Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AVAST warning of Virus [Solved]

Started by simplee55 , May 18 2010 12:51 AM

  • This topic is locked This topic is locked

#1
simplee55
Posted 18 May 2010 - 12:51 AM

simplee55

    Member

  • Member
  • PipPipPip
  • 539 posts
Hello:

I need help, don't know but, have possibly picked up a Virus.

I've worked all of the Self Help Guide and posted their Logs.

Went to a web site to read some information that I needed, have used this site many times in the last year with no problems. As the page loaded, a AVAST warning, that a Virus had possibly infected my PC. I closed out of that page/web site right away.

After that event, I ran AVAST Standard Scan immediately and it found 0 infections.

Than I ran Malwarebytes and it also came up with 0 infections.

Next I ran Ad-Aware and 1 object was found which was Cookies.

Than I ran Microsoft's Disk Cleanup.

Cleared out my Java panel.

Ran the ATF and TFC Tools;

Cleared out both Web Browsers, Google Chrome and IE 7.

After all of the above was completed, came to the Geeks and;

Then I ran GMER;

I have the ERUNT registry backed up and;

Ran OLT. I don't know if I understood the instructions correctly, but the Log is also posted.

I'm running WinXP-2002 and the Programs and Tools I have on my PC to keep it running smoothly are:

AVAST;
Ad-Aware;
Malwarebytes; and
ATF and TFC Tools.

Can someone please help.

Thank U !!!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4103

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/16/2010 7:31:32 PM
mbam-log-2010-05-16 (19-31-32).txt

Scan type: Quick scan
Objects scanned: 128703
Time elapsed: 10 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 5/17/2010 11:19:32 PM - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\tyannah nicoles\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 508.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.62 Gb Total Space | 58.77 Gb Free Space | 82.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEBRA
Current User Name: tyannah nicoles
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/17 08:52:38 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tyannah nicoles\My Documents\Downloads\OTL.exe
PRC - [2010/05/16 18:22:42 | 000,840,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/16 18:22:39 | 001,291,544 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/03/18 00:35:34 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\tyannah nicoles\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2009/11/24 16:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/10/14 17:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/05/17 08:52:38 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tyannah nicoles\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/16 18:22:39 | 001,291,544 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/04 07:12:39 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2010/02/04 08:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/24 16:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 16:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 16:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 16:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 16:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 16:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/07/08 14:54:02 | 000,148,496 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\00357850.sys -- (is-55327drv)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/06/18 06:10:42 | 000,373,568 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv09.sys -- (acedrv09)
DRV - [2007/05/30 09:54:22 | 000,201,696 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp09.sys -- (acehlp09)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/03 20:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/16 01:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 02:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 02:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 02:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://video.pbs.org/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[2009/12/02 22:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1256951710656 (MUWebControl Class)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://www.support.d...lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinn...royal/royal.cab (Royal Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinn...es/wwspades.cab (WWSpades Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\tyannah nicoles\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\tyannah nicoles\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 10:52:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/16 22:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Desktop\New Folder
[2010/05/16 19:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/14 21:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Oberon Media
[2010/05/14 15:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\ERS G-Studio
[2010/05/14 13:00:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/05/12 15:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\OtherSide Realm of Eons
[2010/05/11 23:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\SunRay Games
[2010/05/11 23:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2010/05/11 23:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2010/05/09 19:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Game Mill Entertainment
[2010/05/06 21:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Shockwave
[2010/05/04 15:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\GameInvest
[2010/05/04 02:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Freeze Tag
[2010/05/03 12:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Boomzap
[2010/04/27 20:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Nevosoft Games
[2010/04/23 16:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\AzuazGames
[2010/04/22 18:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\Alawar
[2010/04/20 22:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\YoudaGames
[2010/04/19 15:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Serious Backgammon
[2010/04/17 19:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\FlyWheelGames
[2010/04/14 20:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alawar Entertainment
[2010/04/14 20:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Alawar Entertainment
[2010/04/12 21:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Top Evidence
[2010/04/12 21:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Top Evidence
[2010/04/11 19:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\MemoryClinic
[2010/04/10 21:54:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\tyannah nicoles\My Documents\My Music
[2010/04/09 09:11:31 | 000,000,000 | ---D | C] -- C:\PFiles
[2010/04/08 21:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Frogwares
[2010/04/08 20:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\LegacyInteractive
[2010/04/06 22:55:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\GameMill Entertainment
[2010/04/06 16:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Particles
[2010/04/06 16:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Specialbit
[2010/03/31 00:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XDARUFQAYG
[2010/03/31 00:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TCARUFQAYG
[2010/03/31 00:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VKARUFQAYG
[2010/03/27 13:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Silverback Productions
[2010/03/25 21:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\iMaxGen
[2010/03/24 12:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\SerpentOfIsis
[2010/03/21 23:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/03/20 20:12:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Nevosoft
[2010/03/18 21:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\QB9
[2010/03/18 00:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\SprillRichiEng
[2010/03/10 16:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Orneon
[2010/03/08 21:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\My Documents\MY GAMES
[2010/03/07 15:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\WildTangent
[2010/03/06 21:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/03/06 13:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2010/03/02 17:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Righteous Kill
[2010/03/01 15:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Meridian93
[2010/02/26 18:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\IronCode
[2010/02/23 21:45:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/22 01:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Artogon

