A friend was using my PC while I was away. I received a call telling me it looked like I had a virus. She clicked through to scan it, and it was now asking to be purchased/authorized. I immediately knew what this meant, fearing the worst.
I had her shut down the PC, but it was too late.
Upon opening a web browser (I use firefox, but also have IE installed. I installed Chrome after the fact due to redirects), a box would pop up asking me to purchase a fake malware program, etc.
I used malwarebytes, ccleaner and a couple rootkit detectors (AVG and one I cannot remember).
Malwarebytes found 7 items. I do not remember what they were, other than them having the 'backdoor' classification. May have been WinAV or something similar. Malwarebytes cleaned/deleted all malicious content, but when the machine rebooted, my McAfee virus scan would not work (I cannot enable the on-access scan), the browsers will re-direct google results, and if I stay connected to the internet, subsequent malwarebytes scans detect more bad items.
To add insult to injury, most rootkit removers I've tried and HiJackThis will begin scanning, but will simply disappear and stop working without any sort of error. OTL seems to work fine (thankfully!!) and I'm glad there is a forum that prefers that tool instead. I posted about this on another forum, but I didn't get much help after saying HiJackThis wouldn't run.
I'm more than a week into trying to fix this on my own. I'm an IT professional, but haven't had to clean an infected machine in years, so my tactics are all out of date. Please forgive my ignorance as we go forward if I have some dumb questions
Without further ado, here is the OTL log:
OTL logfile created on: 9/7/2011 10:16:06 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Justin\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.73 Mb Total Physical Memory | 409.12 Mb Available Physical Memory | 40.00% Memory free
2.41 Gb Paging File | 1.90 Gb Available in Paging File | 79.14% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 21.48 Gb Free Space | 19.22% Space Free | Partition Type: NTFS
Drive E: | 1.86 Gb Total Space | 1.86 Gb Free Space | 99.83% Space Free | Partition Type: FAT
Drive K: | 232.88 Gb Total Space | 53.94 Gb Free Space | 23.16% Space Free | Partition Type: NTFS
Computer Name: BDJSB7X | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found -- C:\WINDOWS\128095406:1365990904.exe
PRC - [2011/09/07 22:12:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Justin\My Documents\Downloads\OTL.exe
PRC - [2011/08/30 03:50:36 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/04/12 16:40:58 | 000,660,848 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2010/12/10 08:29:00 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/04/29 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\shstat.exe
PRC - [2009/04/29 20:07:00 | 000,070,216 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2009/04/29 20:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\vstskmgr.exe
PRC - [2009/04/29 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\engineserver.exe
PRC - [2009/01/16 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/01/16 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/01/16 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/06/30 10:49:08 | 000,770,100 | ---- | M] () -- C:\Program Files\Ahead\InCD\incdsrv.exe
========== Modules (No Company Name) ==========
MOD - [2011/08/30 03:50:34 | 000,400,440 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\ppgooglenaclpluginchrome.dll
MOD - [2011/08/30 03:50:33 | 004,118,072 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\pdf.dll
MOD - [2011/08/30 03:49:29 | 000,300,088 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\Locales\en-US.dll
MOD - [2011/08/30 03:49:01 | 000,104,520 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\avutil-50.dll
MOD - [2011/08/30 03:49:00 | 000,203,848 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\avformat-52.dll
MOD - [2011/08/30 03:48:58 | 001,846,344 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\avcodec-52.dll
MOD - [2011/08/30 01:50:36 | 006,338,720 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\gcswf32.dll
MOD - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2010/09/17 21:13:36 | 002,826,240 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2010/09/17 21:07:18 | 000,733,184 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2010/08/15 18:08:44 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/08/03 16:47:12 | 008,351,744 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2010/08/03 16:47:12 | 002,244,608 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2010/08/03 16:47:12 | 000,978,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
MOD - [2010/08/03 16:47:12 | 000,364,544 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2010/08/03 16:47:12 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/01/16 16:00:00 | 000,057,344 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
MOD - [2008/06/20 13:41:10 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2006/10/22 13:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2006/05/14 00:23:40 | 000,138,752 | ---- | M] () -- C:\Program Files\7-Zip\7-zip.dll
MOD - [2005/08/22 15:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll
MOD - [2004/06/20 19:17:22 | 000,121,344 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2003/06/30 10:49:08 | 000,770,100 | ---- | M] () -- C:\Program Files\Ahead\InCD\incdsrv.exe
MOD - [2003/06/30 10:48:22 | 000,364,593 | ---- | M] () -- C:\Program Files\Ahead\InCD\incdunt.dll
MOD - [2000/05/17 15:04:54 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\PRTmate.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/04/12 16:40:58 | 000,660,848 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/12/10 08:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/04/29 20:07:00 | 000,144,888 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\mcshield.exe -- (McShield)
SRV - [2009/04/29 20:07:00 | 000,070,216 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2009/04/29 20:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan\vstskmgr.exe -- (McTaskManager)
SRV - [2009/04/29 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan\engineserver.exe -- (McAfeeEngineService)
SRV - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2003/06/30 10:49:08 | 000,770,100 | ---- | M] () [Auto | Running] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv)
========== Driver Services (SafeList) ==========
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/12 16:10:02 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/04/29 20:07:00 | 000,342,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/04/29 20:07:00 | 000,091,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/04/29 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/04/29 20:07:00 | 000,065,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009/04/29 20:07:00 | 000,063,696 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/04/29 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/07/09 06:05:48 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/07/09 06:05:48 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/04/04 14:49:04 | 000,136,832 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH8000.sys -- (SaiH8000)
DRV - [2007/12/11 14:42:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/01/31 09:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007/01/18 08:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2005/10/15 21:15:41 | 000,027,171 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2005/10/08 18:22:38 | 000,071,512 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toywdm.sys -- (JL2005)
DRV - [2005/09/26 01:08:10 | 000,125,568 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcgbdr.sys -- (avcgbdr)
DRV - [2005/07/28 04:28:10 | 000,019,712 | ---- | M] (Adaptec, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcgbfl.sys -- (avcgbfl)
DRV - [2005/04/24 22:43:58 | 000,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Razerlow.sys -- (Razerlow)
DRV - [2004/10/08 07:59:12 | 000,326,656 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2004/10/08 07:57:50 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/08/06 02:26:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004/07/17 05:24:20 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/04/07 15:11:00 | 000,038,860 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2004/04/07 15:11:00 | 000,019,908 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2003/06/30 10:51:24 | 000,028,208 | ---- | M] (Ahead Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2003/06/30 10:51:00 | 000,086,496 | ---- | M] () [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
DRV - [2003/01/27 16:37:38 | 000,286,512 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/01/21 05:38:12 | 000,139,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS -- (hap16v2k)
DRV - [2003/01/07 05:03:42 | 000,822,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/01/06 03:24:12 | 000,012,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2003/01/06 03:05:14 | 000,184,656 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/12/19 02:06:02 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/12/19 02:05:52 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2002/12/19 02:05:32 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2002/12/19 02:05:12 | 000,497,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/12/19 02:03:42 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k)
DRV - [2002/11/12 06:38:38 | 000,016,432 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)
DRV - [2001/08/23 15:00:00 | 000,022,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2000/12/12 15:45:52 | 000,008,679 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCI0PL.SYS -- (PLSCSI)
DRV - [2000/12/12 15:41:54 | 000,021,510 | ---- | M] ( ) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SCI1PL.SYS -- (USBAtapi2000)
DRV - [2000/04/18 00:53:50 | 000,112,624 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dvc325.sys -- (DCamUSBLTN)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Justin\Application Data\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Justin\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Justin\Application Data\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/04 19:37:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/31 00:11:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/17 21:24:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Justin\Application Data\Move Networks [2009/05/18 17:27:26 | 000,000,000 | ---D | M]
[2011/01/18 12:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Justin\Application Data\Mozilla\Extensions
[2011/01/18 12:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Justin\Application Data\Mozilla\Extensions\[email protected]
[2011/08/28 23:53:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\o26fuz9n.default\extensions
[2009/08/07 21:25:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\o26fuz9n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/09 19:53:24 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\o26fuz9n.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/08/31 02:31:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/30 20:58:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2005/09/15 18:26:00 | 000,044,153 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\inspector.dll
[2009/04/29 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/03/30 20:57:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/05/28 17:15:00 | 000,110,592 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2006/02/02 15:56:00 | 000,225,280 | ---- | M] (Virtools SA) -- C:\Program Files\mozilla firefox\plugins\npvirtools.dll
O1 HOSTS File: ([2010/04/26 20:38:29 | 000,392,034 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 13565 more lines...
