Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win 7 Security 2012 virus help, please? (possibly something else?) [Cl


  • This topic is locked This topic is locked

#1
JMeg

JMeg

    New Member

  • Member
  • Pip
  • 1 posts
Hello! I'm sorry to have to come to you guys again, but in the past you've been the best help I've ever gotten for viruses. Unfortunately, this may be the worst virus I've ever gotten, and I apologize in advance for all the reading, but I want to be as clear as possible.

My memories are pretty fuzzy on the beginnings of this virus. I only know my problems started early December, I thought I'd resolved them, and then they came back.

When I started up my computer, it immediately acted funny. I got a security pop-up. Unfortunately, I can't remember exactly what it was called (or even what it said) (EDIT: by checking with a friend, I was able to find out that the pop up called itself Windows Command Processor), but it looked like a legit Windows sort of pop-up and it was asking me to run it. For some reason, I had a bad feeling about it, so I clicked No. Instead of closing, it just stayed open as if I hadn't clicked anything. Eventually I got to a point where it was minimized but still blinking at the bottom of the screen. I work from my computer, and had a big project going on all through December, so I chose to ignore it since it didn't seem to be doing anything and I knew not to click Yes.

I must've downloaded MalwareBytes in this time, though I can't say for sure what I did, but I guess I thought I was okay. Oh! I downloaded Autoruns, because the warning was happening at startup! Okay, yes. I ran autoruns and was able to make the security pop-up stop happening.

A few days later is when it became a problem. I was browsing the internet when suddenly Firefox crashed. A program popped up called Win 7 Security 2012, and it showed that it was scanning like a legit virus scanner would do. I tried to bring up Firefox, but every url --even the homepage-- was blocked with a warning that said something like "This webpage may harm your computer." I couldn't bring up any program. The only thing that would run was MalwareBytes, so I ran it and did a quick scan. It found a trojan and some spyware.

This is part of that log:

Files Infected:
c:\Users\Jill\AppData\Roaming\Abbi\xyub.exe (Trojan.Zbot.CBCGen) -> Quarantined and deleted successfully.
c:\program files\Softwrap.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

I ran three more scans after that to be sure, and nothing else came up. I think, unfortunately, that I ran quick scans instead of full ones (and I did another the next day, also clean.) Again, thought I was safe. For about a week, I think I was. Admittedly, I haven't had a problem similar to this since, nor have I had fake security pop-ups, so I don't know for sure if this next part is related to that virus.

I started noticing that if I searched google for something and clicked a link, I would get sent somewhere else. Not every search, though, just searches related specifically to computer help. Since that was happening, I couldn't actually find info on how to fix it, since I would always get redirected (I just now saw that you guys have a guide for that, but I figured I'd make this topic first since the problem may be worse than that.)

After that, links on the site I work for also started getting redirected. Then the pop ups began. Four of them in a separate Firefox window, though the links didn't work (they all came up errors instead of actually loading a site.) After that, I started hearing ads on my computer without a browser up at all. The first was a gun ad that kept repeating. I couldn't find where it was coming from at all. I've since had three others and still not found them, just had to wait for them to stop.

I downloaded SUPERAntiSpyware and did a quick scan with it. It found a ton of adware after two scans. On the third, it came up clean. Then I ran a complete scan and it found even more than the previous two. (I downloaded SpywareGuard as well, but I can't get it to open, so I haven't done anything with it. Not sure if that's virus related or user-incompetence related.)

I should note that I can't get my computer to run in Safe Mode by pressing f8. That just isn't an option when I press f8. The only way I've found to do it is to run msconfig and then click the Boot tab and click the box for Safe Boot. I've done that and run both MalwareBytes and SUPERAntiSpyware in Safe Mode (complete scan, multiple times) and I'm still getting pop-ups and redirects. I figured at this point, since I'm still busy with work, that I'll just deal with it and not check my bank information on this computer.

However, today my parents received an e-mail from Comcast that says one of our computer might be infected with a bot. I'm still not sure if this was a well-timed marketing e-mail or legit, but I can't deny that our usage for December is at least double what it was in September and November (and also close to the limit.)

I'm just not sure what to do at this point, since I'll run MB and SAS and they'll say they removed stuff, but the problems keep coming back (though I haven't had any pop-ups today, strangely.) I was able to get to another site that said if I couldn't get Windows updates, I'd have to wipe the computer. I do indeed get an error when trying to install new updates. I don't want to wipe my computer, but if it comes to that, I suppose I'll have to. That's why I'm writing. If anyone can salvage it, you guys can (and if you can't, then I'll know for sure just how bad this thing was.) Thank you SO much for any help you can give me.

