Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BROKEN LINKS

Started by simplee55 , Apr 27 2011 12:06 AM

  • Please log in to reply

#1
simplee55
Posted 27 April 2011 - 12:06 AM

simplee55

    Member

  • Member
  • PipPipPip
  • 539 posts
Hello:

Before I start explaining why I'm here, I would like to tell whoever answers my post, that I have read the Self-help Malware Guide and followed the instructions on running the OTL Tool and it did not produce two Logs. It only gave me one Log that I have attached.

In the Self-help Guide, I read the "How to fix Googles Redirects Guide, I did not know that I was being redirected until I posted this problem over in the XP Forum and was told by tech "Happyrock" that I was being Redirected. So I have no Virus or Malware names to give you.

Okay, let me explain if I can.

For the last 4 days something strange has been going on with any Searches that I do, after click on Links.

I only use Yahoo as my search engine and had to do several searches on Yahoo over the last 4 days and when clicking on different Links, what happens is, instead of the Links taking me to that particular website, it just starts to download, that's it, no more information I can give about that.

Because my primary browser is Google Chrome, it opens up another window to start any downloads, which is what it did. After looking at these downloads, they looked weird, like they were encrypted.

I use the Free AVAST as my AntiVirus Program. There is a tool which is part of AVAST that I have never seen before that pops up on the screen that's called Sandbox, it's been popping up oh say a little over a month.

To say the least, it's very annoying because, this Sandbox Tool and this Infection Blocker Box pops up with things that I've used since I've had this PC that have never caused any Malware problems or Virus's for that matter, they even pop up when I go to check my E-mail on Yahoo, which I've done forever and I believe is total nonsense.

A little over a year ago, one of the Techs told me to start using the AFT Cleaner and TFC Tools that I use almost everyday to clean out my files and folders, and every time I use both, the Sandbox opens up. So after looking more closely at this Tool, I saw that I could tell it that it's okay to use these two Tools ("AFT and TFC") as much as I want without the Sandbox thinking that it was unsafe.

With that said, some how, I honestly believe that this Sandbox may be the cause of putting Malware and/or any Virus that maybe found on my system. Every thing was going pretty good until this thing appeared. Why and where this Tool came from, I have NO idea. Because I have had AVAST on my PC since the beginning of 2010, AVAST never gave me any idea that this Tool was being downloaded onto my system, so I have no other reason but to believe that this Tool is causing my problems now.

I opened up AVAST and read to see if there was a way I could disconnect it, but there is none.

I'm running WinXP and have a DELL 3000

I hope I was clear enough.

Thank U for any help you can give.



OTL logfile created on: 4/26/2011 9:20:57 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Debra Flowers\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 453.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.62 Gb Total Space | 54.61 Gb Free Space | 76.26% Space Free | Partition Type: NTFS

Computer Name: DEBRA | User Name: Debra Flowers | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Debra Flowers\My Documents\DOWNLOADS\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Debra Flowers\My Documents\DOWNLOADS\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (mcupdmgr.exe) -- File not found
SRV - (HidServ) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://zone.msn.com/en-us/home
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DriveConfiguration = [Binary data over 100 bytes]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LegacyDrive = [Binary data over 100 bytes]
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://pccheckup.del...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Magic%20Inlay/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1278719484687 (MUWebControl Class)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/...of.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinn...es/wwspades.cab (WWSpades Control)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/...on.cab64162.cab (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Debra Flowers\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Debra Flowers\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/26 14:26:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Flowers\Application Data\Sungift Games
[2011/04/26 14:26:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sungift Games
[2011/04/24 12:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Flowers\Application Data\Happy Muffin Top
[2011/04/23 13:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Flowers\My Documents\Microsys
[2011/04/23 13:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Serious Backgammon
[2011/04/23 13:21:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/23 13:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/23 13:21:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/23 13:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/21 22:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\RealArcade
[2011/04/21 11:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Flowers\Application Data\Funlinker
[2011/04/18 20:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Flowers\Application Data\My Games
[2011/04/15 09:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Flowers\Local Settings\Application Data\WildWestStory
[2011/04/15 00:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Flowers\Application Data\Cosmonaut Games
[2011/04/14 22:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Flowers\Application Data\Zylom
[2011/04/14 22:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/04/14 21:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2011/04/14 21:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Flowers\Application Data\GameHouse
[2011/04/13 13:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Flowers\Application Data\GestaltGames
[2011/04/13 13:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GestaltGames
[2011/04/12 16:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2011/04/12 15:46:58 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/12 15:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/04/12 15:46:57 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/12 15:46:55 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/12 15:46:55 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/12 15:46:54 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/12 15:46:54 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/12 15:46:54 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/12 15:46:53 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/12 15:46:33 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/12 15:46:32 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/12 15:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/12 15:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/11 11:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Flowers\Application Data\Camel101
[2011/04/11 11:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Flowers\Application Data\GarageGames
[2011/04/11 10:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Flowers\Application Data\SpinTop Games
[2011/04/10 18:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Flowers\Start Menu\Programs\Tower Software
[2011/04/08 10:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Flowers\Application Data\Enki Games
[2011/04/06 11:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Flowers\Application Data\TOMI3
[2011/04/04 16:16:47 | 000,000,000 | ---D | C] -- C:\ProgramData
[2011/04/02 14:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Flowers\Application Data\Silverback Productions
[2011/04/02 11:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Flowers\Application Data\MagicIndie
[2011/03/30 21:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2011/03/28 13:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Flowers\Application Data\IBAGroup
[2011/03/28 13:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Flowers\Application Data\HdO Adventure