========== Files - Modified Within 90 Days ==========

[2010/05/17 23:20:43 | 591,575,072 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/05/17 23:12:26 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\Desktop\FOR MY INFO.doc
[2010/05/17 22:47:44 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\spider.sav
[2010/05/17 22:43:31 | 000,000,006 | ---- | M] () -- C:\WINDOWS\System32\x517_256.dll
[2010/05/17 22:40:01 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-55942804-654722941-2014637290-1006UA.job
[2010/05/17 20:43:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/17 17:36:26 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\DUPE 4 JUNE BILLS.doc
[2010/05/17 14:23:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/17 14:21:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/17 14:21:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/17 14:21:22 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/17 11:15:54 | 006,923,804 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/05/17 11:15:28 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\ntuser.dat
[2010/05/17 11:15:28 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\tyannah nicoles\ntuser.ini
[2010/05/17 00:40:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-55942804-654722941-2014637290-1006Core.job
[2010/05/16 19:52:54 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\INSTRUCTION PRINT.doc
[2010/05/16 19:49:51 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\Desktop\Microsoft Office Word 2003.lnk
[2010/05/16 04:40:27 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\BILLS 4 JUNE.doc
[2010/05/14 17:52:26 | 000,001,278 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\More Great Games.lnk
[2010/05/14 16:30:30 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\Desktop\Revo Uninstaller.lnk
[2010/05/13 07:49:08 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\UsersNames and Passwords.doc
[2010/05/12 02:04:18 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/11 23:15:35 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\Game Manager.lnk
[2010/04/30 20:45:58 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 12:42:45 | 000,002,358 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\Desktop\Google Chrome.lnk
[2010/04/28 21:51:20 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\PRAYER DECREES.doc
[2010/04/27 11:24:38 | 005,097,242 | -H-- | M] () -- C:\Documents and Settings\tyannah nicoles\Local Settings\Application Data\IconCache.db
[2010/04/24 04:58:39 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\Ltr. to CONNIE.doc
[2010/04/19 15:40:32 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\Desktop\Serious Backgammon.lnk
[2010/04/19 15:03:07 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\Desktop\Auslogics Disk Defrag.lnk
[2010/04/16 00:47:18 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/14 05:23:12 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 05:23:12 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 05:23:11 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/12 11:14:54 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\DIMINATIONS 4 LOAN BY PHONE.doc
[2010/02/28 20:24:41 | 000,027,340 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\Local Settings\Application Data\slot1.mm1
[2010/02/26 20:27:47 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\REPENTANCE and EL SHADDAI that means.doc
[2010/02/26 19:42:49 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\Local Settings\Application Data\fusioncache.dat
[2010/02/26 19:41:53 | 000,417,760 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/25 08:31:59 | 000,143,927 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\SAVE THIS.JPG
[2010/02/23 21:52:33 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/23 21:45:11 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/02/19 12:21:27 | 000,000,016 | ---- | M] () -- C:\WINDOWS\popcinfo.dat

========== Files Created - No Company Name ==========

[2010/05/17 23:12:26 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\Desktop\FOR MY INFO.doc
[2010/05/16 19:52:54 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\My Documents\INSTRUCTION PRINT.doc
[2010/05/14 17:52:26 | 000,001,278 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\My Documents\More Great Games.lnk
[2010/05/11 23:15:35 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\My Documents\Game Manager.lnk
[2010/05/11 20:12:36 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\My Documents\DUPE 4 JUNE BILLS.doc
[2010/04/28 21:51:20 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\My Documents\PRAYER DECREES.doc
[2010/04/24 12:48:37 | 000,000,372 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\My Documents\spider.sav
[2010/04/19 15:40:32 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\Desktop\Serious Backgammon.lnk
[2010/04/19 15:03:07 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\Desktop\Auslogics Disk Defrag.lnk
[2010/04/13 07:44:55 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\My Documents\BILLS 4 JUNE.doc
[2010/03/18 12:52:03 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\My Documents\Ltr. to CONNIE.doc
[2010/03/08 08:11:17 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\My Documents\UsersNames and Passwords.doc
[2010/02/28 13:37:33 | 000,027,340 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\Local Settings\Application Data\slot1.mm1
[2010/02/26 19:42:49 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\Local Settings\Application Data\fusioncache.dat
[2010/02/25 08:31:59 | 000,143,927 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\My Documents\SAVE THIS.JPG
[2010/02/23 21:45:11 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/02/19 12:21:26 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/02/03 00:17:37 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\x517_256.dll
[2009/12/28 19:45:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/10/29 02:08:13 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/10/29 02:07:32 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/10/29 02:01:36 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/10/18 19:46:44 | 000,000,008 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/10/18 02:33:52 | 000,000,283 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/10/02 01:13:46 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006/10/02 01:13:46 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/01/22 20:54:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/12/01 21:27:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/09 00:36:12 | 000,000,428 | ---- | C] () -- C:\WINDOWS\TLTitleData.ini
[2005/11/02 01:16:00 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2005/10/20 05:40:14 | 000,000,412 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/09/08 02:55:33 | 000,000,353 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/08/25 01:30:40 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/07/29 23:56:54 | 000,000,284 | ---- | C] () -- C:\WINDOWS\ATRT.INI
[2005/07/11 19:37:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/11 19:31:40 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/11 19:08:14 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/07/11 19:07:56 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/07/06 01:00:30 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2005/07/06 01:00:26 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2005/07/06 01:00:26 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2004/08/10 11:12:05 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 11:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/01/01 21:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2010/04/14 20:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Entertainment
[2010/01/12 00:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/04/22 19:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2009/12/12 12:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/12 02:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BanzaiInteractive
[2009/12/25 21:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Becky Brogan
[2010/02/13 19:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2009/10/31 04:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2010/02/09 09:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Christmasville
[2009/11/04 07:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2007/11/19 13:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/04/04 14:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2010/03/10 01:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum2
[2009/11/07 23:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2010/02/20 00:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2009/10/30 14:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/12/19 13:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/12/09 15:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IntDreams
[2010/03/21 23:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/02/01 15:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/12/03 18:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010/01/14 01:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LPARUFQAYG
[2010/04/23 13:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/01/12 18:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/04/04 15:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/03/06 13:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2009/11/09 23:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2007/11/19 13:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/04/06 16:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2010/05/12 15:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/11/26 03:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2010/01/04 20:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2010/02/25 23:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/12/02 00:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Slapdash Games
[2009/12/15 19:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpecialBit
[2010/01/25 13:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2008/02/18 10:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/03/31 00:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TCARUFQAYG
[2010/05/14 22:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/05 18:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Mirror Mysteries
[2010/04/12 21:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Top Evidence
[2005/07/11 19:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/31 00:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VKARUFQAYG
[2010/05/16 16:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/12/10 14:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildWestQuest2
[2010/04/03 14:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/03/31 00:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XDARUFQAYG
[2010/01/02 21:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/02/23 21:45:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/14 20:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Alawar Entertainment
[2010/01/02 12:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\ArcadeTown 3 Days Zoo Mystery
[2010/04/16 17:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Artogon
[2010/03/21 02:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Auslogics
[2009/12/12 12:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\AVG9
[2010/04/23 16:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\AzuazGames
[2010/02/12 02:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\BanzaiInteractive
[2010/04/25 16:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Big Fish Games
[2010/05/03 13:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Boomzap
[2010/01/22 01:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\cerasus.media
[2010/05/14 15:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\ERS G-Studio
[2009/12/21 19:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Fabulous Finds
[2010/02/20 00:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Flood Light Games
[2010/04/17 19:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\FlyWheelGames
[2010/05/04 02:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Freeze Tag
[2009/12/31 20:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Friday's games
[2010/04/08 21:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Frogwares
[2009/12/16 19:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Futoshiki
[2010/05/09 19:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Game Mill Entertainment
[2010/04/26 21:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\GameHousev1001
[2010/05/04 15:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\GameInvest
[2010/04/06 22:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\GameMill Entertainment
[2009/11/27 15:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Gamers Digital
[2010/02/06 13:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Games
[2010/01/11 07:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Gold Casual Games
[2009/10/29 23:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\GTM_Bodie
[2010/05/05 23:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\HdO Adventure
[2009/12/17 23:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\HiT-MM
[2010/03/30 18:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Image Zone Express
[2010/03/26 10:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\iMaxGen
[2010/02/26 18:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\IronCode
[2009/12/01 02:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Leadertech
[2010/04/08 20:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\LegacyInteractive
[2008/05/06 11:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Lionhead Studios
[2009/12/04 18:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\MastersOfMystery2
[2010/04/11 19:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\MemoryClinic
[2010/03/01 15:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Meridian93
[2010/04/23 13:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Merscom
[2009/11/09 22:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\MSNInstaller
[2010/02/08 21:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Mysteryville2
[2010/03/20 20:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Nevosoft
[2010/04/27 20:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Nevosoft Games
[2010/05/14 21:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Oberon Media
[2009/11/08 20:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Oberonv1001
[2010/04/08 19:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Octoshape
[2009/11/15 20:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Opera
[2010/03/10 16:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Orneon
[2010/05/12 16:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\OtherSide Realm of Eons
[2007/11/19 13:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\ParetoLogic
[2010/05/12 15:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\PlayFirst
[2010/01/18 17:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\PlayPond
[2009/12/01 19:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Playrix Entertainment
[2010/01/04 20:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\PoBros
[2010/02/05 02:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Pogo Games
[2010/03/18 21:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\QB9
[2009/12/21 13:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Reflexivev1002
[2010/03/02 21:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Righteous Kill
[2010/01/22 19:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\RobinsonCrusoeRA
[2010/01/22 22:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\RobinsonCrusoeWT
[2010/01/08 03:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Scholastic
[2009/12/07 17:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\SecretIslandEng
[2010/03/24 21:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\SerpentOfIsis
[2010/05/06 21:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Shockwave
[2010/03/27 13:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Silverback Productions
[2010/04/06 16:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Specialbit
[2009/10/29 23:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\SpinTop
[2010/05/06 19:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\SpinTop Games
[2010/03/18 00:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\SprillRichiEng
[2010/01/20 02:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\TheFixerUpper
[2009/12/05 22:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\TheScruffs
[2009/11/26 01:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\TitanicMystery
[2010/04/12 21:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Top Evidence
[2009/12/09 21:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Total Eclipse
[2009/10/22 14:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Viewpoint
[2005/07/23 23:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\wb05D1SE
[2010/01/07 22:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Wildhollow
[2010/05/16 16:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\WildTangent
[2009/12/26 21:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\WildTangentv1001
[2010/01/28 17:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Winv1002
[2010/04/20 22:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\YoudaGames
[2010/05/17 20:43:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========


========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/05/17 14:21:21 | 000,147,480 | ---- | M] () -- C:\aaw7boot.log
[2004/08/10 11:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/11/09 16:10:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2009/12/08 15:51:27 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2004/08/10 11:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/07/11 19:11:00 | 000,004,702 | RH-- | M] () -- C:\dell.sdr
[2010/05/17 14:21:22 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2007/09/01 08:15:46 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2008/04/04 13:14:18 | 000,000,246 | ---- | M] () -- C:\INSTALL.LOG
[2004/08/10 11:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/11/01 21:58:20 | 000,000,217 | -H-- | M] () -- C:\IPH.PH
[2010/05/07 01:29:28 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/10 11:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/05/27 10:41:15 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/17 14:21:21 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 10:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 10:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 10:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2009/11/24 16:47:54 | 000,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2009/11/24 16:50:00 | 000,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2009/11/24 16:51:09 | 000,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2009/11/24 16:50:59 | 000,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2009/11/24 16:48:57 | 000,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2009/11/24 16:50:12 | 000,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2009/11/24 16:49:07 | 000,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/02/04 08:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 06:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/23 21:52:33 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys
[2009/12/31 09:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43CFCEB7
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7420C5FC
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F2BA284
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69B9AAE7
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E8968DA
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A47E53E8
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7594D157
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6CC6B34B
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30079599
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB9D94DF
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C5E2795
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E821E59
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8B102B9
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA7BE830
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4A41F2F
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FAFBD6A
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC7F5873
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C0CBD4C
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAB64002
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF0C5444
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6C58E14
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F22DA14
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16ADBA30
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6598A004
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EC7A545
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AF68B2D
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFD53918
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B721CFF
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35FAD15D
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61B54B15
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8A39657
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFF2876E
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:721C42E8
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E3035E2
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B7430D1
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C90B77C
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54997B77
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B121B40
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A7BF72D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEE9DF1B
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88A44CC1
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D6B89CE
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37C8DB03
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3FFFBA9
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7C6AAAB
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6407DD2D
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E411AA0D
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63A0F88A
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A448DB2
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CDC6617
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B60D5127
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A71E8A6B
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42A3BDD7
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1BC99E01
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5080697C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97AAF400
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91DEEE71
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8101D728
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11A42F4E
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88AF1ED3
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F540D2ED
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:902B6A44
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A82539E
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB65A4AA
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAB275B8
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A133096E
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:981349EA
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2556A8A0
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A561857E
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71612023
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FACFF6A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF2E2F0E
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76C67845
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BBAFAAC
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FF5872D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02EC064C
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E9A3410
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FC4D5E3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68EF6203
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59C113EC
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1069F99
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC78DA48
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FA9052D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C8D088C
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21625197
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A871616E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0CB43B2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DF9F99A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50A11A00
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED873558
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2F60835
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C19F43E4
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6250A8A7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B6F7F60
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED86E7AC
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1EA0D54
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33A0D119
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C31E38F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09064307
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B43FFCC
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E426A1F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:269AA4B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F8B72C9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C22C34B
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090E1D16
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66D5476F
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24BBD989
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB8B6B1E
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B92B64
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A732F4D
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97B485E1
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:110A3921
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A19A9C88
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:279FF250
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D6DC04C
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A691DDB
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6444B424
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8391EB5A
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67D4E08E
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1A189EA
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53CC4967
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49AC9A9A
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C5ABDC7
End of report


OTL Extras logfile created on: 5/17/2010 8:57:08 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\tyannah nicoles\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 523.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.62 Gb Total Space | 58.92 Gb Free Space | 82.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEBRA
Current User Name: tyannah nicoles
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0b\waol.exe" = C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\DellSupport\DSAgnt.exe" = C:\Program Files\DellSupport\DSAgnt.exe:*:Enabled:Dell Support -- (Gteko Ltd.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:HP Update -- (Hewlett-Packard)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera -- File not found
"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware -- (Lavasoft)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A747BFA-13C3-49AE-9306-CBA049821CD3}" = GDP 9
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{96F1BBD6-92F7-421F-8FCB-88B53D217206}" = Gregg College Keyboarding & Document Processing Home 10
"{9D557F57-5B3F-43E1-A1F5-C9CDD00F719F}" = Print Perfect Fonts
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATT-RC" = ATT-RC Self Support Tool
"avast!" = avast! Antivirus
"BFGC" = Big Fish Games: Game Manager
"ERUNT_is1" = ERUNT 1.1j
"Game Console - WildGames" = WildTangent ORB Game Console
"GoToAssist" = GoToAssist 8.0.0.514
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Adapters and Drivers
"ProtectDisc Driver" = ProtectDisc Helper Driver
"Revo Uninstaller" = Revo Uninstaller 1.88
"Serious Backgammon" = Serious Backgammon
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/21/2009 11:56:58 AM | Computer Name = DEBRA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\tyannah nicoles\Local Settings\temp\scoped_dir27666\TEMP_INSTALL\manifest.json
failed, 00000005.

Error - 11/21/2009 11:57:39 AM | Computer Name = DEBRA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\tyannah nicoles\Local Settings\temp\scoped_dir27800\TEMP_INSTALL\manifest.json
failed, 00000005.

Error - 11/21/2009 11:58:07 AM | Computer Name = DEBRA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\tyannah nicoles\Local Settings\temp\scoped_dir27892\TEMP_INSTALL\manifest.json
failed, 00000005.

Error - 12/16/2009 11:36:25 AM | Computer Name = DEBRA | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 12/16/2009 11:36:26 AM | Computer Name = DEBRA | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 12/16/2009 11:36:45 AM | Computer Name = DEBRA | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 12/20/2009 4:46:07 PM | Computer Name = DEBRA | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 12/20/2009 4:46:07 PM | Computer Name = DEBRA | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 12/20/2009 4:46:16 PM | Computer Name = DEBRA | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 12/20/2009 4:51:03 PM | Computer Name = DEBRA | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.

[ Application Events ]
Error - 12/28/2009 4:30:07 PM | Computer Name = DEBRA | Source = Application Error | ID = 1000
Description = Faulting application rainforest.exe, version 0.0.0.0, faulting module
igldev32.dll, version 6.14.10.4396, fault address 0x0001e7c0.

Error - 1/1/2010 5:51:37 AM | Computer Name = DEBRA | Source = Application Error | ID = 1000
Description = Faulting application backgamm.exe, version 1.3.1.0, faulting module
backgamm.exe, version 1.3.1.0, fault address 0x0003ffab.

Error - 1/1/2010 5:51:40 AM | Computer Name = DEBRA | Source = Application Error | ID = 1000
Description = Faulting application backgamm.exe, version 1.3.1.0, faulting module
backgamm.exe, version 1.3.1.0, fault address 0x0003ffab.

Error - 1/1/2010 5:51:41 AM | Computer Name = DEBRA | Source = Application Error | ID = 1000
Description = Faulting application backgamm.exe, version 1.3.1.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x0000df3c.

Error - 1/11/2010 10:25:29 AM | Computer Name = DEBRA | Source = Application Error | ID = 1000
Description = Faulting application emeraldtear.exe, version 0.0.0.0, faulting module
emeraldtear.exe, version 0.0.0.0, fault address 0x00134d67.

Error - 2/2/2010 12:44:51 AM | Computer Name = DEBRA | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2/3/2010 6:43:43 PM | Computer Name = DEBRA | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2/12/2010 6:19:50 PM | Computer Name = DEBRA | Source = Application Error | ID = 1000
Description = Faulting application theclumsys2.rwg, version 0.0.1.98, faulting module
, version 0.0.1.98, fault address 0x0003c135.

Error - 2/13/2010 5:13:52 AM | Computer Name = DEBRA | Source = Application Error | ID = 1000
Description = Faulting application theclumsys2.rwg, version 0.0.1.98, faulting module
, version 0.0.1.98, fault address 0x0003c135.

Error - 2/28/2010 5:07:42 AM | Computer Name = DEBRA | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

[ System Events ]
Error - 5/16/2010 9:46:45 PM | Computer Name = DEBRA | Source = Service Control Manager | ID = 7034
Description = The McciCMService service terminated unexpectedly. It has done this
1 time(s).

Error - 5/16/2010 9:46:45 PM | Computer Name = DEBRA | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 5/16/2010 9:46:45 PM | Computer Name = DEBRA | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/16/2010 9:46:46 PM | Computer Name = DEBRA | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 5/16/2010 9:46:48 PM | Computer Name = DEBRA | Source = Service Control Manager | ID = 7031
Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
10000 milliseconds: Restart the service.

Error - 5/16/2010 9:46:53 PM | Computer Name = DEBRA | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 5/17/2010 12:30:55 AM | Computer Name = DEBRA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 0013202EAC69 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 5/17/2010 12:32:08 AM | Computer Name = DEBRA | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 86eaf4e8, parameter3
86eaf65c, parameter4 805fb146.

Error - 5/17/2010 10:46:46 AM | Computer Name = DEBRA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 0013202EAC69 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 5/17/2010 10:48:23 AM | Computer Name = DEBRA | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 86ff92b0, parameter3
86ff9424, parameter4 805fb146.
End of report


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-16 21:11:48
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\TYANNA~1\LOCALS~1\Temp\uxtdapob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEEA196B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEEA19574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEEA19A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEEA1914C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEEA1964E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEEA1908C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEEA190F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEEA1976E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEEA1972E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEEA198AE]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF7B09760]
.reloc C:\WINDOWS\system32\drivers\acehlp09.sys section is executable [0xF7210780, 0x28F7A, 0xE0000060]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7177F80]
.reloc C:\WINDOWS\system32\drivers\acedrv09.sys section is executable [0xEE014000, 0x4E05A, 0xE0000060]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat ED8CED20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----
  • 0

Advertisements

#2
Essexboy
Posted 18 May 2010 - 01:24 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

As the page loaded, a AVAST warning, that a Virus had possibly infected my PC. I closed out of that page/web site right away

The webshield element of Avast killed the connection as soon as the alert appeared and before anything was downloaded

Your logs look OK - do you have any problems ?
  • 0

#3
simplee55
Posted 18 May 2010 - 04:35 PM

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
Hey Exxexboy:

Hey Exxexboy:

No problems other than that Blue Screen that has appeared 4-5 times since this incident, but the Blue screen happened about five (5) or so months ago and I didn't have any Virus or Malware then either, in fact, the Blue screen happened at the same time the GMER Tool was running, it freaked me out. And after the Scan was complete, I was trying to COPY/PASTE and post it here, and it happened again. So I don't know but other than that, my PC is running normally.

I also knew that after I ran Malwarebytes and it came up with 0 infections, I was in the clear, but you can never be too sure.

I posted over on the other side with my Blue screen issue, and FNP told me after I get a clean bill of health from here, we could proceed.

I do have one question, what does this mean;

========== Last 10 Event Log Errors ==========

After reading the last Log down at the bottom of my screen, I see all these Errors with a number on each line, is that normal.

Thank U so much !!!

simplee55 :)

Edited by simplee55, 18 May 2010 - 05:00 PM.

  • 0

#4
Essexboy
Posted 19 May 2010 - 12:27 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What is the current version of Avast that you have - mine is 5.0.545 as there have been some instances of an Avast conflict with some unusual programmes, but I see none of the known ones on your system
  • 0

#5
simplee55
Posted 19 May 2010 - 06:02 PM

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
My version is 4.8 Free Home Edition

It never crossed my mind that there could be an Updated version of AVAST, it was and I just installed their 5.0.545 version.

I just ran a Quick Scan and there was 0 infections.

Also, is it necessary to keep this ERUNT tool on my PC.

Edited by simplee55, 19 May 2010 - 11:00 PM.

  • 0

#6
Essexboy
Posted 20 May 2010 - 11:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 20.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u20-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u20-windows-i586-p.exe and select "Run as an Administrator.")

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done

SPRING CLEAN

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

THEN

Download Flush Flash from Here and follow the easy to use instructions on the same page

NEXT

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#7
simplee55
Posted 20 May 2010 - 01:27 PM

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
Essexboy:

I read your post and printed out all your instructions.

I performed the first (1st) step, "RUN OTL and hit the Cleanup button". I did that, and after it finished, I rebooted. After I saw my Desktop, it stopped loading. Nothing loaded in my Systems Tray, the only thing that loaded was the Time, at that point my PC froze, so I had to do a HARD SHUT down to reboot it that way and it loaded normally.

After I came back up on the Desktop, all I could see that was deleted after I had to do the Hard Shut down was the OTL tool, because I had to manually delete the ERUNT with the REVO Uninstall Tool.

Also, I was getting ready to follow your instructions on removing the JAVA, before I can move on, please explain what this is:

"Beware, it is NOT supported for use in 9x" 9x what's that and do I have this 9x ???

Edited by simplee55, 20 May 2010 - 01:36 PM.

  • 0

#8
Essexboy
Posted 20 May 2010 - 01:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That means windows 95/98 so you are OK :)
  • 0

#9
simplee55
Posted 20 May 2010 - 02:05 PM

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
Okay, I'm stuck here. I need you to look at the SNAPSHOTS and tell me which ones, because I have no idea which Platform to select under the Windows

Thank U !!!

Edited by simplee55, 20 May 2010 - 02:07 PM.

  • 0

#10
Essexboy
Posted 20 May 2010 - 02:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
According to the second screenshot you are on the right one :) Just select windows on that dropdown
  • 0

Advertisements

#11
simplee55
Posted 20 May 2010 - 02:25 PM

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
essexboy:

I have a problem.

As I mentioned, I have Ad-Aware as my Malware program. So what I did was Updated Ad-aware and after the installation, I had to reboot.

Got back up on the Desktop, and again, the Systems Tray would not load, in fact, until I moved my Mouse, didn't know that I had froze again.

I went thru 3 more HARD SHUT downs before every thing loaded normally.

I think there is some type of problem that may be hidden from all those Logs I ran and posted. What's your take on this.

One last thing. I pulled out my DELL XP Recovery Backup CD and turned on the PC not knowing if it was going to load normally or freeze again. Was going to pop the CD in the drive and do another booth so I could try and find out why this was happening. Well I didn't have to take that route.

So here we are. What should I do.

Also, I use Auslogic Defrag, will it harm my system if I have two (2) Defrag Programs. And if I install SpywareBlaster would that conflict with my Ad-Aware Program ???

Thanks !!!

simplee :)

Edited by simplee55, 20 May 2010 - 05:18 PM.

  • 0

#12
Essexboy
Posted 21 May 2010 - 01:51 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi simplee55 please do not edit your posts as I do not receive a notification when you do that. Don't bother with Puran if you are happy with Auslogics

And if I install SpywareBlaster would that conflict with my Ad-Aware Program ???

Nope :)


From the Start menu, select Run.
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.
  • 0

#13
simplee55
Posted 21 May 2010 - 04:46 PM

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
Hi simplee55 please do not edit your posts as I do not receive a notification when you do that. Oh okay, I'm sorry about that, won't happen again. Sometimes after I posted I then remember something that I needed to say, and that's why I do the Editing.

Don't bother with Puran if you are happy with Auslogics, alright.

From the Start menu, select Run.
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes. Essexboy, why and I running this Tool and what are you looking for. Will there be a Log that you want me to post ???

And because of the Blue Screens and all the freezings, what should we do next ???

Thank U !!!
  • 0

#14
Essexboy
Posted 22 May 2010 - 04:19 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
SFC will not produce a log, but it will replace any dameged files

Please go here and download Who Crashed
Run the programme
Then post the report produced
  • 0

#15
simplee55
Posted 22 May 2010 - 09:47 AM

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
Essexboy:

I ran both of the Tools, please see the SNAPSHOT for sfc/scannow.

Analysis
________________________________________

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.


On Mon 5/17/2010 5:49:06 PM your computer crashed
This was likely caused by the following module: csrss.exe
Bugcheck code: 0xF4 (0x3, 0x86EA74E0, 0x86EA7654, 0x805FB146)
Error: CRITICAL_OBJECT_TERMINATION
Dump file: C:\WINDOWS\Minidump\Mini051710-01.dmp
file path: C:\WINDOWS\system32\csrss.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Client Server Runtime Process
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit is in another driver on your system which cannot be identified at this time.


On Sun 5/16/2010 4:30:14 AM your computer crashed
This was likely caused by the following module: csrss.exe
Bugcheck code: 0xF4 (0x3, 0x86FF92B0, 0x86FF9424, 0x805FB146)
Error: CRITICAL_OBJECT_TERMINATION
Dump file: C:\WINDOWS\Minidump\Mini051610-02.dmp
file path: C:\WINDOWS\system32\csrss.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Client Server Runtime Process
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit is in another driver on your system which cannot be identified at this time.


On Sun 5/16/2010 2:44:53 AM your computer crashed
This was likely caused by the following module: csrss.exe
Bugcheck code: 0xF4 (0x3, 0x86EAF4E8, 0x86EAF65C, 0x805FB146)
Error: CRITICAL_OBJECT_TERMINATION
Dump file: C:\WINDOWS\Minidump\Mini051610-01.dmp
file path: C:\WINDOWS\system32\csrss.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Client Server Runtime Process
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit is in another driver on your system which cannot be identified at this time.


On Mon 2/1/2010 3:35:41 AM your computer crashed
This was likely caused by the following module: csrss.exe
Bugcheck code: 0xF4 (0x3, 0x86F55B10, 0x86F55C84, 0x805FB066)
Error: CRITICAL_OBJECT_TERMINATION
Dump file: C:\WINDOWS\Minidump\Mini020110-03.dmp
file path: C:\WINDOWS\system32\csrss.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Client Server Runtime Process
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit is in another driver on your system which cannot be identified at this time.


On Mon 2/1/2010 2:21:04 AM your computer crashed
This was likely caused by the following module: csrss.exe
Bugcheck code: 0xF4 (0x3, 0x86FBF1A8, 0x86FBF31C, 0x805FB066)
Error: CRITICAL_OBJECT_TERMINATION
Dump file: C:\WINDOWS\Minidump\Mini020110-02.dmp
file path: C:\WINDOWS\system32\csrss.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Client Server Runtime Process
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit is in another driver on your system which cannot be identified at this time.


On Mon 2/1/2010 2:12:06 AM your computer crashed
This was likely caused by the following module: csrss.exe
Bugcheck code: 0xF4 (0x3, 0x872F07C8, 0x872F093C, 0x805FB066)
Error: CRITICAL_OBJECT_TERMINATION
Dump file: C:\WINDOWS\Minidump\Mini020110-01.dmp
file path: C:\WINDOWS\system32\csrss.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Client Server Runtime Process
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit is in another driver on your system which cannot be identified at this time.


On Fri 1/29/2010 11:24:24 AM your computer crashed
This was likely caused by the following module: csrss.exe
Bugcheck code: 0xF4 (0x3, 0x872E0DA0, 0x872E0F14, 0x805FB066)
Error: CRITICAL_OBJECT_TERMINATION
Dump file: C:\WINDOWS\Minidump\Mini012910-01.dmp
file path: C:\WINDOWS\system32\csrss.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Client Server Runtime Process
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit is in another driver on your system which cannot be identified at this time.


On Fri 1/1/2010 12:10:56 AM your computer crashed
This was likely caused by the following module: win32k.sys
Bugcheck code: 0x1000008E (0xC0000005, 0xBF8124E9, 0xEE41333C, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
Dump file: C:\WINDOWS\Minidump\Mini010110-01.dmp
file path: C:\WINDOWS\system32\win32k.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Multi-User Win32 Driver
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit is in another driver on your system which cannot be identified at this time.

________________________________________
Conclusion
________________________________________

8 crash dumps have been found and analyzed. Note that it's not always possible to state with certainty whether a reported driver is really responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

I will be gone for most of the day, won't be back online until 5:00-pm California time.

simplee
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP