Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Battling A Keylogger! [Closed]


  • This topic is locked This topic is locked

#1
XMari123

XMari123

    New Member

  • Member
  • Pip
  • 6 posts
Hi there,

First off, I want to thank you all who take your free time to volunteer your help. I'm sure I speak for everyone here!

This is my problem, in as much detail as I can give at this moment. I have, let's just say, made an enemy online who will not give up infecting my system, getting through my ports and generally making my life a miserable [bleep]. I have wiped my hard drive clean at least 4 different times during this past year. No matter what I do and how much I try to read up on and/or protect myself, they keep getting to me. This person I am dealing with is experienced and key logging/hacking is their only pleasure in life.

The day before yesterday, somehow I think they "messed up" and I was able to copy and save something that "accidently" (on their end) popped up on my browser. I have the file saved but I am not sure if this is actually a key log program or not. I'll be happy to send it/post it for further evaluation by you guys because I am novice at best :)

I am basically locked out of my emails, only to be let back in for a short time, then I am locked out again. My passwords are stolen frequently and everything I type and say are "known". I am permanently locked out of my you tube account. I've written them and have received no help on their end. I am at the point of reporting this person to AT&T and letting them handle it. I just want them gone. I downloaded the OTL program as instructed and am posting it's findings below. BTW, my firewall tried to block this file but I was able to allow it and run it. Also, I am not sure what to do with the Extras.txt file? It appears to be the same as my OTL txt. I am saving it though, just in case I will need it. Here is the OTL report:

OTL logfile created on: 11/22/2011 7:10:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Awesome\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.42 Mb Total Physical Memory | 106.24 Mb Available Physical Memory | 23.80% Memory free
1.03 Gb Paging File | 0.39 Gb Available in Paging File | 38.34% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 65.77 Gb Free Space | 88.29% Space Free | Partition Type: NTFS