========== Files - Modified Within 30 Days ==========

[2011/04/26 20:31:03 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Debra Flowers\My Documents\spider.sav
[2011/04/26 20:09:56 | 000,000,006 | ---- | M] () -- C:\WINDOWS\System32\x517_256.dll
[2011/04/26 08:38:13 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/04/26 08:36:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/26 08:36:32 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/26 01:53:40 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/26 01:53:40 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/24 11:45:23 | 000,001,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2011/04/23 13:35:04 | 000,000,128 | -H-- | M] () -- C:\Documents and Settings\Debra Flowers\microsoft.dat
[2011/04/23 13:29:43 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Debra Flowers\Desktop\Serious Backgammon.lnk
[2011/04/14 12:37:06 | 000,184,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/12 15:46:58 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/04/12 15:46:54 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/12 11:54:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/12 11:51:58 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/12 11:51:58 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/04/24 11:45:23 | 000,001,194 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2011/04/23 13:29:43 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\Debra Flowers\Desktop\Serious Backgammon.lnk
[2011/04/12 16:24:16 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2011/04/12 16:24:16 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
[2011/04/12 15:46:58 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/04/08 17:24:32 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Default Manager.lnk
[2011/04/08 15:47:47 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/08 15:47:47 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/01/27 17:34:54 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\msdrve.dll
[2011/01/27 17:34:53 | 000,010,816 | ---- | C] () -- C:\WINDOWS\vmoptver.dll
[2011/01/14 04:49:11 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\b517_256.dll
[2010/12/28 09:17:00 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Debra Flowers\Application Data\PFP120JPR.{PB
[2010/12/28 09:17:00 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Debra Flowers\Application Data\PFP120JCM.{PB
[2010/12/28 09:14:06 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/12/28 09:14:06 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\0AEF98A4FB.sys
[2010/12/12 12:56:01 | 000,030,976 | ---- | C] () -- C:\WINDOWS\rascntrl.dll
[2010/12/12 12:56:01 | 000,023,104 | ---- | C] () -- C:\WINDOWS\System32\svcprmpt.dll
[2010/12/09 12:44:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/07/28 12:07:36 | 000,000,052 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2010/07/23 22:49:48 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2010/07/21 14:01:16 | 000,004,994 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gzzcrqnc.wrg
[2010/07/17 00:43:06 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\syspvm-14.dll
[2010/06/14 21:10:14 | 000,004,608 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\os331msd.obj
[2010/06/11 09:25:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2010/06/06 12:43:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/05 20:48:35 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\x517_256.dll
[2010/06/05 19:48:22 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2010/06/05 19:48:06 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/06/05 19:45:32 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2010/06/05 19:29:26 | 000,112,924 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2010/06/05 19:29:26 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2010/06/05 16:50:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/05 00:09:14 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\Debra Flowers\Application Data\AtomicAlarmClock.ini
[2010/06/04 22:09:11 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/07/11 19:37:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/11 19:31:40 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/11 19:30:06 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/07/11 19:08:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/07/11 19:08:14 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/07/11 19:07:56 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 11:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 11:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 11:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 11:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 10:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 10:57:15 | 000,184,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 10:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 10:51:20 | 000,442,466 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 10:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 10:51:20 | 000,071,732 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 10:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 10:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 10:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 10:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 10:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 10:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 10:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 10:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/12/03 00:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/10/04 18:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2010/07/05 08:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/04/12 15:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/12 16:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2010/12/24 14:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Casual Arts
[2011/03/31 08:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2011/03/11 15:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2010/07/26 00:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ERS G-Studio
[2011/04/12 21:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2010/12/08 21:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLARUFQAYG
[2010/12/25 17:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/11/30 17:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2010/07/23 22:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2011/02/06 16:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/06/22 21:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Game Club Cafe Game Downloads
[2010/08/11 16:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2010/08/11 15:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamersDigital
[2011/04/13 13:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GestaltGames
[2010/12/08 17:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2011/01/26 00:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gold Casual Games
[2010/11/29 23:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2010/06/15 17:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hitpointstudios
[2010/07/19 20:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2011/01/21 15:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010/12/08 22:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JRARUFQAYG
[2011/03/09 16:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2010/12/08 22:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LAARUFQAYG
[2010/12/20 05:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LittleGamesCompany
[2010/12/08 22:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LPARUFQAYG
[2010/07/18 19:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/06/09 20:54:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\mgp_data
[2011/02/18 19:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2011/02/09 22:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MysteryChronicles
[2011/04/14 21:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2011/01/22 13:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Namco
[2010/07/19 14:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/07/29 23:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2010/12/10 19:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PLARUFQAYG
[2011/04/24 11:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/03/21 22:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2011/02/17 21:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2011/02/15 16:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PuzzlesByJoe
[2011/03/01 16:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/07/19 20:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScreenSeven
[2010/12/30 14:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpecialBit
[2011/03/17 00:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2011/04/26 02:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/09 16:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Inquisitor
[2011/03/01 16:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TikisLab
[2011/04/23 11:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Top Evidence
[2010/12/08 23:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ULARUFQAYG
[2011/03/23 10:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Venus DS
[2005/07/11 19:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/12/08 21:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VKARUFQAYG
[2011/01/11 20:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/12/08 21:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XDARUFQAYG
[2011/04/14 22:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/07/23 20:40:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2011/01/09 21:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\2monkeys
