This topic is locked
I have run keperski, malwarebytes and cc cleaner. ad-aware is running now.
This AM I had 25 mshta.exe running in task mgr. I check from time to time and will find one or 2 running.
A couple of weeks ago I had the thinkpoint virus(malware) and tdss and a couple of other trojans. I think all are dead now, but the dreaded mshta.exe won't go away.
I fooled around with trying to port forward a DVR that has 4 cameras in the shop so I could remoteley view my shop. Seems some things started after this adventure.
Thank you very much for your help on this matter.
Terry
Below is the OTL that I ran.
OTL logfile created on: 12/1/2010 7:46:27 AM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Terry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 186.53 Gb Free Space | 80.09% Space Free | Partition Type: NTFS
Computer Name: TERRY | User Name: Terry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2010/11/30 13:56:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terry\Desktop\OTL.exe
PRC - [2010/11/24 10:29:21 | 001,375,992 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/11/24 10:29:21 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/21 15:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/11/08 08:59:50 | 001,053,184 | ---- | M] (Codeode) -- C:\Program Files\Cactus Spam Filter 3.00\cactusspamfilter.exe
PRC - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 18:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/08 01:11:48 | 000,196,608 | ---- | M] (Corel Corporation) -- C:\Program Files\Corel\CorelDRAW Graphics Suite 13\Programs\CorelDRW.exe
PRC - [2003/12/30 11:20:06 | 000,712,704 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
PRC - [2003/12/22 10:06:40 | 000,110,592 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\ScanSnap\PfuSsSct.exe
========== Modules (SafeList) ==========
MOD - [2010/11/30 13:56:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terry\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/24 10:29:21 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/21 15:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\CDriver.sys -- (MSICDSetup)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - [2010/11/24 10:29:24 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/11/24 10:29:23 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/09/23 01:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/12/03 07:22:04 | 006,021,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/11/17 17:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 17:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/30 05:49:56 | 000,176,768 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/13 10:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/12/17 00:02:08 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 00:01:44 | 006,364,440 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2008/12/17 00:01:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 00:00:14 | 000,768,024 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 20:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/10/17 11:51:16 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/10/17 11:51:16 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/18 21:32:12 | 005,854,688 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2005/03/02 11:13:50 | 000,053,344 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Running] -- C:\Program Files\Cutting Master 2 1.20\Program\Par1284.sys -- (Par1284)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...earch&AF=14542"
FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://search.babylo.../home?AF=14542"
FF - prefs.js..keyword.URL: "http://search.fresh-...10101069100&s="
FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.fresh-...10101069100&s="
FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/10/20 21:46:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/09 10:54:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/04/06 13:10:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/06/16 22:35:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Omnis Firefox\extensions\\Plugins: C:\webclient [2010/02/05 12:56:36 | 000,000,000 | ---D | M]
[2010/05/24 10:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Mozilla\Extensions
[2010/05/24 10:30:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Terry\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/12/17 23:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Mozilla\Extensions\[email protected]
[2010/11/24 09:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\e6e6zdq8.default\extensions
[2010/11/09 13:53:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\e6e6zdq8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/16 19:08:03 | 000,000,000 | ---D | M] (Babylon-English Toolbar) -- C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\e6e6zdq8.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
[2010/04/06 13:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Mozilla\Sunbird\Profiles\0bql48gr.default\extensions
[2010/05/26 15:18:50 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\e6e6zdq8.default\searchplugins\askcom.xml
[2010/11/10 06:56:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/16 19:08:01 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/11/11 10:06:20 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
[2010/11/08 05:17:56 | 000,002,212 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml
Hosts file not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [PfuSsSct.exe] C:\Program Files\PFU\ScanSnap\PfuSsSct.exe (PFU LIMITED)
O4 - HKCU..\Run: [com.codeode.cactusspamfilter] C:\Program Files\Cactus Spam Filter 3.00\cactusspamfilter.exe (Codeode)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk = C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} http://192.168.1.102/DvrOcx.cab (DvrOcx Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/16 14:40:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3c7d8694-7ebf-11de-a1d6-001d92e61058}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O33 - MountPoints2\{c2be0eb0-eb38-11de-a223-001d92e61058}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/11/30 13:56:48 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Terry\Desktop\OTL.exe
[2010/11/30 07:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PLAV
[2010/11/30 07:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2010/11/30 04:57:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/11/29 11:34:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Terry\Recent
[2010/11/29 10:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Application Data\Uniblue
[2010/11/29 10:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Local Settings\Application Data\PackageAware
[2010/11/29 06:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Application Data\Fujitsu
[2010/11/29 06:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\My Documents\Work Orders
[2010/11/29 06:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Application Data\PFU
[2010/11/29 06:27:07 | 000,077,824 | ---- | C] (PFU LIMITED) -- C:\WINDOWS\System32\PfuSsUsd.dll
[2010/11/29 06:27:06 | 000,049,415 | ---- | C] (PFU) -- C:\WINDOWS\System32\Fjmcusb.dll
[2010/11/29 06:27:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SSDriver
[2010/11/29 06:27:04 | 000,069,632 | ---- | C] (PFU LIMITED) -- C:\WINDOWS\System32\distortion.dll
[2010/11/29 06:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\PFU
[2010/11/24 14:14:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/24 14:14:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/24 14:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/24 14:14:31 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Terry\Desktop\mbam-setup-1.46.exe
[2010/11/24 13:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Desktop\tdsskiller
[2010/11/24 10:29:36 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/11/24 10:09:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Local Settings\Application Data\Sunbelt Software
[2010/11/24 10:09:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/11/24 10:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/11/24 10:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/11/24 10:07:02 | 133,432,520 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Terry\Desktop\Ad-AwareInstall.exe
[2010/11/24 09:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Desktop\backups
[2010/11/23 15:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Desktop\Stuff I might need
[2010/11/23 00:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Desktop\web cam
[2010/11/22 16:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\PFConfig
[2010/11/22 13:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Application Data\PFStaticIP
[2010/11/16 14:47:39 | 000,000,000 | ---D | C] -- C:\ErdUndoCache
[2010/11/15 10:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Desktop\pnd fleece orders
[2010/11/12 11:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Application Data\AVG10
[2010/11/12 11:16:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/12 11:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/12 08:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Application Data\Malwarebytes
[2010/11/12 08:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/12 08:02:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/12 08:01:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/11 15:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2010/11/11 10:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Application Data\whitesmoketoolbar
[2010/11/11 10:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\WhiteSmokeTranslator
[2010/11/11 10:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2010/11/11 10:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2010/11/11 10:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\%APPDATA%
[2010/11/10 10:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Application Data\com.codeode
[2010/11/10 10:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Cactus Spam Filter 3.00
[2010/11/10 10:29:24 | 000,713,495 | ---- | C] (Codeode.com) -- C:\Documents and Settings\Terry\Desktop\cactusspamfilter.exe
[2010/11/10 09:00:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2010/11/10 07:02:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/09 19:52:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Terry\IECompatCache
[2010/11/09 19:41:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Terry\PrivacIE
[2010/11/09 18:56:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Terry\IETldCache
[2010/11/09 18:52:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/11/09 18:52:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/11/09 15:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Local Settings\Application Data\{F63409FC-6425-4F69-A80F-237457D81B91}
[2010/11/09 15:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2010/11/09 15:04:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\mNiKb02038
[2010/11/09 14:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/11/09 10:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/11/05 10:34:16 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/05 10:34:16 | 000,027,944 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2010/11/05 10:34:06 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2010/11/05 10:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/11/05 09:01:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/11/05 06:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/11/04 23:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/11/04 19:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/04 15:55:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/11/04 14:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\cJjDp02001
[2010/11/04 14:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Desktop\2010-11 (Nov)
[2010/11/04 07:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/04 07:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/04 07:12:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/04 07:12:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/01 08:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/11/01 08:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Desktop\scanjet
[2010/11/01 08:16:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/11/01 07:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Local Settings\Application Data\HPVirtualRooms
[2008/10/16 16:48:04 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Terry\Application Data\pcouffin.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/12/01 07:45:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/12/01 07:04:16 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/12/01 07:04:10 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/12/01 07:04:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/12/01 06:04:08 | 000,002,549 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\CorelDRAW X3.lnk
[2010/12/01 05:56:34 | 000,000,040 | ---- | M] () -- C:\IpAndPort.fig
[2010/12/01 05:33:23 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/01 05:32:59 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/12/01 05:32:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/01 05:27:10 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/12/01 05:01:15 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/12/01 04:23:50 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/12/01 04:23:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/12/01 04:23:43 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/12/01 04:23:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/12/01 04:23:29 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/12/01 04:23:25 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/12/01 04:23:16 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/12/01 04:23:12 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/12/01 04:23:09 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/12/01 04:23:06 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/12/01 04:23:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/12/01 04:23:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/12/01 04:22:57 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/12/01 04:22:55 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/12/01 04:22:17 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/12/01 04:22:12 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/12/01 04:22:09 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/12/01 04:22:06 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/12/01 04:22:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/12/01 04:22:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/12/01 04:21:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/12/01 04:21:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/30 17:45:32 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/11/30 16:38:19 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/11/30 16:38:08 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/11/30 16:38:02 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/11/30 16:38:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/30 16:37:56 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/30 16:30:53 | 000,000,217 | ---- | M] () -- C:\WINDOWS\password.klc
[2010/11/30 15:08:31 | 000,580,284 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\rchs1961.pdf
[2010/11/30 14:44:06 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/30 13:56:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terry\Desktop\OTL.exe
[2010/11/30 13:45:59 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/11/30 13:05:58 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Terry\Desktop\hijackthis.exe
[2010/11/30 13:01:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/30 12:58:36 | 000,199,782 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\rchs_1961.jpg
[2010/11/30 12:32:56 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/11/30 12:32:52 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/11/30 12:11:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/30 12:04:59 | 000,122,932 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\ladies.jpg
[2010/11/30 11:47:11 | 000,130,968 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\maxdaddy.jpg
[2010/11/30 11:02:31 | 000,038,975 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\bigun.jpg
[2010/11/30 11:02:04 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/30 10:31:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/30 10:30:54 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/11/30 10:30:52 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/11/30 09:04:34 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/30 08:39:57 | 000,158,653 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\sewout_advacare.jpg
[2010/11/30 08:39:52 | 000,103,734 | ---- | M] () -- C:\WINDOWS\System32\Wshadingxx.bmp
[2010/11/30 08:39:50 | 000,043,254 | ---- | M] () -- C:\WINDOWS\System32\AdcgainDone.bmp
[2010/11/30 08:39:50 | 000,043,254 | ---- | M] () -- C:\WINDOWS\System32\AdcgainBefort.bmp
[2010/11/30 08:39:12 | 000,153,174 | ---- | M] () -- C:\WINDOWS\System32\BShadingxx.bmp
[2010/11/30 08:01:40 | 000,115,465 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/11/30 08:01:40 | 000,097,545 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/11/30 07:57:55 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/29 23:58:22 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/29 17:08:01 | 000,074,697 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\PND Fleece Order3.pdf
[2010/11/29 10:40:19 | 000,000,048 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/11/29 10:24:57 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/11/29 10:20:39 | 000,019,152 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\PND Fleece Order.3pdf.pdf
[2010/11/29 06:34:56 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/29 06:27:03 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk
[2010/11/25 01:30:02 | 000,007,500 | ---- | M] () -- C:\WINDOWS\System32\123.js
[2010/11/24 14:15:01 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/24 14:14:34 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Terry\Desktop\mbam-setup-1.46.exe
[2010/11/24 13:03:55 | 001,224,671 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\tdsskiller.zip
[2010/11/24 12:36:27 | 000,067,147 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\PND Fleece Order2.pdf
[2010/11/24 12:35:19 | 000,005,746 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\cc_20101124_123513.reg
[2010/11/24 10:29:24 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/24 10:09:06 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Terry\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/24 10:09:06 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/11/24 10:07:02 | 133,432,520 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Terry\Desktop\Ad-AwareInstall.exe
[2010/11/23 15:20:58 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\Microsoft Word.lnk
[2010/11/23 10:12:38 | 000,067,147 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\PND Fleece Order.pdf
[2010/11/22 22:22:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/11/22 22:20:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/11/22 17:38:57 | 000,917,504 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\sr-200_200_0004_nml.bin
[2010/11/22 17:27:14 | 000,727,169 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\nutcracker.jpg
[2010/11/22 16:23:59 | 003,469,528 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\PFCSetup.exe
[2010/11/22 13:45:05 | 002,360,408 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\PFPortChecker.exe
[2010/11/18 19:16:14 | 000,014,361 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\55704U1_NatCons.DST
[2010/11/18 12:43:53 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\advacare_order.xls
[2010/11/18 10:27:15 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Terry\My Documents\advacare_order.xls
[2010/11/16 11:30:02 | 000,015,308 | ---- | M] () -- C:\WINDOWS\System32\535.js
[2010/11/16 09:58:06 | 000,096,868 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\natconserv_logo.jpg
[2010/11/16 09:49:28 | 000,044,278 | ---- | M] () -- C:\WINDOWS\System32\Autoler.bmp
[2010/11/13 09:34:08 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\911_quote.xls
[2010/11/11 15:57:03 | 000,012,477 | ---- | M] () -- C:\WINDOWS\System32\234.js
[2010/11/11 15:33:32 | 000,539,772 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/11 15:33:32 | 000,108,654 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/11 10:06:13 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\Improve Your PC.lnk
[2010/11/11 08:08:09 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\Internet.lnk
[2010/11/10 12:32:16 | 000,001,404 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\wiaacmgr.exe.lnk
[2010/11/10 10:29:25 | 000,713,495 | ---- | M] (Codeode.com) -- C:\Documents and Settings\Terry\Desktop\cactusspamfilter.exe
[2010/11/10 10:07:25 | 003,082,285 | ---- | M] () -- C:\Documents and Settings\Terry\My Documents\WJF.zip
[2010/11/10 10:06:49 | 007,964,417 | ---- | M] () -- C:\Documents and Settings\Terry\My Documents\SJF.zip
[2010/11/10 07:44:09 | 001,187,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/10 07:04:13 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/09 20:19:05 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/11/09 18:56:27 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Terry\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/09 15:06:13 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Mzoha.dat
[2010/11/09 15:06:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Kdikakadiku.bin
[2010/11/09 08:36:48 | 000,372,562 | ---- | M] () -- C:\Documents and Settings\Terry\AVGInstLog.cab
[2010/11/09 06:29:49 | 000,281,600 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\QUOTE SHEET_REV8.xls
[2010/11/08 08:14:48 | 001,329,193 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\charter_oak_apparel.pdf
[2010/11/04 20:22:45 | 000,425,596 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101104-212302.backup
[2010/11/04 14:48:17 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Terry\Application Data\install
[2010/11/04 14:18:06 | 001,290,515 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\natconsearve0001.jpg
[2010/11/03 07:34:58 | 000,004,371 | ---- | M] () -- C:\WINDOWS\hpbvnstp.his
[2010/11/02 13:56:44 | 000,200,192 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\QUOTE SHEET_REV7.xls
[2010/11/01 11:23:39 | 000,001,474 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\Calculator.lnk
[2010/11/01 08:46:54 | 000,004,362 | ---- | M] () -- C:\WINDOWS\hpbvnstp.hi1
[2010/11/01 08:46:54 | 000,001,691 | ---- | M] () -- C:\WINDOWS\hpbvnstp.bu1
[2010/11/01 08:09:10 | 000,148,523 | ---- | M] () -- C:\WINDOWS\hpgins32.dat.temp
[2010/11/01 08:09:10 | 000,148,523 | ---- | M] () -- C:\WINDOWS\hpgins32.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/11/30 12:58:25 | 000,199,782 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\rchs_1961.jpg
[2010/11/30 12:48:33 | 000,580,284 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\rchs1961.pdf
[2010/11/30 12:05:18 | 000,122,932 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\ladies.jpg
[2010/11/30 12:04:51 | 000,130,968 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\maxdaddy.jpg
[2010/11/30 11:41:58 | 000,038,975 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\bigun.jpg
[2010/11/30 08:39:49 | 000,158,653 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\sewout_advacare.jpg
[2010/11/30 08:01:40 | 000,115,465 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/11/30 08:01:40 | 000,097,545 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/11/29 17:08:10 | 000,074,697 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\PND Fleece Order3.pdf
[2010/11/29 10:40:19 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/11/29 10:20:45 | 000,019,152 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\PND Fleece Order.3pdf.pdf
[2010/11/29 06:27:03 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk
[2010/11/24 14:15:01 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/24 13:03:51 | 001,224,671 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\tdsskiller.zip
[2010/11/24 12:36:35 | 000,067,147 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\PND Fleece Order2.pdf
[2010/11/24 12:35:18 | 000,005,746 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\cc_20101124_123513.reg
[2010/11/24 11:55:45 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/11/24 10:29:38 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/24 10:09:06 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Terry\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/24 10:09:06 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/11/23 10:57:02 | 000,007,500 | ---- | C] () -- C:\WINDOWS\System32\123.js
[2010/11/22 17:38:57 | 000,917,504 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\sr-200_200_0004_nml.bin
[2010/11/22 17:27:05 | 000,727,169 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\nutcracker.jpg
[2010/11/22 16:23:55 | 003,469,528 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\PFCSetup.exe
[2010/11/22 13:45:03 | 002,360,408 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\PFPortChecker.exe
[2010/11/19 12:04:26 | 000,067,147 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\PND Fleece Order.pdf
[2010/11/18 19:16:18 | 000,014,361 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\55704U1_NatCons.DST
[2010/11/18 10:30:52 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\advacare_order.xls
[2010/11/18 10:24:00 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Terry\My Documents\advacare_order.xls
[2010/11/16 11:30:02 | 000,015,308 | ---- | C] () -- C:\WINDOWS\System32\535.js
[2010/11/16 09:57:59 | 000,096,868 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\natconserv_logo.jpg
[2010/11/13 09:34:08 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\911_quote.xls
[2010/11/11 10:06:13 | 000,001,072 | ---- | C] () -- C:\WINDOWS\System32\Improve Your PC.lnk
[2010/11/11 08:08:09 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\Internet.lnk
[2010/11/10 12:31:44 | 000,001,404 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\wiaacmgr.exe.lnk
[2010/11/10 10:07:21 | 003,082,285 | ---- | C] () -- C:\Documents and Settings\Terry\My Documents\WJF.zip
[2010/11/10 10:06:39 | 007,964,417 | ---- | C] () -- C:\Documents and Settings\Terry\My Documents\SJF.zip
[2010/11/10 07:57:04 | 000,012,477 | ---- | C] () -- C:\WINDOWS\System32\234.js
[2010/11/10 07:04:13 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/09 15:04:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/11/09 15:04:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/11/09 15:04:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/11/09 15:04:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/11/09 15:04:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/11/09 15:04:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/11/09 15:04:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/11/09 15:04:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/11/09 15:04:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/11/09 15:04:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/11/09 15:04:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/11/09 15:04:06 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/11/09 15:04:06 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/11/09 15:04:06 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/11/09 15:04:06 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/11/09 15:04:06 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/11/09 15:04:06 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/11/09 15:04:06 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/11/09 15:04:06 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/11/09 15:04:06 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/11/09 15:04:06 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/11/09 15:04:06 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/11/09 15:04:06 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/11/09 15:04:06 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/11/09 08:36:48 | 000,372,562 | ---- | C] () -- C:\Documents and Settings\Terry\AVGInstLog.cab
[2010/11/08 10:35:27 | 000,281,600 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\QUOTE SHEET_REV8.xls
[2010/11/08 08:14:48 | 001,329,193 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\charter_oak_apparel.pdf
[2010/11/04 14:48:17 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Terry\Application Data\install
[2010/11/04 14:45:05 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Mzoha.dat
[2010/11/04 14:45:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kdikakadiku.bin
[2010/11/04 14:43:29 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/11/04 14:43:28 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/11/04 14:18:07 | 001,290,515 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\natconsearve0001.jpg
[2010/11/02 13:56:44 | 000,200,192 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\QUOTE SHEET_REV7.xls
[2010/11/01 08:14:04 | 000,148,523 | ---- | C] () -- C:\WINDOWS\hpgins32.dat.temp
[2010/11/01 08:14:04 | 000,000,149 | ---- | C] () -- C:\WINDOWS\hpgmdl32.dat.temp
[2010/11/01 08:08:54 | 000,148,523 | ---- | C] () -- C:\WINDOWS\hpgins32.dat
[2010/11/01 08:08:54 | 000,000,149 | ---- | C] () -- C:\WINDOWS\hpgmdl32.dat
[2010/07/17 11:40:32 | 000,020,383 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/03/08 08:52:55 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Terry\Local Settings\Application Data\fusioncache.dat
[2009/11/07 07:21:33 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/08/25 19:08:31 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf
[2009/08/25 19:07:58 | 000,000,101 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2009/06/05 14:47:46 | 000,081,110 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/04/30 16:41:14 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\CovH264ToAvi.dll
[2009/04/30 16:03:56 | 000,651,372 | ---- | C] () -- C:\WINDOWS\System32\RM_DVRNET_DLL.dll
[2009/04/13 10:46:22 | 000,229,442 | ---- | C] () -- C:\WINDOWS\System32\winpubf.dll
[2009/04/13 10:46:22 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvrfs.dll
[2009/02/28 17:59:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/02/07 17:47:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/16 20:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 20:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/12/11 11:34:15 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/12/10 19:52:43 | 000,001,136 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008/10/21 13:06:10 | 000,009,310 | ---- | C] () -- C:\Documents and Settings\Terry\Application Data\wklnhst.dat
[2008/10/17 06:22:38 | 000,000,120 | ---- | C] () -- C:\WINDOWS\WINRESAZ.INI
[2008/10/17 06:08:20 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Terry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/16 16:48:05 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Terry\Application Data\inst.exe
[2008/10/16 16:48:04 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Terry\Application Data\pcouffin.cat
[2008/10/16 16:48:04 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Terry\Application Data\pcouffin.inf
[2008/10/16 16:48:04 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Terry\Application Data\pcouffin.log
[2008/10/16 16:39:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/10/16 15:59:45 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/10/16 15:36:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/16 15:10:40 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/10/16 14:12:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/10/16 07:23:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/16 13:35:28 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/01/14 16:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/04/02 14:01:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\HPB1320V.DLL
[2002/12/10 16:18:06 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/10/28 17:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2000/02/21 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
========== LOP Check ==========
[2008/10/16 16:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/11/05 10:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/11/24 09:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/05 06:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cJjDp02001
[2010/11/12 11:16:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/23 16:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/12 10:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mNiKb02038
[2010/11/30 07:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2010/11/30 08:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PLAV
[2010/11/05 05:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/17 23:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/06/01 10:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2010/06/01 10:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/11/12 10:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2010/11/24 10:09:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/11/12 11:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\AVG10
[2009/06/22 10:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/10 10:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\com.codeode
[2010/09/28 11:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\FileZilla
[2010/11/29 06:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Fujitsu
[2009/08/30 14:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\gtk-2.0
[2009/08/30 14:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Inkscape
[2009/06/05 14:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Leadertech
[2010/06/16 22:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Notepad++
[2010/11/22 23:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\PFStaticIP
[2010/11/29 06:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\PFU
[2008/10/21 13:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Template
[2010/05/24 10:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Thunderbird
[2009/12/17 23:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\TomTom
[2010/11/29 10:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Uniblue
[2010/10/28 15:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Vso
[2010/09/21 15:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\webex
[2010/06/01 10:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Western Digital
[2010/11/11 15:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\whitesmoketoolbar
[2008/10/16 16:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Windows Desktop Search
[2008/10/22 13:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Windows Search
[2010/12/01 05:33:23 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/12/01 04:21:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/12/01 04:21:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/11/30 10:31:15 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/12/01 05:27:10 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/12/01 04:23:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/11/30 11:02:04 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/12/01 04:22:06 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/12/01 04:22:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/11/30 16:38:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/12/01 04:23:47 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/12/01 04:23:25 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/12/01 04:23:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/11/30 14:44:06 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/12/01 07:04:10 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/12/01 04:23:12 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/11/30 12:11:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/12/01 04:23:50 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/12/01 04:22:12 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/12/01 04:22:17 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/12/01 04:23:29 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/12/01 05:01:15 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/12/01 04:23:09 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/11/30 09:04:34 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/11/30 17:45:32 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/11/30 10:30:54 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/12/01 04:22:09 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/11/29 10:24:57 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/12/01 04:22:57 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/11/30 16:38:08 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/11/30 12:32:52 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/12/01 04:23:06 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/12/01 07:04:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/11/30 12:32:56 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/11/30 13:01:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/11/30 10:30:52 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/12/01 04:23:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/12/01 07:45:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/12/01 04:22:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/11/30 16:38:19 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/11/30 16:38:02 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/11/30 13:45:59 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/12/01 05:32:59 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/12/01 04:22:55 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/12/01 07:04:16 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/12/01 04:23:43 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/11/30 07:57:55 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/12/01 04:23:16 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/11/30 16:37:56 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
Sign In
Create Account