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (PaltalkWebLogin) - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll (AVM Software Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan\SHSTAT.EXE (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: frame.crazywinnings.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range1 ([*] in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1159395208484 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://download.game...aploader_v5.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E5FB9FD-EF7B-49B1-BEC9-50AF68A889E3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/03 16:07:01 | 000,002,247 | ---- | M] () - C:\AutoAssault.log -- [ NTFS ]
O33 - MountPoints2\{01d6c352-7c9b-11df-be02-0007e95e8e19}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{01d6c352-7c9b-11df-be02-0007e95e8e19}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{1a22907b-2aa2-11e0-bf6a-0007e95e8e19}\Shell - "" = AutoRun
O33 - MountPoints2\{1a22907b-2aa2-11e0-bf6a-0007e95e8e19}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1a22907b-2aa2-11e0-bf6a-0007e95e8e19}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{69c6f11e-231f-11e0-bf5d-0007e95e8e19}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{c1634335-3396-11de-9223-0007e95e8e19}\Shell - "" = AutoRun
O33 - MountPoints2\{c1634335-3396-11de-9223-0007e95e8e19}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c1634335-3396-11de-9223-0007e95e8e19}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{f343b9fa-038e-11e0-bf22-0007e95e8e19}\Shell\AutoRun\command - "" = E:\io3yalc.exe
O33 - MountPoints2\{f343b9fa-038e-11e0-bf22-0007e95e8e19}\Shell\open\Command - "" = E:\io3yalc.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/06 19:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Start Menu\Programs\HiJackThis
[2011/09/06 07:14:53 | 000,075,704 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2011/09/06 07:14:53 | 000,065,224 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2011/09/06 07:14:53 | 000,043,288 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2011/09/06 07:14:52 | 000,342,128 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2011/09/06 07:14:52 | 000,091,640 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2011/09/06 07:14:52 | 000,063,696 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys
[2011/09/06 07:14:51 | 000,070,216 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2011/09/06 07:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/09/06 07:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2011/09/06 07:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG Anti-Rootkit Free
[2011/09/06 07:06:30 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgArCln.sys
[2011/09/06 07:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT
[2011/09/01 18:36:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Justin\Recent
[2011/09/01 07:50:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/01 07:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/01 07:50:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/01 07:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/01 07:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\Current pass
[2011/08/31 21:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\TMRBLog
[2011/08/31 21:12:00 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/08/31 21:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\log
[2011/08/31 21:11:59 | 000,065,808 | ---- | C] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/08/31 20:56:11 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Justin\Desktop\HousecallLauncher.exe
[2011/08/31 20:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Start Menu\Programs\Google Chrome
[2011/08/31 02:09:01 | 122,890,824 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Justin\Desktop\sdat.exe
[2011/08/27 19:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\Jaggery and Fox
[2011/08/26 10:48:07 | 000,000,000 | ---D | C] -- C:\iPod Photo Cache
[2003/09/03 18:26:18 | 000,021,510 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SCI1PL.SYS
[2003/09/03 18:26:18 | 000,008,679 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SCI0PL.SYS
[2003/08/26 18:43:04 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[56 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1913 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/07 22:13:16 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Shortcut to OTL.exe.lnk
[2011/09/07 22:00:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/07 22:00:05 | 000,087,446 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/07 22:00:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/07 22:00:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\128095406
[2011/09/07 22:00:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/07 21:59:58 | 1072,484,352 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/07 21:12:40 | 000,030,180 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/07 21:12:40 | 000,030,180 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/07 21:12:40 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/07 21:12:40 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/07 21:12:40 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/09/07 21:12:40 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/09/07 21:12:40 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2011/09/07 21:12:40 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2011/09/06 19:20:56 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\HiJackThis.lnk
[2011/09/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2011/09/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2011/09/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2011/09/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At188.job
[2011/09/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At164.job
[2011/09/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At140.job
[2011/09/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
[2011/09/06 18:46:17 | 000,043,408 | -HS- | M] () -- C:\WINDOWS\System32\c_65712.nl_
[2011/09/06 18:43:17 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003UA.job
[2011/09/06 18:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/06 10:37:52 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\HijackThis.msi
[2011/09/06 07:06:31 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk
[2011/09/01 07:50:32 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/31 21:11:59 | 000,065,808 | ---- | M] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/08/31 21:11:58 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/08/31 21:03:25 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/08/31 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2011/08/31 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2011/08/31 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011/08/31 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At190.job
[2011/08/31 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At166.job
[2011/08/31 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At142.job
[2011/08/31 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At118.job
[2011/08/31 20:57:50 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\housecall.guid.cache
[2011/08/31 20:56:15 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Justin\Desktop\HousecallLauncher.exe
[2011/08/31 20:43:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003Core.job
[2011/08/31 20:39:20 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Google Chrome.lnk
[2011/08/31 20:39:20 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/31 02:12:51 | 122,890,824 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Justin\Desktop\sdat.exe
[2011/08/31 02:11:46 | 090,266,112 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\vscan87.exe
[2011/08/31 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
[2011/08/31 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2011/08/31 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2011/08/31 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2011/08/31 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At171.job
[2011/08/31 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At147.job
[2011/08/31 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At123.job
[2011/08/31 00:23:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
[2011/08/31 00:22:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At169.job
[2011/08/30 11:00:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2011/08/30 11:00:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2011/08/30 11:00:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011/08/30 11:00:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At180.job
[2011/08/30 11:00:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At156.job
[2011/08/30 11:00:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At132.job
[2011/08/30 11:00:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At108.job
[2011/08/30 10:59:56 | 004,194,304 | ---- | M] () -- C:\WINDOWS\System32\srlaetav.dll
[2011/08/30 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2011/08/30 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2011/08/30 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011/08/30 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At179.job
[2011/08/30 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At155.job
[2011/08/30 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At131.job
[2011/08/30 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At107.job
[2011/08/30 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2011/08/30 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2011/08/30 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2011/08/30 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At176.job
[2011/08/30 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At152.job
[2011/08/30 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At128.job
[2011/08/30 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At104.job
[2011/08/30 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2011/08/30 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2011/08/30 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2011/08/30 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At175.job
[2011/08/30 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At151.job
[2011/08/30 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At127.job
[2011/08/30 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At103.job
[2011/08/30 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2011/08/30 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2011/08/30 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2011/08/30 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At174.job
[2011/08/30 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At150.job
[2011/08/30 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At126.job
[2011/08/30 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At102.job
[2011/08/30 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2011/08/30 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2011/08/30 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2011/08/30 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At173.job
[2011/08/30 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At149.job
[2011/08/30 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At125.job
[2011/08/30 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At101.job
[2011/08/30 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2011/08/30 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2011/08/30 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2011/08/30 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At172.job
[2011/08/30 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At148.job
[2011/08/30 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At124.job
[2011/08/30 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
[2011/08/30 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
[2011/08/30 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2011/08/30 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2011/08/30 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011/08/30 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At170.job
[2011/08/30 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At146.job
[2011/08/30 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At122.job
[2011/08/30 00:58:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2011/08/30 00:54:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2011/08/30 00:48:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At121.job
[2011/08/30 00:45:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2011/08/30 00:45:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At145.job
[2011/08/29 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2011/08/29 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2011/08/29 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011/08/29 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At192.job
[2011/08/29 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At168.job
[2011/08/29 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At144.job
[2011/08/29 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At120.job
[2011/08/29 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2011/08/29 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2011/08/29 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011/08/29 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At191.job
[2011/08/29 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At167.job
[2011/08/29 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At143.job
[2011/08/29 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At119.job
[2011/08/29 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2011/08/29 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2011/08/29 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011/08/29 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At189.job
[2011/08/29 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At165.job
[2011/08/29 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At141.job
[2011/08/29 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At117.job
[2011/08/29 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2011/08/29 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2011/08/29 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2011/08/29 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At187.job
[2011/08/29 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At163.job
[2011/08/29 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At139.job
[2011/08/29 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At115.job
[2011/08/29 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2011/08/29 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2011/08/29 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2011/08/29 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At186.job
[2011/08/29 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At162.job
[2011/08/29 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At138.job
[2011/08/29 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At114.job
[2011/08/29 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2011/08/29 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2011/08/29 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011/08/29 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At185.job
[2011/08/29 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At161.job
[2011/08/29 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At137.job
[2011/08/29 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At113.job
[2011/08/29 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2011/08/29 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2011/08/29 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2011/08/29 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At184.job
[2011/08/29 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At160.job
[2011/08/29 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At136.job
[2011/08/29 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At112.job
[2011/08/29 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2011/08/29 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2011/08/29 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011/08/29 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At183.job
[2011/08/29 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At159.job
[2011/08/29 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At135.job
[2011/08/29 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
[2011/08/29 13:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2011/08/29 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2011/08/29 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011/08/29 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At182.job
[2011/08/29 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At158.job
[2011/08/29 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At134.job
[2011/08/29 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At110.job
[2011/08/29 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2011/08/29 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2011/08/29 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011/08/29 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At181.job
[2011/08/29 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At157.job
[2011/08/29 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At133.job
[2011/08/29 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At109.job
[2011/08/29 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2011/08/29 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2011/08/29 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011/08/29 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At178.job
[2011/08/29 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At154.job
[2011/08/29 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At130.job
[2011/08/29 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At106.job
[2011/08/29 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2011/08/29 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2011/08/29 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2011/08/29 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At177.job
[2011/08/29 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At153.job
[2011/08/29 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At129.job
[2011/08/29 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At105.job
[2011/08/28 10:06:22 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/28 10:06:14 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/08/12 12:32:00 | 008,570,384 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\RootkitBuster.exe
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1913 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/07 22:13:16 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\Shortcut to OTL.exe.lnk
[2011/09/07 21:06:40 | 1072,484,352 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/06 19:20:56 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\HiJackThis.lnk
[2011/09/06 07:06:31 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk
[2011/09/01 07:50:32 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/31 21:11:52 | 008,570,384 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\RootkitBuster.exe
[2011/08/31 20:57:50 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\housecall.guid.cache
[2011/08/31 20:48:38 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\HijackThis.msi
[2011/08/31 20:39:20 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\Google Chrome.lnk
[2011/08/31 20:39:20 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/31 20:38:15 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003UA.job
[2011/08/31 20:38:15 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003Core.job
[2011/08/31 02:08:34 | 090,266,112 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\vscan87.exe
[2011/08/30 20:30:05 | 000,043,408 | -HS- | C] () -- C:\WINDOWS\System32\c_65712.nl_
[2011/08/30 10:59:56 | 004,194,304 | ---- | C] () -- C:\WINDOWS\System32\srlaetav.dll
[2011/08/30 10:59:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\128095406
[2011/02/18 06:54:29 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/16 19:51:00 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\O6UB3GR1.dat
[2010/04/26 18:38:22 | 000,001,172 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\0jf5835bS5a
[2010/04/26 18:38:22 | 000,001,172 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0jf5835bS5a
[2010/04/24 13:12:22 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/23 19:17:00 | 000,005,532 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\L055Jl5Jk1DTE
[2010/04/23 19:16:59 | 000,005,532 | -HS- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\L055Jl5Jk1DTE
[2010/01/31 14:02:57 | 000,063,900 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/18 14:34:50 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\mcs.rma
[2009/08/18 14:34:50 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\D031BF
[2009/08/09 10:58:42 | 000,000,943 | ---- | C] () -- C:\WINDOWS\TATCALL.INI
[2009/08/09 10:58:42 | 000,000,020 | ---- | C] () -- C:\WINDOWS\TATVER.INI
[2009/08/09 10:58:41 | 000,000,260 | ---- | C] () -- C:\WINDOWS\TATUNINS.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/01 20:12:11 | 000,147,456 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\JuniperSetup.exe
[2009/06/01 20:12:10 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\Juniper Network Connect 6.3.0.ini
[2009/05/05 12:08:06 | 000,000,119 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2009/05/04 18:49:55 | 000,000,043 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/11/16 21:05:00 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/13 20:27:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/11/13 20:27:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/11/13 20:27:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/11/13 20:27:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/11/13 20:27:35 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/11/13 20:27:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/10/19 09:53:40 | 000,000,060 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/07/25 00:39:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/07/15 19:29:28 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/04/04 14:49:04 | 001,282,048 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000.Dll
[2008/04/04 14:49:04 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_0C.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_10.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_0A.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_07.dll
[2008/04/04 14:49:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_09.dll
[2008/04/04 14:49:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_0402.dll
[2008/04/04 14:49:04 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_11.dll
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/10/15 21:05:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2007/03/03 07:12:44 | 000,000,473 | ---- | C] () -- C:\WINDOWS\vsp.ini
[2007/02/14 21:46:25 | 000,000,123 | ---- | C] () -- C:\WINDOWS\win96.INI
[2007/02/14 19:17:46 | 000,000,065 | ---- | C] () -- C:\WINDOWS\namedts.INI
[2007/01/30 20:31:46 | 000,002,795 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini
[2007/01/24 19:21:32 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/01/22 21:01:28 | 000,003,885 | ---- | C] () -- C:\WINDOWS\SCWRITER.INI
[2006/09/17 01:37:30 | 000,080,384 | ---- | C] () -- C:\WINDOWS\gamedelete.exe
[2006/07/09 23:36:01 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\UnCasino5.exe
[2006/04/14 11:37:26 | 000,000,032 | ---- | C] () -- C:\WINDOWS\aceg.ini
[2006/03/25 09:05:25 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/03/13 16:19:23 | 000,006,812 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/03/13 16:05:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2006/03/09 09:01:20 | 000,001,603 | ---- | C] () -- C:\WINDOWS\kd330lan.ini
[2006/03/09 09:01:20 | 000,001,403 | ---- | C] () -- C:\WINDOWS\Dvc325.ini
[2006/01/14 11:57:56 | 000,002,564 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/27 13:24:31 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/12/18 14:02:27 | 000,090,624 | ---- | C] () -- C:\WINDOWS\VSUNINST.EXE
[2005/10/16 20:23:27 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\UnPoker.exe
[2005/07/08 14:26:09 | 000,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/21 23:57:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/06/03 09:21:42 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Auto Assault.msi
[2005/05/12 00:34:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/05/12 00:34:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005/05/12 00:34:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/05/12 00:34:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2005/05/12 00:34:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/05/12 00:34:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/05/12 00:34:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/05/12 00:34:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005/05/12 00:34:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/05/12 00:34:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/04/13 19:11:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/04/13 19:11:23 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/04/13 19:11:11 | 000,006,400 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/03/28 22:13:30 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sw_app.sys
[2005/03/28 22:13:30 | 000,000,003 | ---- | C] () -- C:\WINDOWS\approval.dat
[2005/03/28 22:13:03 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sw_ver.dat
[2005/01/17 08:32:50 | 000,002,840 | ---- | C] () -- C:\WINDOWS\System32\vp.dat
[2005/01/17 08:32:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\vg.dat
[2005/01/17 08:32:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\v.dat
[2005/01/15 17:02:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lqybd.dat
[2005/01/04 22:51:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\apiyi.exe
[2005/01/02 11:19:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sysxq.exe
[2004/12/26 23:26:25 | 000,000,125 | ---- | C] () -- C:\WINDOWS\WinFrotz.INI
[2004/12/20 08:08:04 | 000,001,234 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2004/12/19 09:05:53 | 000,000,021 | ---- | C] () -- C:\WINDOWS\progman.ini
[2004/12/19 09:05:41 | 000,000,082 | ---- | C] () -- C:\WINDOWS\swcmpc.ini
[2004/12/18 10:33:28 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2004/11/19 00:37:34 | 000,000,292 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2004/11/18 23:12:27 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/26 09:19:27 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/24 08:34:26 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\fusioncache.dat
[2004/07/31 16:07:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/19 18:14:44 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2004/07/19 18:14:42 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/05/23 19:52:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/04/21 23:37:39 | 000,000,167 | ---- | C] () -- C:\WINDOWS\Recorder.dat
[2004/03/13 10:00:02 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2004/03/12 18:17:59 | 000,000,103 | ---- | C] () -- C:\WINDOWS\BJ.INI
[2004/02/28 01:20:15 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2004/02/22 21:55:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MOTO.INI
[2004/02/21 10:13:04 | 000,000,017 | ---- | C] () -- C:\WINDOWS\BICYCLE.INI
[2004/02/21 10:11:50 | 000,000,332 | ---- | C] () -- C:\WINDOWS\BP.INI
[2004/02/21 10:05:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BA.INI
[2003/09/25 06:46:39 | 000,000,070 | ---- | C] () -- C:\WINDOWS\nero.INI
[2003/09/13 07:38:51 | 000,220,160 | ---- | C] () -- C:\WINDOWS\PRINTERS.EXE
[2003/09/13 07:38:51 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PRTmate.dll
[2003/09/07 14:47:41 | 000,115,085 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/09/07 07:29:09 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/06 11:47:13 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI
[2003/09/06 10:38:51 | 000,000,761 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/09/06 08:52:49 | 000,001,645 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2003/09/04 22:04:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2003/09/04 18:57:53 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2003/09/03 20:33:05 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/09/03 18:31:51 | 000,001,110 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/08/28 15:10:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/27 09:17:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/08/27 09:13:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/08/27 09:05:42 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/08/27 09:05:42 | 000,002,398 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/08/27 09:05:30 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_006671_.tmp.dll
[2003/08/27 09:05:29 | 000,444,286 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/08/27 09:05:29 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/08/27 09:05:29 | 000,072,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/08/27 09:05:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/08/27 09:05:28 | 000,004,742 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/08/27 09:05:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/08/27 09:05:27 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/27 09:05:25 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/08/27 09:05:25 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/08/27 09:05:24 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_006703_.tmp.dll
[2003/08/27 09:05:20 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/08/27 09:05:18 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/08/27 02:09:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/08/27 02:08:39 | 000,278,944 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/08/26 18:49:01 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2003/08/26 18:49:01 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2003/08/26 18:43:59 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/08/26 18:43:58 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2003/08/26 18:43:17 | 000,066,980 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2003/08/26 18:43:17 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/08/26 18:43:13 | 000,248,091 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2003/08/26 18:43:13 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2003/08/26 18:43:13 | 000,224,644 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2003/08/26 18:43:13 | 000,190,720 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2003/08/26 18:43:13 | 000,138,816 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2003/08/26 18:43:13 | 000,110,820 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2003/08/26 18:43:13 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2003/08/26 18:43:08 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2003/08/26 18:43:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2003/08/26 18:43:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2003/08/26 18:43:08 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2003/08/26 18:43:08 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2003/08/26 18:42:56 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2003/08/26 18:42:45 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2003/08/26 18:41:48 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/08/26 18:24:09 | 000,007,264 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2003/08/26 18:23:50 | 000,086,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\incdfs.sys
[2003/08/19 16:22:19 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/07 00:19:16 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2001/08/23 15:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2000/03/29 22:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999/12/07 01:00:00 | 000,024,976 | ---- | C] () -- C:\WINDOWS\twain_16.dll
[1999/10/23 18:29:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[1999/08/11 15:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999/05/21 21:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/01/28 00:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
[1997/11/17 18:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
========== LOP Check ==========
[2008/12/20 16:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2007/10/16 21:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Armagetron
[2009/04/02 22:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2010/05/04 22:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/06/20 14:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/07/15 19:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
[2008/11/15 01:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2010/04/25 10:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2005/12/22 20:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lionhead Studios
[2003/12/15 01:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.1.0203
[2011/09/01 07:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/02/28 20:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2004/08/10 16:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/05/04 18:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/09/05 00:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/03/21 21:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/05/07 16:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/18 12:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2005/03/05 15:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/22 16:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/02 19:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/03 18:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2005/06/25 23:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\.bittorrent
[2006/10/26 21:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Activision
[2004/10/27 00:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Aim
[2005/10/03 06:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Arctic
[2007/10/16 21:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Armagetron
[2011/08/31 00:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Azureus
[2009/09/22 21:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/12/17 21:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\CopyTrans
[2006/02/26 09:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\CrystalApp
[2006/02/26 09:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\CrystalSpace
[2010/06/24 22:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Facebook
[2011/08/31 00:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\FileZilla
[2007/06/24 16:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Flickr
[2006/03/13 16:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\FotoWire
[2008/10/19 09:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\gtk-2.0
[2003/08/26 18:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\InterTrust
[2008/11/13 20:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Intervideo
[2010/04/25 10:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Juniper Networks
[2004/12/12 02:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Leadertech
[2005/12/22 20:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Lionhead Studios
[2006/02/26 16:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\My Games
[2007/05/06 10:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\NCH Swift Sound
[2007/01/04 23:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Paltalk
[2009/05/05 12:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\PopCapv1002
[2004/08/21 15:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\RhinoSoft.com
[2008/02/26 20:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\SecondLife
[2007/05/06 11:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Softplicity
[2011/01/18 12:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\TomTom
[2007/10/16 22:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\uqm
[2011/08/30 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At100.job
[2011/08/30 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At101.job
[2011/08/30 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At102.job
[2011/08/30 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At103.job
[2011/08/30 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At104.job
[2011/08/29 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At105.job
[2011/08/29 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At106.job
[2011/08/30 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At107.job
[2011/08/30 11:00:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At108.job
[2011/08/29 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At109.job
[2011/08/29 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At110.job
[2011/08/29 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At111.job
[2011/08/29 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At112.job
[2011/08/29 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At113.job
[2011/08/29 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At114.job
[2011/08/29 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At115.job
[2011/09/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At116.job
[2011/08/29 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At117.job
[2011/08/31 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At118.job
[2011/08/29 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At119.job
[2011/08/29 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At120.job
[2011/08/30 00:48:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At121.job
[2011/08/30 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At122.job
[2011/08/31 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At123.job
[2011/08/30 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At124.job
[2011/08/30 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At125.job
[2011/08/30 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At126.job
[2011/08/30 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At127.job
[2011/08/30 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At128.job
[2011/08/29 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At129.job
[2011/08/29 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At130.job
[2011/08/30 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At131.job
[2011/08/30 11:00:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At132.job
[2011/08/29 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At133.job
[2011/08/29 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At134.job
[2011/08/29 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At135.job
[2011/08/29 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At136.job
[2011/08/29 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At137.job
[2011/08/29 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At138.job
[2011/08/29 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At139.job
[2011/09/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At140.job
[2011/08/29 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At141.job
[2011/08/31 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At142.job
[2011/08/29 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At143.job
[2011/08/29 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At144.job
[2011/08/30 00:45:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At145.job
[2011/08/30 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At146.job
[2011/08/31 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At147.job
[2011/08/30 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At148.job
[2011/08/30 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At149.job
[2011/08/30 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At150.job
[2011/08/30 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At151.job
[2011/08/30 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At152.job
[2011/08/29 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At153.job
[2011/08/29 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At154.job
[2011/08/30 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At155.job
[2011/08/30 11:00:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At156.job
[2011/08/29 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At157.job
[2011/08/29 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At158.job
[2011/08/29 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At159.job
[2011/08/29 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At160.job
[2011/08/29 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At161.job
[2011/08/29 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At162.job
[2011/08/29 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At163.job
[2011/09/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At164.job
[2011/08/29 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At165.job
[2011/08/31 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At166.job
[2011/08/29 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At167.job
[2011/08/29 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At168.job
[2011/08/31 00:22:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At169.job
[2011/08/30 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At170.job
[2011/08/31 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At171.job
[2011/08/30 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At172.job
[2011/08/30 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At173.job
[2011/08/30 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At174.job
[2011/08/30 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At175.job
[2011/08/30 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At176.job
[2011/08/29 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At177.job
[2011/08/29 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At178.job
[2011/08/30 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At179.job
[2011/08/30 11:00:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At180.job
[2011/08/29 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At181.job
[2011/08/29 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At182.job
[2011/08/29 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At183.job
[2011/08/29 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At184.job
[2011/08/29 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At185.job
[2011/08/29 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At186.job
[2011/08/29 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At187.job
[2011/09/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At188.job
[2011/08/29 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At189.job
[2011/08/31 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At190.job
[2011/08/29 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At191.job
[2011/08/29 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At192.job
[2011/08/30 00:54:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2011/08/30 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2011/08/31 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2011/08/30 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2011/08/30 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2011/08/30 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2011/08/30 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2011/08/30 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2011/08/29 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2011/08/29 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2011/08/30 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2011/08/30 11:00:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2011/08/29 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2011/08/29 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2011/08/29 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2011/08/29 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2011/08/29 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2011/08/29 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2011/08/29 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2011/09/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2011/08/29 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2011/08/31 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2011/08/29 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2011/08/29 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2011/08/30 00:45:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2011/08/30 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2011/08/31 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2011/08/30 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2011/08/30 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2011/08/30 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2011/08/30 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2011/08/30 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2011/08/29 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2011/08/29 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2011/08/30 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2011/08/30 11:00:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2011/08/29 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2011/08/29 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2011/08/29 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2011/08/29 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2011/08/29 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2011/08/29 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2011/08/29 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2011/09/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2011/08/29 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2011/08/31 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2011/08/29 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2011/08/29 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2011/08/30 00:58:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At73.job
[2011/08/30 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At74.job
[2011/08/31 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At75.job
[2011/08/30 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At76.job
[2011/08/30 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At77.job
[2011/08/30 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At78.job
[2011/08/30 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At79.job
[2011/08/30 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At80.job
[2011/08/29 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At81.job
[2011/08/29 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At82.job
[2011/08/30 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At83.job
[2011/08/30 11:00:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At84.job
[2011/08/29 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At85.job
[2011/08/29 13:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At86.job
[2011/08/29 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At87.job
[2011/08/29 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At88.job
[2011/08/29 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At89.job
[2011/08/29 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At90.job
[2011/08/29 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At91.job
[2011/09/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At92.job
[2011/08/29 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At93.job
[2011/08/31 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At94.job
[2011/08/29 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At95.job
[2011/08/29 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At96.job
[2011/08/31 00:23:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At97.job
[2011/08/30 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At98.job
[2011/08/31 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At99.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 816 bytes -> C:\WINDOWS\128095406:1365990904.exe
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:364682BC
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\uninst.exe:amfjyl
< End of report >
A huge THANK YOU to anyone who is willing to help me through this.