[2011/03/10 18:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Aerohills
[2011/03/14 20:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Alawar
[2010/12/24 21:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Artifex Mundi
[2011/03/25 13:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Artogon
[2010/06/07 19:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Auslogics
[2010/07/17 12:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Awem
[2010/12/21 15:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\AweSEM
[2010/07/28 01:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Azuaz Games
[2011/01/29 01:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Big Fish Games
[2011/03/26 16:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Blue Tea Games
[2011/04/19 21:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Boomzap
[2011/04/11 12:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Camel101
[2010/12/24 14:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Casual Arts
[2010/08/21 14:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Cat's Eye Games
[2010/12/19 21:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\cerasus.media
[2011/02/02 23:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\ChaYoWo Games
[2011/04/15 00:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Cosmonaut Games
[2011/03/12 15:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\CursedOnboard
[2010/07/29 21:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\DigirononGames
[2011/01/23 17:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\EleFun Games
[2011/03/11 15:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Elephant Games
[2011/04/08 15:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Enki Games
[2010/07/25 23:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\ERS G-Studio
[2011/04/22 23:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\ERS Game Studios
[2010/12/25 17:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Flood Light Games
[2010/11/30 17:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Floodlight Games
[2011/01/18 20:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\FlyWheelGames
[2010/07/11 15:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\FreezeTag
[2011/03/13 17:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Friday's games
[2010/11/29 14:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Frogwares
[2010/12/07 18:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Fugazo
[2011/04/21 11:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Funlinker
[2011/02/23 15:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Fuzzy Bug Interactive
[2011/04/14 21:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\GameHouse
[2011/01/20 02:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\GameInvest
[2011/04/11 20:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\GameMill Entertainment
[2010/08/11 16:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Gamers Digital
[2010/08/11 15:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\GamersDigital
[2011/03/02 20:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\GAMGO
[2011/04/11 11:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\GarageGames
[2010/07/12 15:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Gestalt Games
[2011/04/13 13:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\GestaltGames
[2011/01/18 00:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Ghost Ship Studios
[2010/12/08 17:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\gogii
[2011/01/26 00:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Gold Casual Games
[2011/02/28 16:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\GTM_Bodie
[2011/04/24 13:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Happy Muffin Top
[2011/04/12 17:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\HdO Adventure
[2011/03/26 21:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\HillStoneAnimationStudios
[2010/12/14 18:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\HiT-MM
[2011/03/31 22:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\HitPoint Studios
[2011/04/13 10:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\IBAGroup
[2010/12/13 07:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Image Zone Express
[2011/01/21 19:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\iWin
[2010/12/04 14:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\JoyBits
[2010/08/20 21:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Lazy Turtle Games
[2010/12/20 05:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\LittleGamesCompany
[2011/01/29 19:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\MA2
[2011/04/02 12:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\MagicIndie
[2011/03/04 13:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\margrave3_full
[2010/06/30 11:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Mariaglorum
[2010/12/23 19:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Meridian93
[2010/07/18 19:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Merscom
[2010/07/06 23:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Mutant Arcade
[2011/04/18 20:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\My Games
[2010/08/20 23:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\MysteriousCaseOfJekyllAndHyde
[2011/04/05 09:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Namco
[2011/04/24 23:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Oberon Media
[2011/04/12 19:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Odian Games
[2011/01/24 10:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Old Castle
[2011/04/26 02:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Orneon
[2011/04/24 11:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\PlayFirst
[2010/12/27 02:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\PlayPond
[2011/01/21 16:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Pogo Games
[2011/01/15 17:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\PriceGong
[2011/03/04 16:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\QB9
[2010/06/20 19:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Scholastic
[2010/07/19 17:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\ScreenSeven
[2011/03/09 17:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\SevenSails
[2010/12/04 02:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\ShinyTales
[2011/04/02 19:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Silverback Productions
[2010/06/11 22:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Skunk Studios
[2010/12/30 14:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Specialbit
[2010/12/01 17:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\SpinTop
[2011/04/23 19:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\SpinTop Games
[2011/03/17 00:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\SulusGames
[2010/07/09 16:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\The Inquisitor
[2011/02/28 13:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\TikisLab
[2011/04/06 11:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\TOMI3
[2011/04/23 11:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Top Evidence
[2010/11/29 19:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Total Eclipse
[2011/02/22 21:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\TreeCardGames
[2010/12/08 19:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Vast Studios
[2011/03/20 14:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Vogat Interactive
[2011/01/27 13:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\WhiteBirdsProductions
[2011/04/14 22:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Flowers\Application Data\Zylom
[2011/04/26 08:38:13 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E690114B
@Alternate Data Stream - 235 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AECF4772
@Alternate Data Stream - 235 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EC7A545
@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF6A2C54
@Alternate Data Stream - 230 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B54E4B5A
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6E6C4EA
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:834DD57E
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:116F958F
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AABCC5A7
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A69BCBB
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18997511
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B812F293
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:58F78E08
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E189EC1B
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52FE3CCD
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20BC9A76
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14A1BBE3
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF6C81B2
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:938EB9FC
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5B51004
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A819A132
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BDF1A6A
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C356A185
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8C44CB4
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF5DCAD7
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD020DC3
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9E8066F
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F925134
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3969ACF7
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AAEFD5D
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0785072C
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9665738
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90FE524C
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E5EA40F
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B804134
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D72D7897
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFA8C6E3
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8EB1B99
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79875988
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5CE91C67
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:397D67BA
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D6B18F1
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6BEADB7
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99B20AD0
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:956EC010
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BE8BFCD
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8924043A
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71B89F61
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C8FA829
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19474103
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91A12471
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C0CBD4C
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5782349A
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54380FEC
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3867977D
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B4B9596
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FC46878
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30E0D641
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:021496FB
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6C6EB3B
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8F88A8F
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0921B2C
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02E56DC6
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBCF5924
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5B07840
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDF112BD
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C2E76130
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB4C77AD
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C49A5AD1
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94B46CA2
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3086B95F
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25249477
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0BBF232A
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05670151
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAF954B6
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA1919C7
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35CF1C69
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:190B5C6B
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6FE6031
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FD757A9
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FD26EF3
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F38B460
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C2F24DB5
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0456F0C
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA0017FD
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FCCCD6D
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C8AA9A6
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:737160C1
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70DFEEF4
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A6115DD
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:207C4C79
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9656460
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAE3AE67
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD34FFC5
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B190BE3A
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A445F715
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:852F2262
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80EA2EA3
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FFBA7B1
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F16D671
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34445512
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9C7B545
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7ADB695A
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33B04540
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09C298DD
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE6B5FC3
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5241382
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5080697C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23834E1E
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:204BEE0F
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F663BB74
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAD4A155
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E463CA56
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C504A4D
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:864881BF
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75798D9A
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65B701A9
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52C24010
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31996194
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3196E8D
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDF47D67
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5584049
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B87381C
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B1AE40C
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E8117B1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF5ECDE7
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B38BEEEE
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87E0E06D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F0B6A5A
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59465B40
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AAFEFCD
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B856118
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C201DEB
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2CFA9CD
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A82449
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA23BCFD
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0893153
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:961B84C5
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:268BA8AB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF38B79C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2CD146E
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31346E1D
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1170D6E4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8AE59B8
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6D6E537
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4E7D25F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D9A374E
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16EEDD02
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE40C8A2
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:902B6A44
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53B8C5D2
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FA837B4
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E200C29
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B389835
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A504B9
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A077D87
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34EFF1F2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AF322BF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29861223
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80F61F6F
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E9035C9
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DF54B62
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6D084A5
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6D89509
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90180C1D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86B7FDDB
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73AFBB96
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65B8AF94
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63C29481
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:512E1728
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AD6342E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1EEB23AD
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB2748F7
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BCDBBA6D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BE7A048
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:774A0E14
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:689AB7E9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AE50743
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20767002
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C22C34B
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:378824DE
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCB49694
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFB24B00
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DDE401B
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ACECBBFF
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71A89A93
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71112705
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C63E7DE2
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7881FECE
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B0EE21A
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F43628AB
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C460E20
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4911BB5C
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6

< End of report >

Edited by simplee55, 27 April 2011 - 12:14 AM.

  • 0

Advertisements

#2
RKinner
Posted 28 April 2011 - 12:50 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Sandbox is from Avast and it is used whenever Avast sees a program that it thinks might be dangerous. This includes very powerful programs like:
AFT Cleaner, TFC Tools and Combofix as well as malware. We need to turn off the sandbox before running Combofix. Click on the Avast ball. Select Additional Protection then AutoSandbox then Settings then uncheck Enable AutoSandbox then OK.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

Are you still being redirected?

Ron
  • 0

#3
simplee55
Posted 28 April 2011 - 04:19 AM

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Sandbox is from Avast and it is used whenever Avast sees a program that it thinks might be dangerous. This includes very powerful programs like:
AFT Cleaner, TFC Tools and Combofix as well as malware. We need to turn off the sandbox before running Combofix. Click on the Avast ball. Select Additional Protection then AutoSandbox then Settings then uncheck Enable AutoSandbox then OK.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

Are you still being redirected?

Ron


Hello Ron:

Letting you know that I've never had ComboFix, do you want me to install it and run it.

Also, I'm confused when you said about the Log for Malwarebytes, you said: "Be sure that everything is checked, and click Remove Selected", what are you telling me to do after the Scan has finished running.

I'll get back to you later on today with the Logs.

Thank U for your help !!!
  • 0

#4
simplee55
Posted 28 April 2011 - 05:09 AM

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
Ron:

Here is the Malwarebytes Log:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6462

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/28/2011 3:58:50 AM
mbam-log-2011-04-28 (03-58-50).txt

Scan type: Full scan (C:\|)
Objects scanned: 199964
Time elapsed: 36 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#5
simplee55
Posted 28 April 2011 - 05:32 AM

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
Ron:

On this CombFix tool.

I clicked on the first link you provided to download ComboFix.

After that the download window appeared, I clicked on the link, I thought it would start the download so I could install it, instead I get this little Bar that appeared at the bottom of my Desktop, that I thought would start the Setup process and I never got anything, it just disappeared.

I kept looking at my tower to see if there was any movement on the Green Light, but nothing was happening. So I clicked on the 2nd Link you gave and I got the same thing.

Look at the SNAPSHOT.

I hope it didn't run already.

I won't do anything else until I hear back from you !!!

Attached Thumbnails

  • Attachment No. 1.JPG

Edited by simplee55, 28 April 2011 - 05:40 AM.

  • 0

#6
RKinner
Posted 28 April 2011 - 08:06 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Since Malware Anti-Malware found nothing there was nothing to check.

That's how Chrome downloads files. I think you can right click on it and Copy then move to the desktop and Paste.
  • 0

#7
simplee55
Posted 28 April 2011 - 11:18 AM

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
Ron:

I don't understand when you said:


Since Malware Anti-Malware found nothing there was nothing to check. Okay, got it.

That's how Chrome downloads files. Yes I know, I've had Chrome for 2 years.

I think you can right click on it and Copy then move to the desktop and Paste. Right click on what and Copy and Paste ???

And do you want me to continue with the rest of your Instructions ???

Edited by simplee55, 28 April 2011 - 11:19 AM.

  • 0

#8
RKinner
Posted 28 April 2011 - 11:24 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Right Click on Combofix.exe at the bottom of your Chrome window.

We want to move it to the desktop.

Ron
  • 0

#9
simplee55
Posted 28 April 2011 - 11:43 AM

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts

Right Click on Combofix.exe at the bottom of your Chrome window. Okay.

We want to move it to the desktop.

Ron


  • 0

#10
simplee55
Posted 28 April 2011 - 11:45 AM

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
Ron:

Here is that TDSS Killer Log.