Computer Name: CANDLES-8H95Q4K | User Name: Awesome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/22 19:10:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Awesome\Desktop\OTL.exe
PRC - [2011/11/09 12:31:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/20 12:58:42 | 002,497,352 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/10/07 18:47:14 | 001,883,328 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/09/09 09:00:26 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciServiceHost.exe
PRC - [2011/08/23 15:03:08 | 022,140,304 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Awesome\Application Data\mjusbsp\magicJack.exe
PRC - [2011/07/14 07:21:10 | 000,108,032 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
PRC - [2010/07/27 05:15:50 | 001,573,888 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/27 14:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/09 12:31:02 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/07 08:51:16 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/07 18:46:30 | 000,068,424 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/14 07:21:22 | 001,712,128 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libvorbis_plugin.dll
MOD - [2011/07/14 07:21:22 | 001,137,664 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libxml_plugin.dll
MOD - [2011/07/14 07:21:22 | 001,108,992 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libtaglib_plugin.dll
MOD - [2011/07/14 07:21:22 | 000,368,640 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libtheora_plugin.dll
MOD - [2011/07/14 07:21:22 | 000,325,120 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libswscale_plugin.dll
MOD - [2011/07/14 07:21:22 | 000,078,848 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libzip_plugin.dll
MOD - [2011/07/14 07:21:22 | 000,046,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libwaveout_plugin.dll
MOD - [2011/07/14 07:21:22 | 000,040,448 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll
MOD - [2011/07/14 07:21:22 | 000,038,912 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libvout_wrapper_plugin.dll
MOD - [2011/07/14 07:21:22 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll
MOD - [2011/07/14 07:21:22 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libyuvp_plugin.dll
MOD - [2011/07/14 07:21:22 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll
MOD - [2011/07/14 07:21:20 | 011,496,448 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libqt4_plugin.dll
MOD - [2011/07/14 07:21:20 | 002,169,856 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libskins2_plugin.dll
MOD - [2011/07/14 07:21:20 | 001,013,248 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libschroedinger_plugin.dll
MOD - [2011/07/14 07:21:20 | 000,130,048 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libspeex_plugin.dll
MOD - [2011/07/14 07:21:20 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libscaletempo_plugin.dll
MOD - [2011/07/14 07:21:20 | 000,034,304 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll
MOD - [2011/07/14 07:21:20 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll
MOD - [2011/07/14 07:21:20 | 000,031,744 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libscale_plugin.dll
MOD - [2011/07/14 07:21:20 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll
MOD - [2011/07/14 07:21:18 | 000,237,568 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libpng_plugin.dll
MOD - [2011/07/14 07:21:18 | 000,194,048 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmp4_plugin.dll
MOD - [2011/07/14 07:21:18 | 000,128,000 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll
MOD - [2011/07/14 07:21:18 | 000,108,032 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libplaylist_plugin.dll
MOD - [2011/07/14 07:21:18 | 000,038,912 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmono_plugin.dll
MOD - [2011/07/14 07:21:18 | 000,037,888 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll
MOD - [2011/07/14 07:21:16 | 001,776,128 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblibass_plugin.dll
MOD - [2011/07/14 07:21:16 | 000,338,432 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblua_plugin.dll
MOD - [2011/07/14 07:21:16 | 000,135,680 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll
MOD - [2011/07/14 07:21:16 | 000,073,728 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll
MOD - [2011/07/14 07:21:16 | 000,052,224 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll
MOD - [2011/07/14 07:21:16 | 000,048,640 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll
MOD - [2011/07/14 07:21:16 | 000,046,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libhotkeys_plugin.dll
MOD - [2011/07/14 07:21:16 | 000,046,080 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll
MOD - [2011/07/14 07:21:16 | 000,039,936 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll
MOD - [2011/07/14 07:21:16 | 000,038,400 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll
MOD - [2011/07/14 07:21:16 | 000,037,888 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll
MOD - [2011/07/14 07:21:16 | 000,036,352 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll
MOD - [2011/07/14 07:21:16 | 000,035,840 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblpcm_plugin.dll
MOD - [2011/07/14 07:21:16 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll
MOD - [2011/07/14 07:21:16 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll
MOD - [2011/07/14 07:21:16 | 000,032,768 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi422_i420_plugin.dll
MOD - [2011/07/14 07:21:16 | 000,032,768 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll
MOD - [2011/07/14 07:21:14 | 000,652,800 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfreetype_plugin.dll
MOD - [2011/07/14 07:21:14 | 000,309,760 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfaad_plugin.dll
MOD - [2011/07/14 07:21:14 | 000,265,216 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libflac_plugin.dll
MOD - [2011/07/14 07:21:14 | 000,258,048 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll
MOD - [2011/07/14 07:21:14 | 000,231,424 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdvdnav_plugin.dll
MOD - [2011/07/14 07:21:14 | 000,210,944 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdshow_plugin.dll
MOD - [2011/07/14 07:21:14 | 000,178,176 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll
MOD - [2011/07/14 07:21:14 | 000,067,072 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdirectx_plugin.dll
MOD - [2011/07/14 07:21:14 | 000,061,440 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdirect3d_plugin.dll
MOD - [2011/07/14 07:21:14 | 000,039,424 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfilesystem_plugin.dll
MOD - [2011/07/14 07:21:14 | 000,039,424 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdts_plugin.dll
MOD - [2011/07/14 07:21:14 | 000,037,376 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfake_plugin.dll
MOD - [2011/07/14 07:21:14 | 000,032,256 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll
MOD - [2011/07/14 07:21:14 | 000,032,256 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll
MOD - [2011/07/14 07:21:14 | 000,031,744 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll
MOD - [2011/07/14 07:21:14 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfolder_plugin.dll
MOD - [2011/07/14 07:21:14 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdrawable_plugin.dll
MOD - [2011/07/14 07:21:12 | 008,248,320 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libavcodec_plugin.dll
MOD - [2011/07/14 07:21:12 | 000,057,856 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libblend_plugin.dll
MOD - [2011/07/14 07:21:12 | 000,046,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaout_directx_plugin.dll
MOD - [2011/07/14 07:21:12 | 000,045,568 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaraw_plugin.dll
MOD - [2011/07/14 07:21:12 | 000,041,472 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaudio_format_plugin.dll
MOD - [2011/07/14 07:21:12 | 000,034,304 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libcdg_plugin.dll
MOD - [2011/07/14 07:21:12 | 000,033,280 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaes3_plugin.dll
MOD - [2011/07/14 07:21:12 | 000,032,768 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll
MOD - [2011/07/14 07:21:10 | 002,263,552 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\libvlccore.dll
MOD - [2011/07/14 07:21:10 | 000,108,032 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
MOD - [2011/07/14 07:21:10 | 000,101,376 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\libvlc.dll
MOD - [2011/07/14 07:21:10 | 000,090,112 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll
MOD - [2011/07/14 07:21:10 | 000,065,536 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll
MOD - [2011/07/14 07:21:10 | 000,036,352 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52_plugin.dll
MOD - [2011/07/14 07:21:10 | 000,030,720 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/07 18:47:14 | 001,883,328 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/09/09 09:00:26 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Stopped] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 18:48:04 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/10/07 18:48:02 | 000,492,768 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/10/07 18:48:02 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/10/07 18:48:00 | 000,018,056 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2011/09/14 08:58:10 | 000,225,592 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2011/09/09 09:00:28 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/09/09 09:00:28 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/06/23 18:12:50 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2006/07/27 14:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.att.net/"
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 12:31:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/11/07 08:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Awesome\Application Data\Mozilla\Extensions
[2011/11/18 07:07:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Awesome\Application Data\Mozilla\Firefox\Profiles\hc3kcjha.default\extensions
[2011/11/18 07:07:23 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Awesome\Application Data\Mozilla\Firefox\Profiles\hc3kcjha.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/08 16:36:17 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Awesome\Application Data\Mozilla\Firefox\Profiles\hc3kcjha.default\extensions\[email protected]
[2011/11/07 08:36:23 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Awesome\Application Data\Mozilla\Firefox\Profiles\hc3kcjha.default\extensions\[email protected]
[2011/11/10 01:58:22 | 000,000,000 | ---D | M] (gTranslator) -- C:\Documents and Settings\Awesome\Application Data\Mozilla\Firefox\Profiles\hc3kcjha.default\extensions\[email protected]
[2011/11/08 12:53:59 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Documents and Settings\Awesome\Application Data\Mozilla\Firefox\Profiles\hc3kcjha.default\extensions\[email protected]
[2011/11/14 10:03:56 | 000,002,306 | ---- | M] () -- C:\Documents and Settings\Awesome\Application Data\Mozilla\Firefox\Profiles\hc3kcjha.default\searchplugins\wot-safe-search.xml
[2011/11/07 08:12:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AWESOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HC3KCJHA.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AWESOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HC3KCJHA.DEFAULT\EXTENSIONS\{27C60876-B5C9-4335-B4F3-52B26782220C}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AWESOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HC3KCJHA.DEFAULT\EXTENSIONS\{CD617375-6743-4EE8-BAC4-FBF10F35729E}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AWESOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HC3KCJHA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AWESOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HC3KCJHA.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AWESOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HC3KCJHA.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AWESOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HC3KCJHA.DEFAULT\EXTENSIONS\[email protected]
[2011/11/09 12:31:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 12:31:04 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2003/03/31 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1320781385796 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77197D3C-5D0E-42B1-9EB2-BE92B7282773}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77197D3C-5D0E-42B1-9EB2-BE92B7282773}: NameServer = 8.26.56.26,156.154.70.22
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/06 16:22:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/22 19:10:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Awesome\Desktop\OTL.exe
[2011/11/22 17:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/11/20 10:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Local Settings\Application Data\WMTools Downloaded Files
[2011/11/20 10:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\My Documents\Any Video Converter
[2011/11/20 10:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Application Data\AnvSoft
[2011/11/20 08:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/11/20 08:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/11/17 20:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\My Documents\lyric info
[2011/11/17 14:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/11/16 23:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/11/16 23:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/16 21:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Local Settings\Application Data\Apple Computer
[2011/11/16 21:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Application Data\Apple Computer
[2011/11/16 21:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/16 21:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/11/16 21:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/11/16 21:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Local Settings\Application Data\Apple
[2011/11/16 21:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/11/16 21:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/11/16 21:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/16 21:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/11/16 21:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/11/14 10:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Local Settings\Application Data\Adobe
[2011/11/11 14:37:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Local Settings\Application Data\Identities
[2011/11/11 09:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/11/11 09:33:03 | 000,027,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\AFGSp50.sys
[2011/11/11 09:33:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Belkin
[2011/11/11 09:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2011/11/11 09:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2011/11/10 02:02:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/11/09 19:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Application Data\pchc
[2011/11/09 07:58:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Awesome\My Documents\My Videos
[2011/11/09 07:58:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/11/08 19:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Application Data\Malwarebytes
[2011/11/08 19:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/08 19:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/08 19:29:57 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/08 19:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/08 18:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Application Data\Logitech
[2011/11/08 18:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/11/08 18:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2011/11/08 18:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2011/11/08 18:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/11/08 17:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Camera Studio
[2011/11/08 17:55:59 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\WINDOWS\System32\tm20dec.ax
[2011/11/08 17:55:20 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\System32\PCDLIB32.DLL
[2011/11/08 17:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2011/11/08 17:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\WINDOWS
[2011/11/08 16:42:40 | 001,107,280 | ---- | C] (Alactro LLC) -- C:\Documents and Settings\Awesome\Desktop\BestVideoDownloaderSetup-TurboUpgrade.exe
[2011/11/08 16:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Local Settings\Application Data\Cooliris
[2011/11/08 15:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/11/08 15:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/11/08 15:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2011/11/08 15:28:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/11/08 15:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/11/08 15:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/11/08 15:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/11/08 15:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/11/08 15:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/11/08 15:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/11/08 15:13:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/11/08 15:13:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/11/08 13:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/11/08 13:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Application Data\vlc
[2011/11/08 12:48:12 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2011/11/08 12:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Application Data\QFX Software
[2011/11/08 12:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2011/11/08 12:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KeyScrambler
[2011/11/08 12:37:11 | 000,225,592 | ---- | C] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[2011/11/08 12:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2011/11/08 10:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/11/08 10:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/11/08 09:14:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AnvSoft
[2011/11/08 09:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2011/11/07 17:41:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/07 16:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/11/07 16:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Start Menu\Programs\Revo Uninstaller
[2011/11/07 09:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/11/07 09:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/11/07 09:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/07 09:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Local Settings\Application Data\Temp
[2011/11/07 09:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/11/07 09:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/11/07 09:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Local Settings\Application Data\Google
[2011/11/07 08:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\My Documents\Downloads
[2011/11/07 08:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Local Settings\Application Data\Mozilla
[2011/11/07 08:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Application Data\Mozilla
[2011/11/07 08:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/11/07 06:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\SigmaTel
[2011/11/07 06:19:07 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/11/07 06:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/11/07 06:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Desktop\WDM
[2011/11/07 06:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Desktop\HDAQFE
[2011/11/07 05:23:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/11/07 01:00:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/11/07 01:00:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/11/06 22:20:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/11/06 20:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Local Settings\Application Data\tjnet
[2011/11/06 20:19:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
[2011/11/06 20:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2011/11/06 20:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2011/11/06 20:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/11/06 20:15:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2011/11/06 20:13:23 | 061,667,872 | ---- | C] (COMODO) -- C:\Documents and Settings\Awesome\Desktop\cispremium_installer.exe
[2011/11/06 19:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AT&T
[2011/11/06 19:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\ATT-SST
[2011/11/06 19:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Local Settings\Application Data\magicJack
[2011/11/06 19:53:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/11/06 19:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Application Data\mjusbsp
[2011/11/06 19:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\ATT
[2011/11/06 19:13:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Awesome\IECompatCache
[2011/11/06 19:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Start Menu\Programs\att.net
[2011/11/06 19:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\att.net
[2011/11/06 19:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/11/06 19:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Local Settings\Application Data\ATTYToolbar
[2011/11/06 19:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATTYToolbar
[2011/11/06 19:08:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2011/11/06 19:08:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Application Data\Yahoo!
[2011/11/06 19:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/11/06 19:04:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Awesome\PrivacIE
[2011/11/06 18:24:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Awesome\IETldCache
[2011/11/06 18:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Application Data\Macromedia
[2011/11/06 17:38:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/11/06 17:37:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/11/06 17:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Application Data\Adobe
[2011/11/06 17:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Application Data\Motive
[2011/11/06 17:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\ATT-HSI
[2011/11/06 17:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2011/11/06 17:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2011/11/06 17:10:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/11/06 17:05:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2011/11/06 17:05:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/11/06 17:05:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/11/06 17:05:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/11/06 17:05:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/11/06 17:01:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/11/06 16:46:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/11/06 16:45:51 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/11/06 16:42:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2011/11/06 16:42:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2011/11/06 16:41:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/11/06 16:39:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/11/06 16:37:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/11/06 16:37:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/11/06 16:32:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/11/06 16:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Application Data\Identities
[2011/11/06 16:32:17 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/11/06 16:32:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Awesome\My Documents\My Pictures
[2011/11/06 16:32:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Awesome\My Documents\My Music
[2011/11/06 16:32:08 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Awesome\Application Data\Microsoft
[2011/11/06 16:32:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Awesome\SendTo
[2011/11/06 16:32:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Awesome\Recent
[2011/11/06 16:32:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Awesome\Application Data
[2011/11/06 16:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Awesome\Start Menu\Programs\Startup
[2011/11/06 16:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Awesome\Start Menu
[2011/11/06 16:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Awesome\My Documents
[2011/11/06 16:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Awesome\Favorites
[2011/11/06 16:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Awesome\Start Menu\Programs\Accessories
[2011/11/06 16:32:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Awesome\Cookies
[2011/11/06 16:32:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Awesome\Templates
[2011/11/06 16:32:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Awesome\PrintHood
[2011/11/06 16:32:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Awesome\NetHood
[2011/11/06 16:32:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Awesome\Local Settings
[2011/11/06 16:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Local Settings\Application Data\Microsoft
[2011/11/06 16:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Awesome\Desktop
[2011/11/06 16:30:39 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/11/06 16:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/11/06 16:30:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/11/06 16:30:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/11/06 16:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/11/06 16:24:18 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/11/06 16:24:18 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/11/06 16:23:16 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/11/06 16:23:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/11/06 16:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/11/06 16:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/11/06 16:22:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/11/06 16:22:01 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/11/06 16:22:01 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/11/06 16:21:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/11/06 16:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/11/06 16:20:31 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/11/06 16:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/11/06 16:20:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/11/06 16:20:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/11/06 16:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/11/06 16:20:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/11/06 16:20:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHealth
[2011/11/06 16:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/11/06 16:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/11/06 16:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/11/06 16:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/11/06 16:19:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/11/06 16:19:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/11/06 16:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/11/06 16:19:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/11/06 16:19:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/11/06 16:19:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/11/06 16:19:21 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/11/06 16:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/11/06 16:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/11/06 16:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/11/06 16:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/11/06 16:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/11/06 16:18:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/11/06 16:18:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/11/06 16:17:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/11/06 11:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/11/06 11:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/11/06 11:05:34 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/11/06 11:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/11/06 11:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/11/06 11:05:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/11/06 11:05:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/11/06 11:05:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/11/06 11:05:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/11/06 11:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/11/06 11:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/11/06 11:04:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/11/06 11:04:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/11/06 11:04:13 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/11/06 11:04:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/11/06 11:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/11/06 10:56:13 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/11/06 10:56:13 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/11/06 10:56:13 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/11/06 10:56:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/11/06 10:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/22 19:10:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Awesome\Desktop\OTL.exe
[2011/11/22 18:42:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/21 12:11:07 | 000,001,016 | ---- | M] () -- C:\Documents and Settings\Awesome\Desktop\magicJack.lnk
[2011/11/21 11:59:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/21 11:59:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/20 10:54:14 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Awesome\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/20 09:01:50 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/11/20 08:54:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Awesome\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/17 14:21:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/16 23:01:26 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/12 02:01:21 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/11 09:33:39 | 000,000,089 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts
[2011/11/11 09:26:37 | 074,021,089 | ---- | M] () -- C:\Documents and Settings\Awesome\Desktop\InstaLAN_Belkin_402_F7D5301.exe
[2011/11/09 07:58:24 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Awesome\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/08 19:30:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/08 18:13:59 | 000,001,681 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2011/11/08 18:13:09 | 000,001,501 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011/11/08 18:07:29 | 000,311,936 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/08 18:07:29 | 000,040,340 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/08 17:56:04 | 000,000,168 | ---- | M] () -- C:\WINDOWS\videoimp.ini
[2011/11/08 17:55:53 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/11/08 17:55:53 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/11/08 16:43:22 | 001,107,280 | ---- | M] (Alactro LLC) -- C:\Documents and Settings\Awesome\Desktop\BestVideoDownloaderSetup-TurboUpgrade.exe
[2011/11/08 15:48:27 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/08 15:13:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/11/08 13:16:31 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Awesome\Desktop\Shortcut to KeyScrambler_Setup(1).lnk
[2011/11/08 10:29:34 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/11/08 09:14:31 | 000,000,889 | ---- | M] () -- C:\Documents and Settings\Awesome\Desktop\Any Video Converter.lnk
[2011/11/08 06:20:22 | 000,171,296 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/11/07 17:21:03 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/11/07 16:51:27 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Awesome\Desktop\Revo Uninstaller.lnk
[2011/11/07 09:07:18 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/07 08:12:57 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Awesome\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/07 08:12:57 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Awesome\Desktop\Mozilla Firefox.lnk
[2011/11/07 08:12:57 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/07 06:18:40 | 007,518,568 | ---- | M] () -- C:\Documents and Settings\Awesome\Desktop\R132395.EXE
[2011/11/06 20:16:18 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2011/11/06 20:15:17 | 061,667,872 | ---- | M] (COMODO) -- C:\Documents and Settings\Awesome\Desktop\cispremium_installer.exe
[2011/11/06 19:56:46 | 000,001,944 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AT&T Troubleshoot & Resolve Tool.lnk
[2011/11/06 19:10:55 | 000,000,155 | ---- | M] () -- C:\Documents and Settings\Awesome\Desktop\AT&T Internet.url
[2011/11/06 19:10:50 | 000,000,157 | ---- | M] () -- C:\Documents and Settings\Awesome\Desktop\AT&T Webmail.url
[2011/11/06 17:14:35 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/11/06 17:01:41 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/11/06 16:43:15 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/11/06 16:39:44 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/11/06 16:32:24 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Awesome\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/06 16:32:21 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2011/11/06 16:27:46 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/11/06 16:24:41 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/11/06 16:22:48 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/11/06 16:22:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/11/06 16:22:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/11/06 16:22:48 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/11/06 16:22:48 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/11/06 16:22:46 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2011/11/06 16:22:41 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/06 16:19:51 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/20 08:57:50 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/11/20 08:57:49 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/16 23:01:26 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/16 21:43:32 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/16 21:43:18 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/11/16 15:44:33 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Awesome\Desktop\Mozilla Firefox.lnk
[2011/11/15 10:48:57 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Awesome\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/14 12:06:32 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Awesome\Start Menu\Programs\Outlook Express.lnk
[2011/11/11 09:33:39 | 000,000,089 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\lmhosts
[2011/11/11 08:39:04 | 074,021,089 | ---- | C] () -- C:\Documents and Settings\Awesome\Desktop\InstaLAN_Belkin_402_F7D5301.exe
[2011/11/08 19:30:10 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/08 18:13:59 | 000,001,681 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2011/11/08 18:13:09 | 000,001,501 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011/11/08 18:07:01 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2011/11/08 18:07:01 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2011/11/08 18:07:01 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2011/11/08 18:07:00 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2011/11/08 18:07:00 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2011/11/08 18:07:00 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2011/11/08 18:07:00 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2011/11/08 18:07:00 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2011/11/08 18:07:00 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2011/11/08 18:07:00 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2011/11/08 18:06:59 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2011/11/08 18:06:58 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2011/11/08 18:06:57 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2011/11/08 18:06:57 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2011/11/08 18:06:56 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2011/11/08 18:06:56 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2011/11/08 18:06:56 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2011/11/08 17:56:04 | 000,000,168 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2011/11/08 17:55:40 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2011/11/08 17:55:40 | 000,005,672 | ---- | C] () -- C:\WINDOWS\System32\quartz.vxd
[2011/11/08 17:55:17 | 000,000,021 | ---- | C] () -- C:\WINDOWS\vi_setup.ini
[2011/11/08 15:13:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/11/08 15:07:46 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/11/08 14:40:44 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Awesome\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/08 14:40:44 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Awesome\Start Menu\Programs\Windows Media Player.lnk
[2011/11/08 14:40:32 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Awesome\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/08 14:40:31 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Awesome\Start Menu\Programs\Internet Explorer.lnk
[2011/11/08 13:16:31 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Awesome\Desktop\Shortcut to KeyScrambler_Setup(1).lnk
[2011/11/08 10:29:34 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/11/08 09:14:31 | 000,000,889 | ---- | C] () -- C:\Documents and Settings\Awesome\Desktop\Any Video Converter.lnk
[2011/11/07 17:21:04 | 000,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2011/11/07 16:51:27 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Awesome\Desktop\Revo Uninstaller.lnk
[2011/11/07 11:36:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/07 09:07:18 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/07 08:12:57 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Awesome\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/07 08:12:57 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/07 08:12:56 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/07 06:19:00 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\Awesome\Desktop\layout.bin
[2011/11/07 06:18:32 | 007,518,568 | ---- | C] () -- C:\Documents and Settings\Awesome\Desktop\R132395.EXE
[2011/11/06 20:19:42 | 000,171,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/11/06 20:16:18 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2011/11/06 19:56:46 | 000,001,944 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AT&T Troubleshoot & Resolve Tool.lnk
[2011/11/06 19:52:57 | 000,001,022 | ---- | C] () -- C:\Documents and Settings\Awesome\Start Menu\Programs\magicJack.lnk
[2011/11/06 19:52:57 | 000,001,016 | ---- | C] () -- C:\Documents and Settings\Awesome\Desktop\magicJack.lnk
[2011/11/06 19:10:55 | 000,000,155 | ---- | C] () -- C:\Documents and Settings\Awesome\Desktop\AT&T Internet.url
[2011/11/06 19:10:50 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\Awesome\Desktop\AT&T Webmail.url
[2011/11/06 17:05:43 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/11/06 17:05:43 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/11/06 17:05:43 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/11/06 17:05:42 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/11/06 17:05:42 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/11/06 17:05:42 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/11/06 17:05:42 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/11/06 17:05:42 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/11/06 17:05:42 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/11/06 17:05:42 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/11/06 17:05:42 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/11/06 17:05:42 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/11/06 17:05:42 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/11/06 17:05:42 | 000,069,612 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/11/06 17:05:42 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2011/11/06 17:05:42 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011/11/06 17:05:42 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011/11/06 17:05:42 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/11/06 17:05:42 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/11/06 17:05:42 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/11/06 17:05:42 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/11/06 17:05:42 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/11/06 17:05:42 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/11/06 17:05:42 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/11/06 17:05:42 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/11/06 17:05:42 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/11/06 17:05:42 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/11/06 17:05:42 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/11/06 17:05:41 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/11/06 17:05:41 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/11/06 17:05:41 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/11/06 17:05:41 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/11/06 17:05:41 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2011/11/06 17:05:41 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/11/06 17:05:41 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/11/06 17:05:41 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/11/06 17:05:41 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/11/06 17:05:41 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/11/06 17:05:41 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/11/06 17:05:41 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/11/06 17:05:41 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/11/06 17:05:41 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/11/06 17:05:41 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2011/11/06 17:05:41 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2011/11/06 17:05:41 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2011/11/06 17:05:41 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2011/11/06 17:05:41 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2011/11/06 17:05:41 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/11/06 17:05:41 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/11/06 17:05:41 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/11/06 17:05:41 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/11/06 17:05:41 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2011/11/06 17:05:41 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011/11/06 17:05:41 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2011/11/06 17:05:41 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2011/11/06 17:05:41 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2011/11/06 17:05:41 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011/11/06 17:05:41 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2011/11/06 17:05:41 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2011/11/06 17:05:41 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2011/11/06 17:05:41 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2011/11/06 17:05:41 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2011/11/06 17:05:41 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2011/11/06 17:05:41 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/11/06 17:05:40 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/11/06 17:05:40 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/11/06 17:05:40 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2011/11/06 17:05:40 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/11/06 17:05:40 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/11/06 17:05:40 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011/11/06 17:05:40 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/11/06 17:05:40 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/11/06 17:05:40 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/11/06 17:05:40 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/11/06 17:05:40 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/11/06 17:05:40 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/11/06 17:05:40 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/11/06 17:05:40 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/11/06 17:05:40 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/11/06 17:05:39 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/11/06 17:03:17 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2011/11/06 17:03:14 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2011/11/06 17:03:14 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2011/11/06 16:43:04 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/11/06 16:42:39 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/11/06 16:42:39 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/11/06 16:42:38 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/11/06 16:42:35 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax
[2011/11/06 16:32:24 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Awesome\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/06 16:32:08 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Awesome\Start Menu\Programs\Remote Assistance.lnk
[2011/11/06 16:27:46 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/11/06 16:24:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/06 16:24:13 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/11/06 16:24:00 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/11/06 16:23:55 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/11/06 16:23:54 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/11/06 16:23:51 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/11/06 16:23:38 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/11/06 16:23:31 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/11/06 16:23:20 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/11/06 16:22:48 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/11/06 16:22:48 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/11/06 16:22:48 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/11/06 16:22:48 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/11/06 16:22:48 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/11/06 16:22:47 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2011/11/06 16:22:47 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/11/06 16:22:47 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/11/06 16:22:46 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2011/11/06 16:21:43 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/11/06 16:20:49 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/11/06 16:20:49 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/11/06 16:20:41 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/11/06 16:19:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/06 16:18:50 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/11/06 16:18:50 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/11/06 16:18:50 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/11/06 16:18:50 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/11/06 16:18:49 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/11/06 16:18:49 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/11/06 16:18:49 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/11/06 16:18:49 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/11/06 16:18:49 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/11/06 16:18:49 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/11/06 16:18:49 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/11/06 16:18:45 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/11/06 16:18:44 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/11/06 16:18:42 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/11/06 16:18:29 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/11/06 11:05:43 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/11/06 11:05:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/06 11:05:37 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2011/11/06 11:05:36 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011/11/06 11:05:36 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2011/11/06 11:05:35 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011/11/06 11:05:12 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/11/06 11:04:29 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/11/06 11:04:29 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/11/06 11:04:29 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/11/06 11:04:29 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/11/06 11:04:29 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/11/06 11:04:29 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/11/06 11:03:49 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/06 11:02:56 | 000,000,211 | RHS- | C] () -- C:\boot.ini
[2011/11/06 11:02:54 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 07:00:00 | 000,311,936 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 07:00:00 | 000,040,340 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/11/11 09:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2011/11/08 15:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTYToolbar
[2011/11/06 19:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/11/08 12:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2011/11/16 21:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/11/20 10:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Awesome\Application Data\AnvSoft
[2011/11/21 12:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Awesome\Application Data\mjusbsp
[2011/11/09 19:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Awesome\Application Data\pchc
[2011/11/08 12:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Awesome\Application Data\QFX Software

========== Purity Check ==========



< End of report >

Thank you so very much for all your help and for taking the time to review and help me. Happy Thanksgiving everyone!
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello XMari123 and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please be noticed that I'm not familiar with hacking methods BUT I can make sure you don't have any type of malware, keylogger etc. on your system.


First....

Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.

Second....
Please find another, clean, PC (family, friends etc. just not the one in your own house) and change all your password for e-mail, forums, web pages.

Step 2

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 3

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 4

Please don't forget to include these items in your reply:

  • VRT log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#3
XMari123

XMari123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you so much maliprog for your suggestions. I am going to find a secure, clean, infection free computer hopefully from a family member and/or the library. Hopefully the library will at least be opened on "Black Friday", if not, I will find one somewhere and begin the cleaning process and promptly report any logs/findings immediately to you. I know you don't want any attachments but as I said in my previous post, the info I have gathered from this program (Calvarylog) is what it's called, will be more than happy to send to you if you need me to :thumbsup:

Once again, Thank You for all of your help! I'm in your debt! Your a gem!
Happy Turkey Day guys :cheers:
Mari
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi XMari123,

I forget to ask you that log. Can you ZIP it and attach it so I can see what are we dealing with.
  • 0

#5
XMari123

XMari123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi there :) I'd be glad to zip it for you. I'm not 100% certain but with the name CalvaryLogger, I'm pretty sure this is a keylog program, but nonetheless, even it it isn't, I know for a fact I have a keylog idiot. Oh, as of now I have yet to find anyone with a clean computer, (all the comp at the library are down as of this morn) should I just go ahead with all that is instructed or just go ahead and wipe my entire drive again? I'm novic so I am treading as carfully as I can! TY :)
Hope you had a great Turkey day :)
Mari
  • 0

#6
XMari123

XMari123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OOPS, sorry bout that, here is the zipped file :) TY so very much!
Mari

Attached Files


  • 0

#7
XMari123

XMari123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Oh goodie, I did something wrong b/c all the info I sent you looked like a ton of the-----> 39487987093476&*&&^^^&&
and so forth. I am a newbie to zipping things so I will go re-read the instruction on how to zip correctly and I'll send it as soon as I can watch the tutorial :) Forgive my ignorance :rolleyes:
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi XMari123,

CalvaryLogger is not malware. It's JavaScript script and does some work for Facebook Like button on web pages. When you click Like button this script is activated.

You can continue with the steps but change your passwords as soon as possible on clean PC.
  • 0

#9
XMari123

XMari123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Whew!!! OK, that's good to know. I guess you can say I have a bit of paranoia from all of the [bleep] I've been through with this person!! I'm still working on finding a clean PC but it's not that easy! Seems someone always has "something" on their computer! I'll find a clean one and do as you said :)

Thank you so much for taking a look at things for me :) I really, really appreciate it! You guys/gals should get paid for the work you do and for helping others! You rock! :thumbsup:
Mari ;)
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts

Thank you so much for taking a look at things for me :) I really, really appreciate it! You guys/gals should get paid for the work you do and for helping others! You rock! :thumbsup:
Mari ;)


Thank you for your kind words. As I sad, you can continue with the steps and post logs after the scans.
  • 0

#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP