8u2j7
[2010/04/16 16:52:11 | 000,017,216 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\B8u2j7
[2010/04/11 16:49:09 | 000,179,712 | -HS- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\3636163650.dll
[2010/04/11 16:48:44 | 000,017,418 | -HS- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\A28k41
[2010/04/11 16:48:44 | 000,017,418 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\A28k41
[2010/04/08 21:05:33 | 000,018,844 | -HS- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\D5utAxJ7mBs
[2010/04/08 21:05:33 | 000,018,844 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\D5utAxJ7mBs
[2010/04/08 13:42:54 | 000,018,242 | -HS- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\Ls4taj0t
[2010/04/08 13:42:54 | 000,018,242 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Ls4taj0t
[2010/04/06 21:16:54 | 000,013,400 | -HS- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\3Yfi
[2010/04/06 21:16:54 | 000,013,400 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3Yfi
[2010/04/04 18:02:57 | 000,804,758 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2010/04/04 15:42:44 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\Driver Fetch.job
[2010/04/03 09:08:40 | 000,016,592 | -HS- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\XORQ
[2010/04/03 09:08:40 | 000,016,592 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\XORQ
[2010/04/02 17:19:49 | 000,001,297 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\WinXP_EXE_Fix.reg
[2010/04/02 16:05:39 | 000,000,339 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\fixme.reg
[2010/04/02 16:02:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Andrew\NOTEPAD
[2010/04/01 06:02:24 | 000,014,904 | -HS- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\0S70
[2010/04/01 06:02:24 | 000,014,904 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0S70
[2010/03/30 23:11:57 | 000,185,344 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\2009-SDW-00005 ARB Request for Reconsideration 3.doc
[2010/03/30 12:48:24 | 000,174,592 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\2009-SDW-00005 ARB Request for Reconsideration.doc
[2010/03/30 00:00:43 | 000,165,611 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\BOYD_MICHAEL_v_US_ENVIRONMENTAL_PRO_2009SDW00005_(MAR_17_2010)_121140_CADEC_SD.pdf
[2010/03/30 00:00:03 | 000,105,984 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\2009-SDW-00005 Request for Reconsideration.doc
[2010/03/29 23:59:28 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\anti-retaliation provisions is not limited to discriminatory actions that affect the terms and conditions of employment.doc
[2010/03/29 02:06:27 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\xrotcvdp.job
[2010/03/27 17:45:35 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/27 06:59:53 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Global.sw
[2010/03/20 19:45:45 | 000,013,964 | -HS- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\hkc0anuhUQr
[2010/03/20 19:45:45 | 000,013,964 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hkc0anuhUQr
[2010/03/19 23:58:28 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1604221776-682003330-1005.job
[2010/03/19 23:58:28 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1604221776-682003330-1005.job
[2010/03/19 08:47:43 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1604221776-682003330-1003.job
[2010/03/19 08:47:43 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1604221776-682003330-1003.job
[2010/03/19 08:47:40 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/03/09 22:02:22 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\PreTrial Request to Discuss Settlement.doc
[2010/03/09 17:51:43 | 000,168,960 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\PreTrial Statement of Complainant-final 1.doc
[2010/03/09 17:33:54 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\2009 SDW 00005 Boyd v USEPA Index of Exhibits.doc
[2010/03/09 16:57:34 | 000,168,960 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\PreTrial Statement of Complainant-final.doc
[2010/02/13 22:19:23 | 000,001,600 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\Team Fortress 2 Dedicated Server.lnk
[2010/02/13 22:01:04 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/02/13 16:23:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/02/13 14:56:31 | 000,001,616 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\Team Fortress 2.lnk
[2010/02/12 14:40:23 | 000,001,560 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\Braid Demo.lnk
[2010/02/11 17:45:42 | 000,002,207 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/09/11 18:23:40 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/09/11 18:23:19 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/09/11 16:46:06 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/08/23 14:40:06 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2009/08/23 14:40:05 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2009/08/23 14:32:05 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/08/30 18:27:33 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/08/02 20:38:50 | 000,000,085 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2007/05/10 19:49:53 | 000,000,784 | ---- | C] () -- C:\WINDOWS\TTutor7.ini
[2007/05/10 19:39:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007/05/03 19:36:25 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/05/03 19:36:18 | 000,004,200 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/05/01 23:03:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/14 16:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2001/09/18 12:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\bmpproc.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[color=#E56717]========== LOP Check ==========[/color]
[2010/04/23 20:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\D-Link
[2010/04/04 18:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2008/07/10 21:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/04/15 00:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FRYS
[2007/09/26 20:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap
[2010/04/04 16:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2009/04/06 06:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\N1
[2009/01/03 18:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/04/23 18:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/03 13:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/07/10 21:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/11/11 13:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/01/30 13:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2010/04/24 07:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/10 14:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/04/04 17:54:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2010/02/13 13:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Bioshock
[2010/02/12 14:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Braid
[2010/03/02 18:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Image Zone Express
[2010/03/21 12:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\PeaZip
[2010/03/27 07:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Ulead Systems
[2009/02/15 17:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Uniblue
[2010/04/03 13:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\uTorrent
[2010/04/24 00:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/04/24 09:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At100.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At101.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At102.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At103.job
[2010/04/24 07:00:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At104.job
[2010/04/24 08:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At105.job
[2010/04/24 09:00:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At106.job
[2010/04/24 10:01:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At107.job
[2010/04/24 11:22:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At108.job
[2010/04/24 12:22:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At109.job
[2010/04/24 10:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At110.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At111.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At112.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At113.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At114.job
[2010/04/24 18:00:10 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At115.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At116.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At117.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At118.job
[2010/04/23 22:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At119.job
[2010/04/24 11:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/04/23 23:00:09 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At120.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At121.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At122.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At123.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At124.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At125.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At126.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At127.job
[2010/04/24 07:00:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At128.job
[2010/04/24 08:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At129.job
[2010/04/24 12:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/04/24 09:00:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At130.job
[2010/04/24 10:02:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At131.job
[2010/04/24 11:24:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At132.job
[2010/04/24 12:35:56 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At133.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At134.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At135.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At136.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At137.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At138.job
[2010/04/24 18:00:10 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At139.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At140.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At141.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At142.job
[2010/04/23 22:51:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At143.job
[2010/04/23 23:00:09 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At144.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At145.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At146.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At147.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At148.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At149.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At150.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At151.job
[2010/04/24 07:00:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At152.job
[2010/04/24 08:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At153.job
[2010/04/24 09:00:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At154.job
[2010/04/24 10:01:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At155.job
[2010/04/24 11:28:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At156.job
[2010/04/24 12:35:56 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At157.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At158.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At159.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At160.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At161.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At162.job
[2010/04/24 18:00:10 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At163.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At164.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At165.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At166.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At167.job
[2010/04/24 06:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At168.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At169.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At170.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At171.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At172.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At173.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At174.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At175.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At176.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At177.job
[2010/04/24 09:00:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At178.job
[2010/04/24 10:01:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At179.job
[2010/04/23 17:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/04/24 11:34:45 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At180.job
[2010/04/24 12:35:56 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At181.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At182.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At183.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At184.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At185.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At186.job
[2010/04/24 18:00:10 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At187.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At188.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At189.job
[2010/04/24 18:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At190.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At191.job
[2010/04/24 08:53:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At192.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At193.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At194.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At195.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At196.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At197.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At198.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At199.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/04/23 19:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At200.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At201.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At202.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At203.job
[2010/04/24 11:34:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At204.job
[2010/04/24 12:35:56 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At205.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At206.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At207.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At208.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At209.job
[2010/04/23 20:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At210.job
[2010/04/24 18:00:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At211.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At212.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At213.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At214.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At215.job
[2010/04/24 10:55:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At216.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At217.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At218.job
[2010/04/24 12:57:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At219.job
[2010/04/23 21:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At220.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At221.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At222.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At223.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At224.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At225.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At226.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At227.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At228.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At229.job
[2010/04/23 22:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At230.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At231.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At232.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At233.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At234.job
[2010/04/24 18:00:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At235.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At236.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At237.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At238.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At239.job
[2010/04/23 23:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/04/24 12:57:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At240.job
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/04/23 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/04/23 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/04/24 07:00:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/04/24 08:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/04/24 09:00:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/04/24 10:01:09 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/04/24 11:35:45 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/04/24 12:35:56 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/04/23 17:00:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/04/24 18:00:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/04/23 19:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/04/23 04:28:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/04/23 22:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/04/23 23:00:09 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/04/24 00:20:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2010/04/23 04:26:22 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2010/04/24 07:00:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2010/04/24 08:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2010/04/24 09:00:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2010/04/24 10:01:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2010/04/23 05:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/04/24 11:34:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2010/04/24 12:35:56 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2010/04/23 17:00:21 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2010/04/24 18:00:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2010/04/23 19:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2010/04/23 06:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/04/23 16:44:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2010/04/23 22:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2010/04/23 23:00:09 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2010/04/24 00:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At73.job
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At74.job
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At75.job
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At76.job
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At77.job
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At78.job
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At79.job
[2010/04/24 07:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/04/24 07:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At80.job
[2010/04/24 08:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At81.job
[2010/04/24 09:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At82.job
[2010/04/24 10:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At83.job
[2010/04/24 11:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At84.job
[2010/04/24 12:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At85.job
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At86.job
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At87.job
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At88.job
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At89.job
[2010/04/24 08:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/04/23 18:16:23 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At90.job
[2010/04/24 18:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At91.job
[2010/04/23 19:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At92.job
[2010/04/23 20:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At93.job
[2010/04/23 21:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At94.job
[2010/04/23 22:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At95.job
[2010/04/23 23:10:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At96.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At97.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At98.job
[2010/04/23 20:11:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At99.job
[2010/04/18 03:56:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Fetch.job
[2010/04/24 17:43:54 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
[2010/04/24 18:00:03 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\xrotcvdp.job
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/21 13:03:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/21 13:03:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/21 13:03:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/21 13:03:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2010/04/23 22:47:35 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2009/09/29 19:20:58 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ATIDEMGX.dll
[44 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2007/05/01 19:28:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/05/01 19:28:24 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/05/01 19:28:24 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /90 >[/color]
[2010/04/22 10:18:08 | 000,021,361 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\AegisP.sys
[2010/04/23 22:47:35 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/04/23 05:44:47 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouclass.sys
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
#4
Posted 25 April 2010 - 08:29 AM
andrewuk
-
- Malware Removal
-
- 5,297 posts
Trusted Helper
no need to put the replies in codeboxes, just copy and paste them in. thanks.
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingc...to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please include the C:\ComboFix.txt in your next reply for further review.
also:
We will run OTL , but go for a shortened log.
andrewuk
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingc...to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please include the C:\ComboFix.txt in your next reply for further review.
also:
We will run OTL , but go for a shortened log.
- Close all windows and open it by double clicking on the icon
- we are targetting a selective output, hence:
- on the left hand side, in the box titled "Processes" select none
- on the left hand side, in the box titled "Drivers" select none
- on the left hand side, in the box titled "Extra Registry" select none
- on the right hand side, in the box titled "Files created within" select none
- on the right hand side, in the box titled "Files modified within" select none
- >>>> so, you should only have "Services", "Standard Registry" and "Modules" selected for Use Safelist
- tick both the boxes marked Purity check and Lop check
- Click Run Scan and let the program run uninterrupted
- It will produce one log for you called OTL.txt. Please post that log here in reply.
- You may need to use two posts to get it all on the forum
andrewuk
#5
Posted 29 April 2010 - 07:18 AM
andrewuk
-
- Malware Removal
-
- 5,297 posts
Trusted Helper
still with us?
#6
Posted 02 May 2010 - 09:20 AM
andrewuk
-
- Malware Removal
-
- 5,297 posts
Trusted Helper
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