2011/04/28 10:41:04.0656 2200 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/28 10:41:05.0296 2200 ================================================================================
2011/04/28 10:41:05.0296 2200 SystemInfo:
2011/04/28 10:41:05.0296 2200
2011/04/28 10:41:05.0296 2200 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/28 10:41:05.0296 2200 Product type: Workstation
2011/04/28 10:41:05.0296 2200 ComputerName: DEBRA
2011/04/28 10:41:05.0296 2200 UserName: Debra Flowers
2011/04/28 10:41:05.0296 2200 Windows directory: C:\WINDOWS
2011/04/28 10:41:05.0296 2200 System windows directory: C:\WINDOWS
2011/04/28 10:41:05.0296 2200 Processor architecture: Intel x86
2011/04/28 10:41:05.0296 2200 Number of processors: 1
2011/04/28 10:41:05.0296 2200 Page size: 0x1000
2011/04/28 10:41:05.0296 2200 Boot type: Normal boot
2011/04/28 10:41:05.0296 2200 ================================================================================
2011/04/28 10:41:05.0468 2200 Initialize success
2011/04/28 10:41:25.0546 0916 ================================================================================
2011/04/28 10:41:25.0546 0916 Scan started
2011/04/28 10:41:25.0546 0916 Mode: Manual;
2011/04/28 10:41:25.0546 0916 ================================================================================
2011/04/28 10:41:25.0890 0916 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/04/28 10:41:26.0062 0916 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/04/28 10:41:26.0187 0916 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/28 10:41:26.0343 0916 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/28 10:41:26.0421 0916 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/04/28 10:41:26.0546 0916 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/28 10:41:26.0703 0916 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/04/28 10:41:26.0828 0916 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/28 10:41:26.0937 0916 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/04/28 10:41:27.0062 0916 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/04/28 10:41:27.0171 0916 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/04/28 10:41:27.0265 0916 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/04/28 10:41:27.0375 0916 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/04/28 10:41:27.0468 0916 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/04/28 10:41:27.0609 0916 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/04/28 10:41:27.0718 0916 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/04/28 10:41:27.0843 0916 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/04/28 10:41:27.0906 0916 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/04/28 10:41:28.0046 0916 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/04/28 10:41:28.0171 0916 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/04/28 10:41:28.0296 0916 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/04/28 10:41:28.0421 0916 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/04/28 10:41:28.0515 0916 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/04/28 10:41:28.0703 0916 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
2011/04/28 10:41:28.0890 0916 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/04/28 10:41:29.0015 0916 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/28 10:41:29.0140 0916 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/28 10:41:29.0312 0916 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/28 10:41:29.0453 0916 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/28 10:41:29.0609 0916 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/28 10:41:29.0687 0916 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/04/28 10:41:29.0781 0916 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/28 10:41:29.0859 0916 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/04/28 10:41:30.0015 0916 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/28 10:41:30.0140 0916 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/28 10:41:30.0234 0916 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/28 10:41:30.0359 0916 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/04/28 10:41:30.0500 0916 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/04/28 10:41:30.0593 0916 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/04/28 10:41:30.0718 0916 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/04/28 10:41:30.0906 0916 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/28 10:41:31.0031 0916 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/28 10:41:31.0203 0916 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/28 10:41:31.0281 0916 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/28 10:41:31.0421 0916 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/28 10:41:31.0546 0916 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/04/28 10:41:31.0687 0916 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/28 10:41:31.0796 0916 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/04/28 10:41:31.0968 0916 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/28 10:41:32.0093 0916 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/28 10:41:32.0203 0916 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/28 10:41:32.0296 0916 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/28 10:41:32.0421 0916 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/28 10:41:32.0531 0916 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/28 10:41:32.0625 0916 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/28 10:41:32.0781 0916 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/28 10:41:32.0953 0916 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/04/28 10:41:33.0046 0916 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/04/28 10:41:33.0171 0916 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/04/28 10:41:33.0281 0916 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/04/28 10:41:33.0421 0916 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/28 10:41:33.0562 0916 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/04/28 10:41:33.0671 0916 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/04/28 10:41:33.0750 0916 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/28 10:41:33.0890 0916 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/04/28 10:41:34.0093 0916 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/28 10:41:34.0218 0916 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/04/28 10:41:34.0375 0916 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/04/28 10:41:34.0593 0916 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/04/28 10:41:34.0765 0916 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/04/28 10:41:34.0906 0916 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/28 10:41:35.0000 0916 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/28 10:41:35.0109 0916 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/28 10:41:35.0203 0916 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/28 10:41:35.0328 0916 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/28 10:41:35.0406 0916 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/28 10:41:35.0531 0916 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/28 10:41:35.0656 0916 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/28 10:41:35.0765 0916 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/28 10:41:35.0921 0916 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/28 10:41:36.0046 0916 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/28 10:41:36.0140 0916 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/28 10:41:36.0296 0916 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/04/28 10:41:36.0453 0916 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/04/28 10:41:36.0609 0916 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/28 10:41:36.0734 0916 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/28 10:41:36.0843 0916 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/04/28 10:41:36.0984 0916 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/04/28 10:41:37.0093 0916 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/28 10:41:37.0218 0916 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/28 10:41:37.0328 0916 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/04/28 10:41:37.0468 0916 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/28 10:41:37.0609 0916 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/28 10:41:37.0781 0916 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/28 10:41:37.0859 0916 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/28 10:41:37.0984 0916 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/28 10:41:38.0078 0916 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/28 10:41:38.0218 0916 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/28 10:41:38.0328 0916 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/28 10:41:38.0515 0916 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/28 10:41:38.0671 0916 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/28 10:41:38.0781 0916 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/28 10:41:38.0890 0916 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/28 10:41:39.0015 0916 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/28 10:41:39.0140 0916 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/28 10:41:39.0234 0916 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/28 10:41:39.0359 0916 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/28 10:41:39.0500 0916 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/28 10:41:39.0640 0916 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/28 10:41:39.0796 0916 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/28 10:41:39.0984 0916 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/28 10:41:40.0062 0916 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/28 10:41:40.0156 0916 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/28 10:41:40.0265 0916 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/28 10:41:40.0390 0916 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/28 10:41:40.0484 0916 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/28 10:41:40.0593 0916 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/28 10:41:40.0687 0916 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/28 10:41:40.0796 0916 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/04/28 10:41:40.0890 0916 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/04/28 10:41:41.0078 0916 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/28 10:41:41.0187 0916 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/28 10:41:41.0234 0916 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/28 10:41:41.0328 0916 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/28 10:41:41.0484 0916 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/04/28 10:41:41.0562 0916 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/04/28 10:41:41.0687 0916 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/04/28 10:41:41.0796 0916 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/04/28 10:41:41.0890 0916 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/04/28 10:41:42.0031 0916 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/28 10:41:42.0171 0916 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/28 10:41:42.0328 0916 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/28 10:41:42.0421 0916 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/28 10:41:42.0546 0916 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/28 10:41:42.0625 0916 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/28 10:41:42.0781 0916 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/28 10:41:42.0921 0916 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/28 10:41:43.0000 0916 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/28 10:41:43.0187 0916 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/28 10:41:43.0343 0916 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/04/28 10:41:43.0546 0916 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/28 10:41:43.0593 0916 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/28 10:41:43.0750 0916 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/28 10:41:43.0968 0916 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/04/28 10:41:44.0140 0916 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/04/28 10:41:44.0312 0916 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/04/28 10:41:44.0437 0916 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/28 10:41:44.0578 0916 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/28 10:41:44.0734 0916 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/28 10:41:44.0921 0916 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/28 10:41:45.0031 0916 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/28 10:41:45.0140 0916 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/04/28 10:41:45.0265 0916 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/04/28 10:41:45.0375 0916 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/04/28 10:41:45.0468 0916 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/04/28 10:41:45.0609 0916 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/28 10:41:45.0765 0916 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/28 10:41:45.0921 0916 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/28 10:41:46.0015 0916 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/28 10:41:46.0171 0916 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/28 10:41:46.0281 0916 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/04/28 10:41:46.0421 0916 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/28 10:41:46.0531 0916 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/04/28 10:41:46.0671 0916 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/28 10:41:46.0859 0916 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/28 10:41:46.0968 0916 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/28 10:41:47.0093 0916 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/28 10:41:47.0218 0916 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/28 10:41:47.0343 0916 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/28 10:41:47.0453 0916 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/28 10:41:47.0578 0916 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/28 10:41:47.0671 0916 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/28 10:41:47.0750 0916 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/04/28 10:41:47.0890 0916 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/28 10:41:47.0953 0916 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/28 10:41:48.0125 0916 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/28 10:41:48.0250 0916 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/28 10:41:48.0484 0916 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/28 10:41:48.0593 0916 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/28 10:41:48.0687 0916 ================================================================================
2011/04/28 10:41:48.0687 0916 Scan finished
2011/04/28 10:41:48.0687 0916 ================================================================================
  • 0

Advertisements

#11
simplee55
Posted 28 April 2011 - 11:52 AM

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
Ron:

How do I answer this Box ???

Attached Thumbnails

  • Attachment No. 3.JPG

  • 0

#12
RKinner
Posted 28 April 2011 - 12:23 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
You can say Y then Enter. Choose option 1 to dump the mbr. You want the disk drive 0 and save the file to c:\mbrdumpe55.txt.

Then give me the make and model of your PC and attach the file c:\mbrdumpe55.txt to your next reply. Also copy and paste the text from the log.

Ron
  • 0

#13
simplee55
Posted 28 April 2011 - 04:19 PM

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
Got your last message, will have to pick up tomorrow, have a meeting tonight and must get ready.

Thanks 4 all your help Ron, appreciate it.

simplee55
  • 0

#14
simplee55
Posted 29 April 2011 - 02:06 PM

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
NEVER MIND !!!

Edited by simplee55, 29 April 2011 - 02:20 PM.

  • 0

#15
simplee55
Posted 29 April 2011 - 02:12 PM

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
Ron:

I'm not going to tell you that I thought that the MBRCheck wasn't working for me, because it did, but I just didn't know it until I looked on my Desktop and there was the Log.

Also I have a DELL 3000 Dimension and running WinXP

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 122):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7B56000 \WINDOWS\system32\KDCOM.DLL
0xF7A66000 \WINDOWS\system32\BOOTVID.dll
0xF7607000 ACPI.sys
0xF7B58000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF75F6000 pci.sys
0xF7656000 isapnp.sys
0xF7C1E000 pciide.sys
0xF78D6000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7B5A000 intelide.sys
0xF7666000 MountMgr.sys
0xF75D7000 ftdisk.sys
0xF78DE000 PartMgr.sys
0xF7676000 VolSnap.sys
0xF75BF000 atapi.sys
0xF7686000 disk.sys
0xF7696000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF759F000 fltmgr.sys
0xF758D000 sr.sys
0xF76A6000 Lbd.sys
0xF78E6000 PxHelp20.sys
0xF7576000 KSecDD.sys
0xF74E9000 Ntfs.sys
0xF74BC000 NDIS.sys
0xF74A2000 Mup.sys
0xF7866000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF730B000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF72F7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF796E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF72D3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7976000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7876000 \SystemRoot\system32\DRIVERS\IntelC53.sys
0xF72B0000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7189000 \SystemRoot\system32\DRIVERS\IntelC51.sys
0xF70F4000 \SystemRoot\system32\DRIVERS\IntelC52.sys
0xF797E000 \SystemRoot\system32\DRIVERS\mohfilt.sys
0xF7986000 \SystemRoot\System32\Drivers\Modem.SYS
0xF70CE000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF798E000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7886000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7996000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF799E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7896000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7B1E000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF70BA000 \SystemRoot\system32\DRIVERS\parport.sys
0xF78A6000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF78B6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF78C6000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF707A000 \SystemRoot\system32\drivers\smwdm.sys
0xF7056000 \SystemRoot\system32\drivers\portcls.sys
0xF76C6000 \SystemRoot\system32\drivers\drmk.sys
0xF6FA3000 \SystemRoot\system32\drivers\senfilt.sys
0xF7C6C000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76D6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B26000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6F8C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76E6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76F6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF79AE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6F7B000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7706000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79BE000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79C6000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7726000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B6E000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6E3F000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B42000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7756000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7786000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B7E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7AE2000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF79F6000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7AF2000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7B80000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D92000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B82000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A06000 \SystemRoot\System32\drivers\vga.sys
0xF7B84000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B86000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A0E000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A16000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7AF6000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEEBE7000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEEB8E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF77A6000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xEEB66000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7A1E000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xEEB44000 \SystemRoot\System32\drivers\afd.sys
0xF77B6000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEEB19000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEEA81000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77C6000 \SystemRoot\System32\Drivers\Fips.SYS
0xEEA5B000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF77D6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEEA13000 \SystemRoot\System32\Drivers\aswSP.SYS
0xEE9B5000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xF7A36000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF6F1A000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEE975000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C1A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEEC2E000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79E6000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C72000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBF159000 \SystemRoot\System32\ATMFD.DLL
0xEE8C9000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xEE875000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEE616000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xEE359000 \SystemRoot\system32\drivers\wdmaud.sys
0xEE8E5000 \SystemRoot\system32\drivers\sysaudio.sys
0xEE02E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEDF0E000 \SystemRoot\system32\DRIVERS\srv.sys
0xEDABD000 \SystemRoot\System32\Drivers\HTTP.sys
0xED9D5000 \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
0xED7BF000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 48):
0 System Idle Process
4 System
604 C:\WINDOWS\system32\smss.exe
668 csrss.exe
692 C:\WINDOWS\system32\winlogon.exe
736 C:\WINDOWS\system32\services.exe
748 C:\WINDOWS\system32\lsass.exe
904 C:\WINDOWS\system32\svchost.exe
968 svchost.exe
1064 C:\WINDOWS\system32\svchost.exe
1144 svchost.exe
1304 svchost.exe
1508 C:\WINDOWS\explorer.exe
1560 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
180 C:\WINDOWS\system32\spoolsv.exe
956 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
1104 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1096 C:\WINDOWS\system32\hkcmd.exe
1156 C:\WINDOWS\system32\igfxpers.exe
1180 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
1452 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1500 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1596 C:\Program Files\Messenger\msmsgs.exe
864 C:\WINDOWS\system32\ctfmon.exe
1896 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
1424 svchost.exe
712 C:\Program Files\Java\jre6\bin\jqs.exe
652 C:\Program Files\Common Files\Motive\McciCMService.exe
1284 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2076 C:\WINDOWS\system32\svchost.exe
2112 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2204 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2308 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2924 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
3084 unsecapp.exe
3348 alg.exe
3468 wmiprvse.exe
3992 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1864 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
912 C:\Documents and Settings\Debra Flowers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
556 C:\Documents and Settings\Debra Flowers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1024 C:\Documents and Settings\Debra Flowers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
240 C:\Documents and Settings\Debra Flowers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
332 C:\Documents and Settings\Debra Flowers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2328 C:\Documents and Settings\Debra Flowers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1652 <unknown>
2320 C:\Documents and Settings\Debra Flowers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2736 C:\Documents and Settings\Debra Flowers\My Documents\DOWNLOADS\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS)

PhysicalDrive0 Model Number: WDCWD800BB-75JHC0, Rev: 06.01C06

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E66C176942DF42CCFE7A0113EAFF39E82F8B0047


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: c:\mdrumpe55.txtDumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: c:\mdrumpe55.txtDumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: c:\mbrdumpe55.txtDumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit):

Edited by simplee55, 29 April 2011 - 03:05 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP