Search results are redirecting, it attempts to open multiple copies of Internet explorer, starts playing audio, but I can't find any open windows. It generally takes over from whatever program is running. Closing iexplorer process in the task manager does not work, as it keeps opening more copies.
I ran OTL, and am attaching the log below. I also ran an evaluation copy of Gridinsoft Trojan Killer, and can send the log of 31 questionable items if requested.
Thank you for any help you can provide!
-----------------
OTL logfile created on: 3/21/2012 8:29:20 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Karen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.99 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 56.49% Memory free
4.83 Gb Paging File | 3.67 Gb Available in Paging File | 75.89% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.40 Gb Total Space | 142.01 Gb Free Space | 30.71% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 163.82 Gb Free Space | 35.17% Space Free | Partition Type: NTFS
Drive G: | 1.91 Gb Total Space | 1.77 Gb Free Space | 92.69% Space Free | Partition Type: FAT
Computer Name: KAREN-5A7720A66 | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/03/21 20:28:40 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karen\Desktop\OTL.exe
PRC - [2012/03/21 00:35:07 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\uGi2t20X.exe
PRC - [2012/03/14 17:26:49 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/03 08:08:18 | 005,398,336 | ---- | M] (GridinSoft LLC.) -- C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
PRC - [2012/02/23 16:16:07 | 000,056,736 | ---- | M] (Insynchq Pte. Ltd.) -- C:\Documents and Settings\Karen\Application Data\Insync\App\Insync.exe
PRC - [2012/02/14 19:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Karen\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/01 04:31:38 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/10/18 22:21:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/10/14 22:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/03 21:03:22 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZinw12.exe
========== Modules (No Company Name) ==========
MOD - [2012/03/21 00:35:07 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\uGi2t20X.exe
MOD - [2012/03/14 17:26:48 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/28 08:43:50 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/03 10:00:58 | 000,058,688 | ---- | M] () -- C:\Program Files\GridinSoft Trojan Killer\UnHookLib.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005/10/20 10:36:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2005/10/20 10:36:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/12/30 12:27:34 | 000,074,752 | ---- | M] (Freemake) [Auto | Stopped] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/01 04:31:38 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/10/18 22:21:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/21 18:02:46 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BD10C1B4-4B2D-490A-8971-89E6564B4975}\MpKslcfc5a039.sys -- (MpKslcfc5a039)
DRV - [2012/01/04 10:28:36 | 000,016,128 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV - [2009/07/13 17:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/09/02 17:08:28 | 004,812,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/04/13 17:03:46 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=make
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {A5A3E4B9-C289-46F6-8066-B38F839D608B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKCU\..\SearchScopes\{A5A3E4B9-C289-46F6-8066-B38F839D608B}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...itnesspal.com/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: [email protected]:1.98.20110322
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.3
FF - prefs.js..extensions.enabledItems: {fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {a92aadf8-193f-4a62-8740-5cce81775afc}:1.0.7
FF - prefs.js..extensions.enabledItems: {6BFD307A-C040-11DA-9749-FB1C850B47DF}:2.5.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.1
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {056d0610-e44d-11df-bccf-0800200c9a66}:3.3.51
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.71
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Karen\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/01/04 18:55:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/14 17:26:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/04 15:33:29 | 000,000,000 | ---D | M]
[2010/10/13 16:58:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Extensions
[2012/01/27 08:59:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\14hw3n8z.Jacob\extensions
[2012/01/27 08:59:37 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\14hw3n8z.Jacob\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/12/20 13:52:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\14hw3n8z.Jacob\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/23 20:11:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\14hw3n8z.Jacob\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/07/12 13:40:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\cd2lckcq.David\extensions
[2011/05/24 11:14:10 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\cd2lckcq.David\extensions\[email protected]
[2012/03/17 13:54:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\t5d47qzt.default\extensions
[2012/01/25 09:00:22 | 000,000,000 | ---D | M] (Screenshot Pimp) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\t5d47qzt.default\extensions\{056d0610-e44d-11df-bccf-0800200c9a66}
[2012/03/02 15:34:46 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\t5d47qzt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/11/13 22:10:35 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\t5d47qzt.default\extensions\[email protected]
[2012/01/04 18:55:33 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\t5d47qzt.default\extensions\[email protected]
[2012/01/19 18:53:51 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\t5d47qzt.default\searchplugins\s-amazon.xml
[2010/11/27 19:30:32 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\t5d47qzt.default\searchplugins\youtube-ssl.xml
[2012/01/15 11:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/14 17:43:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/05/22 18:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2008/06/29 17:29:55 | 000,000,000 | ---D | M] (Smart Notebook Extension) -- C:\Program Files\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KAREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T5D47QZT.DEFAULT\EXTENSIONS\{37FA1426-B82D-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KAREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T5D47QZT.DEFAULT\EXTENSIONS\{A92AADF8-193F-4A62-8740-5CCE81775AFC}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KAREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T5D47QZT.DEFAULT\EXTENSIONS\{B9BFAF1C-A63F-47CD-8B9A-29526CED9060}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KAREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T5D47QZT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KAREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T5D47QZT.DEFAULT\EXTENSIONS\{FA8476CF-A98C-4E08-99B4-65A69CB4B7D4}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KAREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T5D47QZT.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KAREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T5D47QZT.DEFAULT\EXTENSIONS\[email protected]
[2010/10/18 03:04:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/03/14 17:26:49 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012/02/04 15:33:29 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2008/10/02 21:16:08 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2011/11/10 21:33:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/04 18:55:37 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/11/10 21:33:50 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/03/20 19:52:24 | 000,000,856 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 87.229.126.55 www.bing.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CallAssistant] C:\Program Files\Verizon\CallAssistant\vzCallAssistant.exe (Verizon)
O4 - Startup: C:\Documents and Settings\Karen\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Karen\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Karen\Start Menu\Programs\Startup\Insync.lnk = C:\Documents and Settings\Karen\Application Data\Insync\App\Insync.exe (Insynchq Pte. Ltd.)
O4 - Startup: C:\Documents and Settings\Karen\Start Menu\Programs\Startup\TrayIt!.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} https://support.dell...lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {C94F6648-5B33-4EFE-BE66-AA217A058035} http://www.bigbrainz...ine/bbactx1.cab (BigBrainzActiveXControl1)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh...aploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A3F9691-7C15-43D7-BC74-0530576EAEC5}: DhcpNameServer = 192.168.1.1 71.250.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Karen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Karen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/27 21:28:47 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/03/21 20:28:35 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Karen\Desktop\OTL.exe
[2012/03/21 18:13:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/03/21 18:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\GridinSoft Trojan Killer
[2012/03/21 18:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012/03/21 18:10:18 | 024,398,592 | ---- | C] (GridinSoft LLC) -- C:\Documents and Settings\Karen\Desktop\gtk2119-setup.exe
[2012/03/21 17:57:55 | 002,066,480 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Karen\Desktop\TDSSKiller.exe
[2011/05/28 07:47:45 | 000,421,888 | ---- | C] (Igor Pavlov) -- C:\Program Files\7zFM.exe
[70 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/03/21 20:30:41 | 002,764,854 | ---- | M] () -- C:\Documents and Settings\Karen\Desktop\trojankiller1.bmp
[2012/03/21 20:28:40 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karen\Desktop\OTL.exe
[2012/03/21 20:02:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/21 20:00:05 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2012/03/21 20:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2012/03/21 19:02:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/21 19:00:04 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2012/03/21 19:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2012/03/21 18:13:19 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Trojan Killer.lnk
[2012/03/21 18:10:54 | 024,398,592 | ---- | M] (GridinSoft LLC) -- C:\Documents and Settings\Karen\Desktop\gtk2119-setup.exe
[2012/03/21 18:03:16 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2012/03/21 18:00:07 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/21 18:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2012/03/21 17:56:32 | 000,000,996 | ---- | M] () -- C:\Documents and Settings\Karen\Start Menu\Programs\Startup\Insync.lnk
[2012/03/21 17:54:57 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/03/21 17:54:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/21 17:42:08 | 002,066,480 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Karen\Desktop\TDSSKiller.exe
[2012/03/21 07:05:46 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\f7W4i6h.dat
[2012/03/21 07:00:04 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012/03/21 07:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2012/03/21 06:58:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/21 06:00:04 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012/03/21 06:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2012/03/21 05:35:05 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2012/03/21 05:35:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012/03/21 05:00:04 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012/03/21 05:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012/03/21 04:35:05 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2012/03/21 04:35:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2012/03/21 04:00:04 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012/03/21 04:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2012/03/21 03:35:05 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012/03/21 03:35:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2012/03/21 03:00:04 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012/03/21 03:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2012/03/21 02:35:05 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2012/03/21 02:35:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012/03/21 02:00:04 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012/03/21 02:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2012/03/21 01:35:08 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/03/21 01:35:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/03/21 01:00:04 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012/03/21 01:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2012/03/21 00:35:10 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\uGi2t20X.exe_.b
[2012/03/21 00:35:10 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\uGi2t20X.exe.b
[2012/03/21 00:35:07 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\uGi2t20X.exe
[2012/03/21 00:35:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/03/20 22:15:29 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Karen\Desktop\Microsoft Office Word 2007.lnk
[2012/03/20 20:18:12 | 000,032,256 | ---- | M] () -- C:\WINDOWS\System32\B7NEKy5.com
[2012/03/20 20:18:10 | 000,862,208 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\isecurity.exe
[2012/03/20 20:18:10 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Internet Security.lnk
[2012/03/20 19:52:24 | 000,000,856 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/17 14:00:59 | 001,646,174 | ---- | M] () -- C:\Documents and Settings\Karen\Desktop\photo2.JPG
[2012/03/17 13:58:32 | 000,109,712 | ---- | M] () -- C:\Documents and Settings\Karen\Desktop\photo.JPG
[2012/03/16 10:28:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/15 03:23:18 | 003,392,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/15 03:01:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/13 22:43:36 | 000,001,734 | -H-- | M] () -- D:\My Documents\Default.rdp
[2012/03/13 21:17:54 | 000,430,352 | ---- | M] () -- C:\Documents and Settings\Karen\Desktop\myhead.png
[2012/03/12 19:30:01 | 000,000,460 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to [email protected]
[2012/03/12 19:29:55 | 000,000,460 | ---- | M] () -- C:\Documents and Settings\Karen\Desktop\Shortcut to [email protected]
[2012/03/11 20:20:48 | 000,527,384 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/11 20:20:48 | 000,096,414 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/11 20:16:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/04 23:35:38 | 000,091,136 | ---- | M] () -- C:\Documents and Settings\Karen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/01 11:23:45 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Karen\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/25 15:24:29 | 000,001,310 | ---- | M] () -- C:\Documents and Settings\Karen\Desktop\My Google Docs.lnk
[2012/02/25 14:21:19 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Syncdocs.lnk
[70 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/03/21 20:30:40 | 002,764,854 | ---- | C] () -- C:\Documents and Settings\Karen\Desktop\trojankiller1.bmp
[2012/03/21 18:13:19 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Trojan Killer.lnk
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2012/03/21 00:35:10 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\uGi2t20X.exe_.b
[2012/03/21 00:35:10 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\uGi2t20X.exe.b
[2012/03/21 00:35:09 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\uGi2t20X.exe
[2012/03/21 00:35:09 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2012/03/21 00:35:09 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2012/03/21 00:35:09 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2012/03/21 00:35:09 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2012/03/21 00:35:09 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2012/03/21 00:35:09 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2012/03/21 00:35:09 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2012/03/21 00:35:00 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\f7W4i6h.dat
[2012/03/20 20:18:15 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2012/03/20 20:18:15 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2012/03/20 20:18:15 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2012/03/20 20:18:14 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2012/03/20 20:18:14 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2012/03/20 20:18:14 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2012/03/20 20:18:14 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2012/03/20 20:18:14 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2012/03/20 20:18:14 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2012/03/20 20:18:13 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\B7NEKy5.com
[2012/03/20 20:18:13 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2012/03/20 20:18:13 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2012/03/20 20:18:13 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2012/03/20 20:18:10 | 000,862,208 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\isecurity.exe
[2012/03/20 20:18:10 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Internet Security.lnk
[2012/03/17 14:00:59 | 001,646,174 | ---- | C] () -- C:\Documents and Settings\Karen\Desktop\photo2.JPG
[2012/03/17 13:58:31 | 000,109,712 | ---- | C] () -- C:\Documents and Settings\Karen\Desktop\photo.JPG
[2012/03/13 21:17:52 | 000,430,352 | ---- | C] () -- C:\Documents and Settings\Karen\Desktop\myhead.png
[2012/03/12 19:30:01 | 000,000,460 | ---- | C] () -- C:\Documents and Settings\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to [email protected]
[2012/03/12 19:29:55 | 000,000,460 | ---- | C] () -- C:\Documents and Settings\Karen\Desktop\Shortcut to [email protected]
[2012/02/16 03:14:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/13 22:22:59 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/04 09:25:17 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2011/04/26 19:09:45 | 000,110,060 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2011/03/27 13:33:38 | 000,146,787 | ---- | C] () -- C:\Documents and Settings\Karen\Application Data\MMUpgrade.jpg
[2011/03/11 10:51:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/02 22:40:53 | 000,116,458 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2011/01/02 22:40:53 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2010/12/19 19:27:58 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Karen\Local Settings\Application Data\fusioncache.dat
[2010/11/07 16:35:31 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Karen\Application Data\TAConf.conf
[2010/10/17 22:35:39 | 000,223,568 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/13 23:19:24 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/10/13 23:18:54 | 000,000,171 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2010/10/13 21:47:48 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/13 21:01:33 | 000,091,136 | ---- | C] () -- C:\Documents and Settings\Karen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/13 17:46:58 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/10/13 16:58:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/12 13:50:05 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2010/10/12 11:30:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/12 11:26:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/12 07:17:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/12 07:16:34 | 003,392,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== LOP Check ==========
[2011/05/18 10:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Broderbund
[2011/08/16 17:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Broderbund Software
[2012/01/04 18:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Freemake
[2011/03/30 10:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Oberon Media
[2011/03/30 17:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PopCap
[2011/03/30 10:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010/10/17 22:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/23 19:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Amazon
[2011/06/25 18:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\AnvSoft
[2011/11/18 23:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Audacity
[2011/01/04 16:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\BigBrainz
[2011/05/18 10:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Broderbund
[2012/02/04 15:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Catalina Marketing Corp
[2011/04/03 12:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\com.amazon.music.uploader
[2012/03/21 17:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Dropbox
[2011/05/11 20:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\DVDVideoSoftIEHelpers
[2012/01/09 21:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\facemoods.com
[2011/09/14 19:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Gmail Backup
[2011/12/13 21:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\HandBrake
[2012/02/25 20:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Insync
[2011/12/13 22:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\MPEG Streamclip
[2011/03/30 10:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Oberon Media
[2011/04/21 12:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\OverDrive
[2012/01/27 19:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\redsn0w
[2012/03/17 22:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Spotify
[2011/11/15 23:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Syncdocs
[2010/10/20 20:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\TeamViewer
[2011/06/14 19:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Unity
[2010/10/12 15:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Windows Desktop Search
[2010/10/22 16:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Windows Search
[2011/04/14 20:36:00 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Karen\Application Data\wyUpdate AU
[2012/03/21 17:54:57 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/03/21 04:35:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2012/03/21 05:35:05 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2012/03/21 05:35:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2012/03/21 01:00:04 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2012/03/21 02:00:04 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2012/03/21 03:00:04 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2012/03/21 04:00:04 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2012/03/21 05:00:04 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2012/03/21 06:00:04 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2012/03/21 00:35:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/03/21 07:00:04 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2012/03/21 01:35:08 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2012/03/21 18:03:16 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2012/03/21 19:00:04 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2012/03/21 20:00:05 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2012/03/21 00:35:10 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2012/03/21 01:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2012/03/21 02:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2012/03/21 01:35:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2012/03/21 03:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2012/03/21 04:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2012/03/21 05:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2012/03/21 06:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2012/03/21 07:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2012/03/21 02:35:05 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2012/03/21 18:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2012/03/21 19:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2012/03/21 20:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2012/03/21 02:35:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2012/03/21 00:35:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2012/03/21 03:35:05 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2012/03/21 03:35:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2012/03/21 04:35:05 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2012/03/21 18:00:07 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C46995DA
< End of report >