Here now are my OTL logs:

OTL logfile created on: 1/4/2012 2:17:15 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jill\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.91 Gb Available Physical Memory | 73.94% Memory free
16.00 Gb Paging File | 13.75 Gb Available in Paging File | 85.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 552.87 Gb Free Space | 59.36% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: ARTIE-II | User Name: Jill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/04 13:51:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jill\Desktop\OTL.exe
PRC - [2011/12/24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/12/17 03:16:28 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/12/12 23:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Jill\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/11/08 18:37:14 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/21 16:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
PRC - [2011/08/15 16:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/05/25 12:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jill\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/03/23 23:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe
PRC - [2010/10/29 13:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/12/17 12:54:40 | 001,795,488 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2009/06/05 12:12:44 | 000,315,392 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/15 12:32:52 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/08 18:37:14 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/13 17:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 17:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 15:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/06/27 14:52:00 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/06/27 11:44:46 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/24 11:25:32 | 005,521,192 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2011/12/13 19:21:53 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/12/13 13:58:50 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/09/21 16:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2011/08/15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/15 14:07:17 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 12:12:44 | 000,315,392 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/10 17:41:53 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/09/21 16:35:58 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/27 12:30:40 | 009,883,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/06/27 12:30:40 | 009,883,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/27 11:02:32 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/02 15:48:16 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/27 15:06:34 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009/08/21 23:25:17 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/21 23:25:17 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2009/08/21 23:25:17 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/08/21 23:25:17 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/08/21 23:25:17 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/08/17 18:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/30 15:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 05:00:00 | 000,116,752 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/10 12:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/07/05 01:58:36 | 001,041,920 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxu6.sys -- (athrusb6)
DRV:64bit: - [2007/02/16 10:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/02/15 15:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV:64bit: - [2006/11/01 02:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/02/03 01:00:00 | 001,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100303.005\EX64.SYS -- (NAVEX15)
DRV - [2010/02/03 01:00:00 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100303.005\ENG64.SYS -- (NAVENG)
DRV - [2009/12/02 10:52:02 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/12/02 10:52:02 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/10/28 14:37:21 | 000,466,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Jill\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jill\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\BYOND: C:\Program Files (x86)\BYOND\bin\npbyond.dll (BYOND)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/11 12:23:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/17 03:16:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/17 03:16:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/17 03:16:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Jill\AppData\Roaming\Move Networks [2011/04/17 17:23:48 | 000,000,000 | ---D | M]

[2009/12/02 15:56:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jill\AppData\Roaming\Mozilla\Extensions
[2011/12/22 15:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jill\AppData\Roaming\Mozilla\Firefox\Profiles\v1ql98aq.default\extensions
[2011/12/22 15:42:27 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Jill\AppData\Roaming\Mozilla\Firefox\Profiles\v1ql98aq.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/03/12 11:01:25 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Jill\AppData\Roaming\Mozilla\Firefox\Profiles\v1ql98aq.default\extensions\[email protected]
[2012/01/04 12:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/08 18:37:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/12/31 01:05:32 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/01 13:20:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/08 18:37:14 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gears.dll
CHR - plugin: BYOND stub plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files (x86)\Download Manager\npfpdlm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Jill\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Jill\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2011/12/16 04:38:53 | 000,001,398 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 66.197.194.231 www.google-analytics.com.
O1 - Hosts: 66.197.194.231 ad-emea.doubleclick.net.
O1 - Hosts: 66.197.194.231 www.statcounter.com.
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jill\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Jill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jill\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Jill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files (x86)\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D14DCAA0-3191-403A-96EA-D66C1F83B2BB}: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (EXPLORER.EXE) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/04 13:51:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jill\Desktop\OTL.exe
[2011/12/31 22:33:02 | 000,000,000 | ---D | C] -- C:\Users\Jill\Documents\Command & Conquer 3 Tiberium Wars
[2011/12/31 22:29:33 | 000,000,000 | ---D | C] -- C:\Users\Jill\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/12/31 19:55:14 | 000,000,000 | ---D | C] -- C:\Users\Jill\Documents\Command and Conquer 4
[2011/12/31 19:49:31 | 000,000,000 | ---D | C] -- C:\Users\Jill\AppData\Roaming\Command and Conquer 4
[2011/12/31 19:49:29 | 000,000,000 | ---D | C] -- C:\Users\Jill\AppData\Local\Electronic_Arts_Inc
[2011/12/28 00:39:02 | 000,000,000 | ---D | C] -- C:\Users\Jill\AppData\Local\SWTOR
[2011/12/28 00:39:00 | 000,000,000 | ---D | C] -- C:\Users\Jill\Documents\HeroBlade Logs
[2011/12/27 21:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2011/12/22 15:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/12/22 15:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2011/12/17 03:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2011/12/17 03:16:28 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2011/12/17 03:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/12/16 07:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/12/16 07:40:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/12/16 07:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/12/16 07:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/12/16 07:38:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/12/16 04:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\gB28300OkJfE28300
[2011/12/15 21:36:18 | 000,000,000 | ---D | C] -- C:\Users\Jill\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/15 21:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/15 21:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/15 21:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/15 21:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareGuard
[2011/12/15 21:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareGuard
[2011/12/15 19:22:10 | 000,000,000 | ---D | C] -- C:\windows\system64
[2011/12/14 00:24:02 | 000,000,000 | ---D | C] -- C:\Users\Jill\AppData\Local\SCE
[2011/12/08 22:48:04 | 000,065,536 | ---- | C] (RenderSoft Software) -- C:\windows\SysNative\camcodec.dll
[2011/12/08 22:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
[2011/12/08 22:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio
[2011/12/07 19:03:47 | 000,000,000 | ---D | C] -- C:\Users\Jill\Documents\Ornaments
[2011/12/06 20:51:23 | 000,000,000 | ---D | C] -- C:\windows\pss
[2011/12/06 20:18:01 | 000,637,240 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Jill\Desktop\autoruns.exe
[2011/12/06 14:11:27 | 000,000,000 | ---D | C] -- C:\Users\Jill\AppData\Roaming\Malwarebytes
[2011/12/06 14:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/06 14:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/06 14:11:18 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/12/06 14:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2008/04/01 09:39:09 | 003,306,496 | ---- | C] (YoYo Games Ltd) -- C:\Program Files\Game_Maker.exe
[11 C:\Users\Jill\Documents\*.tmp files -> C:\Users\Jill\Documents\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2050/12/31 23:59:58 | 000,135,080 | ---- | M] () -- C:\Users\Jill\Documents\DSCF2035.JPG
[2012/01/04 14:18:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/04 14:01:46 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012/01/04 13:59:00 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At28.job
[2012/01/04 13:59:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At27.job
[2012/01/04 13:58:12 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/04 13:51:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jill\Desktop\OTL.exe
[2012/01/04 12:59:04 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 12:59:04 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 12:59:00 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At26.job
[2012/01/04 12:59:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At25.job
[2012/01/04 12:51:48 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/04 12:51:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/04 12:51:27 | 2146,783,231 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/04 04:24:53 | 003,280,255 | ---- | M] () -- C:\Users\Jill\Documents\pspbrwse.jbf
[2012/01/04 03:59:00 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At8.job
[2012/01/04 03:59:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At7.job
[2012/01/04 02:59:00 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At6.job
[2012/01/04 02:59:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At5.job
[2012/01/04 01:59:00 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At4.job
[2012/01/04 01:59:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At3.job
[2012/01/04 00:59:00 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At2.job
[2012/01/04 00:59:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At1.job
[2012/01/03 23:59:00 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At48.job
[2012/01/03 23:59:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At47.job
[2012/01/03 22:59:00 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At46.job
[2012/01/03 22:59:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At45.job
[2012/01/03 22:32:05 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At44.job
[2012/01/03 22:32:05 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At42.job
[2012/01/03 22:32:05 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At43.job
[2012/01/03 22:32:05 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At41.job
[2012/01/03 19:59:00 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At40.job
[2012/01/03 19:59:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At39.job
[2012/01/03 18:59:00 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At38.job
[2012/01/03 18:59:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At37.job
[2012/01/03 18:02:51 | 000,036,260 | ---- | M] () -- C:\Users\Jill\Documents\littlebamftigrean.png
[2012/01/03 18:02:03 | 000,011,600 | ---- | M] () -- C:\Users\Jill\Documents\tigrean1.gif
[2012/01/03 17:59:00 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At36.job
[2012/01/03 17:59:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At35.job
[2012/01/03 17:57:48 | 000,111,171 | ---- | M] () -- C:\Users\Jill\Documents\bamftigreanredraw.png
[2012/01/03 16:59:00 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At34.job
[2012/01/03 16:59:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At33.job
[2012/01/03 16:37:17 | 000,106,927 | ---- | M] () -- C:\Users\Jill\Documents\bamftigrean.png
[2012/01/03 16:36:49 | 000,056,105 | ---- | M] () -- C:\Users\Jill\Documents\morelikeacow.png
[2012/01/03 15:59:00 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At32.job
[2012/01/03 15:59:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At31.job
[2012/01/03 14:59:00 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At30.job
[2012/01/03 14:59:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At29.job
[2012/01/03 13:57:30 | 000,002,516 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/01/02 02:34:18 | 000,007,220 | ---- | M] () -- C:\Users\Jill\Documents\dress2.png
[2012/01/01 04:59:00 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At10.job
[2012/01/01 04:59:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At9.job
[2011/12/31 21:57:56 | 000,000,221 | ---- | M] () -- C:\Users\Jill\Desktop\Command and Conquer 3 Tiberium Wars.url
[2011/12/30 11:59:00 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At24.job
[2011/12/30 11:59:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At23.job
[2011/12/30 10:59:00 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At22.job
[2011/12/30 10:59:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At21.job
[2011/12/30 09:59:01 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At20.job
[2011/12/30 09:59:01 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At19.job
[2011/12/30 09:43:46 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At18.job
[2011/12/30 09:43:46 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At16.job
[2011/12/30 09:43:46 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At14.job
[2011/12/30 09:43:46 | 000,000,354 | ---- | M] () -- C:\windows\tasks\At12.job
[2011/12/30 09:43:46 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At17.job
[2011/12/30 09:43:46 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At15.job
[2011/12/30 09:43:46 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At13.job
[2011/12/30 09:43:46 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At11.job
[2011/12/27 21:01:57 | 000,001,455 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/12/27 20:35:04 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/26 16:53:56 | 000,409,737 | ---- | M] () -- C:\Users\Jill\Documents\birdhand.gif
[2011/12/24 19:29:31 | 000,003,802 | ---- | M] () -- C:\Users\Jill\Documents\toy_instruction_rreign.gif
[2011/12/24 19:19:43 | 000,004,011 | ---- | M] () -- C:\Users\Jill\Documents\toy_nostalgic_rreign.gif
[2011/12/24 16:58:45 | 000,054,386 | ---- | M] () -- C:\Users\Jill\Documents\rreign_nostalgia.png
[2011/12/24 16:14:19 | 000,054,518 | ---- | M] () -- C:\Users\Jill\Documents\nostalgiarreign2small.png
[2011/12/24 16:13:58 | 000,170,507 | ---- | M] () -- C:\Users\Jill\Documents\nostalgiarreign2.png
[2011/12/23 20:50:57 | 001,822,063 | ---- | M] () -- C:\Users\Jill\Documents\theydontlineupforsrs.gif
[2011/12/23 20:44:13 | 000,021,044 | ---- | M] () -- C:\Users\Jill\Documents\theydontlineup.png
[2011/12/21 23:26:58 | 000,056,689 | ---- | M] () -- C:\Users\Jill\Documents\littlereigncolors.png
[2011/12/21 23:26:26 | 000,182,113 | ---- | M] () -- C:\Users\Jill\Documents\rreigncolors.png
[2011/12/21 00:31:19 | 000,034,229 | ---- | M] () -- C:\Users\Jill\Documents\smnsrreign.png
[2011/12/21 00:30:59 | 000,089,474 | ---- | M] () -- C:\Users\Jill\Documents\lgnsrreign.png
[2011/12/20 19:36:19 | 000,023,080 | ---- | M] () -- C:\Users\Jill\Documents\littlenosrreign.gif
[2011/12/20 19:36:03 | 000,115,413 | ---- | M] () -- C:\Users\Jill\Documents\nostalgiarreignsketch.png
[2011/12/20 17:41:13 | 000,047,188 | ---- | M] () -- C:\Users\Jill\Documents\nostalgiarreign.gif
[2011/12/18 21:19:45 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/17 04:11:57 | 004,255,889 | ---- | M] () -- C:\Users\Jill\Documents\tree2.psd
[2011/12/17 03:16:53 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/12/17 03:16:28 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2011/12/16 16:31:44 | 000,376,596 | ---- | M] () -- C:\Users\Jill\Documents\baubleexamples.png
[2011/12/16 08:41:52 | 004,550,871 | ---- | M] () -- C:\Users\Jill\Documents\tree2_bak.psd
[2011/12/16 04:38:53 | 000,001,398 | RHS- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2011/12/16 04:28:29 | 000,000,112 | ---- | M] () -- C:\ProgramData\I6KSBiaM.dat
[2011/12/16 04:28:29 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\nvisX4GKI.com.b
[2011/12/16 02:00:37 | 000,165,504 | ---- | M] () -- C:\Users\Jill\Documents\tree_fairgrounds.png
[2011/12/16 02:00:12 | 000,146,013 | ---- | M] () -- C:\Users\Jill\Documents\tree_delphi.png
[2011/12/15 23:04:30 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/15 21:33:33 | 000,000,993 | ---- | M] () -- C:\Users\Jill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/12/15 21:33:33 | 000,000,957 | ---- | M] () -- C:\Users\Jill\Desktop\SpywareGuard.lnk
[2011/12/15 19:40:30 | 000,013,090 | -HS- | M] () -- C:\Users\Jill\AppData\Local\n4yx65t6gq3yeh
[2011/12/15 19:40:30 | 000,013,090 | -HS- | M] () -- C:\ProgramData\n4yx65t6gq3yeh
[2011/12/15 03:20:47 | 000,431,000 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/12/15 01:13:41 | 000,045,072 | ---- | M] () -- C:\Users\Jill\Documents\lights_luminievelightswhite.png
[2011/12/15 01:12:50 | 000,045,047 | ---- | M] () -- C:\Users\Jill\Documents\lights_luminievelightsgreen.png
[2011/12/14 01:59:48 | 000,002,547 | ---- | M] () -- C:\Users\Public\Desktop\Empire Earth - The Art of Conquest.lnk
[2011/12/14 01:59:48 | 000,002,381 | ---- | M] () -- C:\Users\Public\Desktop\Empire Earth.lnk
[2011/12/13 16:26:50 | 000,157,683 | ---- | M] () -- C:\Users\Jill\Documents\driftwood.png
[2011/12/12 20:05:41 | 000,131,573 | ---- | M] () -- C:\Users\Jill\Documents\treepoints.png
[2011/12/11 18:23:28 | 000,029,257 | ---- | M] () -- C:\Users\Jill\Documents\hikeiredline.gif
[2011/12/11 18:21:49 | 000,342,890 | ---- | M] () -- C:\Users\Jill\Documents\hikeiredline.PSD
[2011/12/11 04:32:22 | 000,024,967 | ---- | M] () -- C:\Users\Jill\Documents\dullhair.png
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/12/09 21:16:00 | 000,099,126 | ---- | M] () -- C:\Users\Jill\Documents\khajiit.psp
[2011/12/09 18:22:51 | 000,176,069 | ---- | M] () -- C:\Users\Jill\Documents\customitemstages.png
[2011/12/09 15:04:26 | 000,048,544 | ---- | M] () -- C:\Users\Jill\Documents\wigtestitem.psp
[2011/12/09 01:52:25 | 000,009,483 | ---- | M] () -- C:\Users\Jill\Documents\b_head_wigtest.png
[2011/12/08 22:43:29 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2011/12/08 17:49:31 | 000,052,167 | ---- | M] () -- C:\Users\Jill\Documents\tardis.png
[2011/12/08 17:49:27 | 000,019,709 | ---- | M] () -- C:\Users\Jill\Documents\spacetardis.png
[2011/12/08 02:31:20 | 000,031,708 | ---- | M] () -- C:\Users\Jill\Documents\anothergift.psp
[2011/12/07 21:28:59 | 000,021,753 | ---- | M] () -- C:\Users\Jill\Documents\nicegiftmessage.psp
[2011/12/07 19:25:56 | 000,037,533 | ---- | M] () -- C:\Users\Jill\Documents\lineexample.png
[2011/12/06 22:56:18 | 000,779,266 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/12/06 22:56:18 | 000,660,280 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/12/06 22:56:18 | 000,121,208 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[11 C:\Users\Jill\Documents\*.tmp files -> C:\Users\Jill\Documents\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/04 13:58:12 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/03 18:02:51 | 000,036,260 | ---- | C] () -- C:\Users\Jill\Documents\littlebamftigrean.png
[2012/01/03 18:02:02 | 000,011,600 | ---- | C] () -- C:\Users\Jill\Documents\tigrean1.gif
[2012/01/03 17:57:48 | 000,111,171 | ---- | C] () -- C:\Users\Jill\Documents\bamftigreanredraw.png
[2012/01/03 16:37:17 | 000,106,927 | ---- | C] () -- C:\Users\Jill\Documents\bamftigrean.png
[2012/01/03 16:36:49 | 000,056,105 | ---- | C] () -- C:\Users\Jill\Documents\morelikeacow.png
[2012/01/02 02:34:18 | 000,007,220 | ---- | C] () -- C:\Users\Jill\Documents\dress2.png
[2011/12/31 21:57:56 | 000,000,221 | ---- | C] () -- C:\Users\Jill\Desktop\Command and Conquer 3 Tiberium Wars.url
[2011/12/27 21:01:57 | 000,001,455 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/12/26 16:53:56 | 000,409,737 | ---- | C] () -- C:\Users\Jill\Documents\birdhand.gif
[2011/12/24 19:19:43 | 000,004,011 | ---- | C] () -- C:\Users\Jill\Documents\toy_nostalgic_rreign.gif
[2011/12/24 19:19:22 | 000,003,802 | ---- | C] () -- C:\Users\Jill\Documents\toy_instruction_rreign.gif
[2011/12/24 16:58:45 | 000,054,386 | ---- | C] () -- C:\Users\Jill\Documents\rreign_nostalgia.png
[2011/12/24 15:54:38 | 000,054,518 | ---- | C] () -- C:\Users\Jill\Documents\nostalgiarreign2small.png
[2011/12/24 15:54:13 | 000,170,507 | ---- | C] () -- C:\Users\Jill\Documents\nostalgiarreign2.png
[2011/12/23 20:50:57 | 001,822,063 | ---- | C] () -- C:\Users\Jill\Documents\theydontlineupforsrs.gif
[2011/12/23 20:44:13 | 000,021,044 | ---- | C] () -- C:\Users\Jill\Documents\theydontlineup.png
[2011/12/22 16:53:25 | 000,135,080 | ---- | C] () -- C:\Users\Jill\Documents\DSCF2035.JPG
[2011/12/21 23:26:58 | 000,056,689 | ---- | C] () -- C:\Users\Jill\Documents\littlereigncolors.png
[2011/12/21 23:26:26 | 000,182,113 | ---- | C] () -- C:\Users\Jill\Documents\rreigncolors.png
[2011/12/21 00:31:18 | 000,034,229 | ---- | C] () -- C:\Users\Jill\Documents\smnsrreign.png
[2011/12/21 00:30:59 | 000,089,474 | ---- | C] () -- C:\Users\Jill\Documents\lgnsrreign.png
[2011/12/20 19:36:19 | 000,023,080 | ---- | C] () -- C:\Users\Jill\Documents\littlenosrreign.gif
[2011/12/20 19:36:03 | 000,115,413 | ---- | C] () -- C:\Users\Jill\Documents\nostalgiarreignsketch.png
[2011/12/20 17:41:12 | 000,047,188 | ---- | C] () -- C:\Users\Jill\Documents\nostalgiarreign.gif
[2011/12/17 03:16:53 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/12/16 16:31:44 | 000,376,596 | ---- | C] () -- C:\Users\Jill\Documents\baubleexamples.png
[2011/12/16 04:28:29 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\nvisX4GKI.com.b
[2011/12/16 04:26:25 | 000,000,112 | ---- | C] () -- C:\ProgramData\I6KSBiaM.dat
[2011/12/16 04:26:24 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At48.job
[2011/12/16 04:26:24 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At46.job
[2011/12/16 04:26:24 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At47.job
[2011/12/16 04:26:23 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At44.job
[2011/12/16 04:26:23 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At45.job
[2011/12/16 04:26:22 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At42.job
[2011/12/16 04:26:22 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At43.job
[2011/12/16 04:26:21 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At40.job
[2011/12/16 04:26:21 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At41.job
[2011/12/16 04:26:21 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At39.job
[2011/12/16 04:26:20 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At38.job
[2011/12/16 04:26:20 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At37.job
[2011/12/16 04:26:19 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At36.job
[2011/12/16 04:26:19 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At35.job
[2011/12/16 04:26:18 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At34.job
[2011/12/16 04:26:18 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At32.job
[2011/12/16 04:26:18 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At33.job
[2011/12/16 04:26:17 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At31.job
[2011/12/16 04:26:16 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At30.job
[2011/12/16 04:26:16 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At28.job
[2011/12/16 04:26:16 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At29.job
[2011/12/16 04:26:15 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At26.job
[2011/12/16 04:26:15 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At27.job
[2011/12/16 04:26:14 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At24.job
[2011/12/16 04:26:14 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At25.job
[2011/12/16 04:26:13 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At22.job
[2011/12/16 04:26:13 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At23.job
[2011/12/16 04:26:13 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At21.job
[2011/12/16 04:26:12 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At20.job
[2011/12/16 04:26:12 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At19.job
[2011/12/16 04:26:11 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At18.job
[2011/12/16 04:26:11 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At17.job
[2011/12/16 04:26:10 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At16.job
[2011/12/16 04:26:10 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At14.job
[2011/12/16 04:26:10 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At15.job
[2011/12/16 04:26:09 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At12.job
[2011/12/16 04:26:09 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At13.job
[2011/12/16 04:26:08 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At10.job
[2011/12/16 04:26:08 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At9.job
[2011/12/16 04:26:08 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At11.job
[2011/12/16 04:26:07 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At8.job
[2011/12/16 04:26:07 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At6.job
[2011/12/16 04:26:07 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At7.job
[2011/12/16 04:26:06 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At4.job
[2011/12/16 04:26:06 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At5.job
[2011/12/16 04:26:05 | 000,000,354 | ---- | C] () -- C:\windows\tasks\At2.job
[2011/12/16 04:26:05 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At3.job
[2011/12/16 04:26:04 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At1.job
[2011/12/15 21:35:51 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/15 21:33:33 | 000,000,993 | ---- | C] () -- C:\Users\Jill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/12/15 21:33:33 | 000,000,957 | ---- | C] () -- C:\Users\Jill\Desktop\SpywareGuard.lnk
[2011/12/15 19:29:55 | 004,550,871 | ---- | C] () -- C:\Users\Jill\Documents\tree2_bak.psd
[2011/12/15 19:29:55 | 004,255,889 | ---- | C] () -- C:\Users\Jill\Documents\tree2.psd
[2011/12/15 19:22:01 | 000,013,090 | -HS- | C] () -- C:\Users\Jill\AppData\Local\n4yx65t6gq3yeh
[2011/12/15 19:22:01 | 000,013,090 | -HS- | C] () -- C:\ProgramData\n4yx65t6gq3yeh
[2011/12/15 06:23:39 | 000,165,504 | ---- | C] () -- C:\Users\Jill\Documents\tree_fairgrounds.png
[2011/12/15 01:16:30 | 000,146,013 | ---- | C] () -- C:\Users\Jill\Documents\tree_delphi.png
[2011/12/15 01:13:41 | 000,045,072 | ---- | C] () -- C:\Users\Jill\Documents\lights_luminievelightswhite.png
[2011/12/15 01:12:49 | 000,045,047 | ---- | C] () -- C:\Users\Jill\Documents\lights_luminievelightsgreen.png
[2011/12/14 01:59:48 | 000,002,547 | ---- | C] () -- C:\Users\Public\Desktop\Empire Earth - The Art of Conquest.lnk
[2011/12/14 01:59:48 | 000,002,381 | ---- | C] () -- C:\Users\Public\Desktop\Empire Earth.lnk
[2011/12/13 16:26:50 | 000,157,683 | ---- | C] () -- C:\Users\Jill\Documents\driftwood.png
[2011/12/12 20:05:41 | 000,131,573 | ---- | C] () -- C:\Users\Jill\Documents\treepoints.png
[2011/12/11 18:23:28 | 000,029,257 | ---- | C] () -- C:\Users\Jill\Documents\hikeiredline.gif
[2011/12/11 18:21:49 | 000,342,890 | ---- | C] () -- C:\Users\Jill\Documents\hikeiredline.PSD
[2011/12/11 04:32:22 | 000,024,967 | ---- | C] () -- C:\Users\Jill\Documents\dullhair.png
[2011/12/09 21:16:00 | 000,099,126 | ---- | C] () -- C:\Users\Jill\Documents\khajiit.psp
[2011/12/09 18:22:51 | 000,176,069 | ---- | C] () -- C:\Users\Jill\Documents\customitemstages.png
[2011/12/09 04:14:59 | 000,048,544 | ---- | C] () -- C:\Users\Jill\Documents\wigtestitem.psp
[2011/12/09 01:52:25 | 000,009,483 | ---- | C] () -- C:\Users\Jill\Documents\b_head_wigtest.png
[2011/12/08 22:47:41 | 000,001,461 | ---- | C] () -- C:\windows\SysNative\drivers\camcodec.inf
[2011/12/08 22:43:29 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2011/12/08 17:49:27 | 000,019,709 | ---- | C] () -- C:\Users\Jill\Documents\spacetardis.png
[2011/12/08 17:29:51 | 000,052,167 | ---- | C] () -- C:\Users\Jill\Documents\tardis.png
[2011/12/08 02:31:20 | 000,031,708 | ---- | C] () -- C:\Users\Jill\Documents\anothergift.psp
[2011/12/07 21:28:59 | 000,021,753 | ---- | C] () -- C:\Users\Jill\Documents\nicegiftmessage.psp
[2011/12/07 19:25:56 | 000,037,533 | ---- | C] () -- C:\Users\Jill\Documents\lineexample.png
[2011/09/03 16:10:02 | 000,014,695 | ---- | C] () -- C:\windows\W3DemoUnin.dat
[2011/08/29 09:31:35 | 000,000,000 | ---- | C] () -- C:\Users\Jill\AppData\Local\{2633DB4D-35B4-4A24-AC22-A3C6BBDF01A9}
[2011/06/27 15:23:20 | 000,053,760 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011/05/11 14:09:29 | 000,772,990 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/03/17 09:51:44 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2010/09/25 21:44:05 | 000,100,762 | ---- | C] () -- C:\Program Files\Uninstal.exe
[2010/06/23 22:09:05 | 000,021,840 | ---- | C] () -- C:\windows\SysWow64\SIntfNT.dll
[2010/06/23 22:09:05 | 000,017,212 | ---- | C] () -- C:\windows\SysWow64\SIntf32.dll
[2010/06/23 22:09:05 | 000,012,067 | ---- | C] () -- C:\windows\SysWow64\SIntf16.dll
[2009/12/18 02:39:35 | 000,007,093 | ---- | C] () -- C:\Program Files\Game_Maker.sw2
[2009/12/02 17:20:50 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/12/02 17:20:50 | 000,000,088 | RHS- | C] () -- C:\ProgramData\EBEF76B271.sys
[2009/10/20 16:04:00 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/07/01 13:19:26 | 001,406,987 | ---- | C] () -- C:\Program Files\Game_Maker.chm
[2009/06/28 08:27:16 | 000,013,839 | ---- | C] () -- C:\Program Files\gm_license.html
[2009/06/28 08:27:16 | 000,011,219 | ---- | C] () -- C:\Program Files\gm_changes.html
[2009/06/28 08:27:16 | 000,003,243 | ---- | C] () -- C:\Program Files\gm_readme.html
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2008/12/01 18:32:32 | 000,362,029 | ---- | C] () -- C:\windows\SysWow64\sqlite3.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelFrench.dll
[2008/04/01 09:39:39 | 000,041,548 | ---- | C] () -- C:\Program Files\fnames
[2008/04/01 09:39:09 | 000,913,903 | ---- | C] () -- C:\Program Files\rundata
[2008/04/01 09:39:08 | 000,267,328 | ---- | C] () -- C:\Program Files\dxdata
[2001/07/13 07:04:00 | 000,373,248 | ---- | C] () -- C:\windows\EyeCand3.INI

========== LOP Check ==========

[2010/11/14 17:00:02 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\.minecraft
[2011/12/06 14:14:04 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\Abbi
[2011/06/04 18:04:14 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\Barnes & Noble
[2011/02/25 16:19:03 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\BOXEE
[2011/09/18 21:06:59 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\Braid
[2011/07/26 21:29:36 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\com.chromaom.SeamlessStudio
[2011/12/31 22:31:27 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/12/31 19:51:18 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\Command and Conquer 4
[2012/01/04 12:51:56 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\Dropbox
[2011/07/15 19:32:29 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\Hi-Rez Studios
[2011/04/01 13:05:23 | 000,000,000 | -H-D | M] -- C:\Users\Jill\AppData\Roaming\IFViewer
[2009/12/02 16:43:51 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\InterTrust
[2010/02/10 15:15:27 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\Jasc
[2011/12/06 14:05:15 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\Lodo
[2011/10/22 21:43:17 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\OnLive App
[2010/08/23 22:12:29 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\runic games
[2010/12/02 13:51:29 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\Smith Micro
[2011/05/11 14:10:06 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\System
[2011/12/28 00:12:22 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\SystemRequirementsLab
[2011/03/19 17:20:46 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\Unity
[2011/05/11 15:31:10 | 000,000,000 | -HSD | M] -- C:\Users\Jill\AppData\Roaming\wyUpdate AU
[2012/01/04 00:59:00 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At1.job
[2012/01/01 04:59:00 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At10.job
[2011/12/30 09:43:46 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At11.job
[2011/12/30 09:43:46 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At12.job
[2011/12/30 09:43:46 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At13.job
[2011/12/30 09:43:46 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At14.job
[2011/12/30 09:43:46 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At15.job
[2011/12/30 09:43:46 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At16.job
[2011/12/30 09:43:46 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At17.job
[2011/12/30 09:43:46 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At18.job
[2011/12/30 09:59:01 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At19.job
[2012/01/04 00:59:00 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At2.job
[2011/12/30 09:59:01 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At20.job
[2011/12/30 10:59:00 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At21.job
[2011/12/30 10:59:00 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At22.job
[2011/12/30 11:59:00 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At23.job
[2011/12/30 11:59:00 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At24.job
[2012/01/04 12:59:00 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At25.job
[2012/01/04 12:59:00 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At26.job
[2012/01/04 13:59:00 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At27.job
[2012/01/04 13:59:00 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At28.job
[2012/01/03 14:59:00 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At29.job
[2012/01/04 01:59:00 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At3.job
[2012/01/03 14:59:00 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At30.job
[2012/01/03 15:59:00 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At31.job
[2012/01/03 15:59:00 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At32.job
[2012/01/03 16:59:00 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At33.job
[2012/01/03 16:59:00 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At34.job
[2012/01/03 17:59:00 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At35.job
[2012/01/03 17:59:00 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At36.job
[2012/01/03 18:59:00 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At37.job
[2012/01/03 18:59:00 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At38.job
[2012/01/03 19:59:00 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At39.job
[2012/01/04 01:59:00 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At4.job
[2012/01/03 19:59:00 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At40.job
[2012/01/03 22:32:05 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At41.job
[2012/01/03 22:32:05 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At42.job
[2012/01/03 22:32:05 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At43.job
[2012/01/03 22:32:05 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At44.job
[2012/01/03 22:59:00 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At45.job
[2012/01/03 22:59:00 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At46.job
[2012/01/03 23:59:00 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At47.job
[2012/01/03 23:59:00 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At48.job
[2012/01/04 02:59:00 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At5.job
[2012/01/04 02:59:00 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At6.job
[2012/01/04 03:59:00 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At7.job
[2012/01/04 03:59:00 | 000,000,354 | ---- | M] () -- C:\windows\Tasks\At8.job
[2012/01/01 04:59:00 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At9.job
[2011/12/31 19:44:14 | 000,032,578 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by JMeg, 04 January 2012 - 05:49 PM.

  • 0

Advertisements


#2
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.

Please let me know if you still need help, or if you have since resolved the original problem you were having. If it's the former, I should be able to help you remove the malware infections from your PC. :thumbsup:
  • 0

#3
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP