This topic is locked
I need help, don't know but, have possibly picked up a Virus.
I've worked all of the Self Help Guide and posted their Logs.
Went to a web site to read some information that I needed, have used this site many times in the last year with no problems. As the page loaded, a AVAST warning, that a Virus had possibly infected my PC. I closed out of that page/web site right away.
After that event, I ran AVAST Standard Scan immediately and it found 0 infections.
Than I ran Malwarebytes and it also came up with 0 infections.
Next I ran Ad-Aware and 1 object was found which was Cookies.
Than I ran Microsoft's Disk Cleanup.
Cleared out my Java panel.
Ran the ATF and TFC Tools;
Cleared out both Web Browsers, Google Chrome and IE 7.
After all of the above was completed, came to the Geeks and;
Then I ran GMER;
I have the ERUNT registry backed up and;
Ran OLT. I don't know if I understood the instructions correctly, but the Log is also posted.
I'm running WinXP-2002 and the Programs and Tools I have on my PC to keep it running smoothly are:
AVAST;
Ad-Aware;
Malwarebytes; and
ATF and TFC Tools.
Can someone please help.
Thank U !!!
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4103
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/16/2010 7:31:32 PM
mbam-log-2010-05-16 (19-31-32).txt
Scan type: Quick scan
Objects scanned: 128703
Time elapsed: 10 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL logfile created on: 5/17/2010 11:19:32 PM - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\tyannah nicoles\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 508.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.62 Gb Total Space | 58.77 Gb Free Space | 82.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DEBRA
Current User Name: tyannah nicoles
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/05/17 08:52:38 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tyannah nicoles\My Documents\Downloads\OTL.exe
PRC - [2010/05/16 18:22:42 | 000,840,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/16 18:22:39 | 001,291,544 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/03/18 00:35:34 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\tyannah nicoles\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2009/11/24 16:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/10/14 17:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
========== Modules (SafeList) ==========
MOD - [2010/05/17 08:52:38 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tyannah nicoles\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/05/16 18:22:39 | 001,291,544 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/04 07:12:39 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
========== Driver Services (SafeList) ==========
DRV - [2010/02/04 08:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/24 16:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 16:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 16:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 16:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 16:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 16:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/07/08 14:54:02 | 000,148,496 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\00357850.sys -- (is-55327drv)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/06/18 06:10:42 | 000,373,568 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv09.sys -- (acedrv09)
DRV - [2007/05/30 09:54:22 | 000,201,696 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp09.sys -- (acehlp09)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/03 20:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/16 01:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 02:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 02:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 02:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://video.pbs.org/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[2009/12/02 22:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Mozilla\Extensions
O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1256951710656 (MUWebControl Class)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://www.support.d...lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinn...royal/royal.cab (Royal Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinn...es/wwspades.cab (WWSpades Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\tyannah nicoles\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\tyannah nicoles\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 10:52:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/05/16 22:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Desktop\New Folder
[2010/05/16 19:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/14 21:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Oberon Media
[2010/05/14 15:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\ERS G-Studio
[2010/05/14 13:00:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/05/12 15:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\OtherSide Realm of Eons
[2010/05/11 23:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\SunRay Games
[2010/05/11 23:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2010/05/11 23:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2010/05/09 19:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Game Mill Entertainment
[2010/05/06 21:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Shockwave
[2010/05/04 15:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\GameInvest
[2010/05/04 02:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Freeze Tag
[2010/05/03 12:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Boomzap
[2010/04/27 20:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Nevosoft Games
[2010/04/23 16:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\AzuazGames
[2010/04/22 18:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\Alawar
[2010/04/20 22:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\YoudaGames
[2010/04/19 15:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Serious Backgammon
[2010/04/17 19:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\FlyWheelGames
[2010/04/14 20:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alawar Entertainment
[2010/04/14 20:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Alawar Entertainment
[2010/04/12 21:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Top Evidence
[2010/04/12 21:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Top Evidence
[2010/04/11 19:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\MemoryClinic
[2010/04/10 21:54:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\tyannah nicoles\My Documents\My Music
[2010/04/09 09:11:31 | 000,000,000 | ---D | C] -- C:\PFiles
[2010/04/08 21:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Frogwares
[2010/04/08 20:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\LegacyInteractive
[2010/04/06 22:55:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\GameMill Entertainment
[2010/04/06 16:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Particles
[2010/04/06 16:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Specialbit
[2010/03/31 00:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XDARUFQAYG
[2010/03/31 00:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TCARUFQAYG
[2010/03/31 00:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VKARUFQAYG
[2010/03/27 13:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Silverback Productions
[2010/03/25 21:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\iMaxGen
[2010/03/24 12:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\SerpentOfIsis
[2010/03/21 23:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/03/20 20:12:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Nevosoft
[2010/03/18 21:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\QB9
[2010/03/18 00:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\SprillRichiEng
[2010/03/10 16:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Orneon
[2010/03/08 21:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\My Documents\MY GAMES
[2010/03/07 15:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\WildTangent
[2010/03/06 21:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/03/06 13:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2010/03/02 17:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Righteous Kill
[2010/03/01 15:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Meridian93
[2010/02/26 18:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\IronCode
[2010/02/23 21:45:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/22 01:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tyannah nicoles\Application Data\Artogon
========== Files - Modified Within 90 Days ==========
[2010/05/17 23:20:43 | 591,575,072 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/05/17 23:12:26 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\Desktop\FOR MY INFO.doc
[2010/05/17 22:47:44 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\spider.sav
[2010/05/17 22:43:31 | 000,000,006 | ---- | M] () -- C:\WINDOWS\System32\x517_256.dll
[2010/05/17 22:40:01 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-55942804-654722941-2014637290-1006UA.job
[2010/05/17 20:43:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/17 17:36:26 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\DUPE 4 JUNE BILLS.doc
[2010/05/17 14:23:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/17 14:21:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/17 14:21:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/17 14:21:22 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/17 11:15:54 | 006,923,804 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/05/17 11:15:28 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\ntuser.dat
[2010/05/17 11:15:28 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\tyannah nicoles\ntuser.ini
[2010/05/17 00:40:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-55942804-654722941-2014637290-1006Core.job
[2010/05/16 19:52:54 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\INSTRUCTION PRINT.doc
[2010/05/16 19:49:51 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\Desktop\Microsoft Office Word 2003.lnk
[2010/05/16 04:40:27 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\BILLS 4 JUNE.doc
[2010/05/14 17:52:26 | 000,001,278 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\More Great Games.lnk
[2010/05/14 16:30:30 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\Desktop\Revo Uninstaller.lnk
[2010/05/13 07:49:08 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\UsersNames and Passwords.doc
[2010/05/12 02:04:18 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/11 23:15:35 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\Game Manager.lnk
[2010/04/30 20:45:58 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 12:42:45 | 000,002,358 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\Desktop\Google Chrome.lnk
[2010/04/28 21:51:20 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\PRAYER DECREES.doc
[2010/04/27 11:24:38 | 005,097,242 | -H-- | M] () -- C:\Documents and Settings\tyannah nicoles\Local Settings\Application Data\IconCache.db
[2010/04/24 04:58:39 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\Ltr. to CONNIE.doc
[2010/04/19 15:40:32 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\Desktop\Serious Backgammon.lnk
[2010/04/19 15:03:07 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\Desktop\Auslogics Disk Defrag.lnk
[2010/04/16 00:47:18 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/14 05:23:12 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 05:23:12 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 05:23:11 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/12 11:14:54 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\DIMINATIONS 4 LOAN BY PHONE.doc
[2010/02/28 20:24:41 | 000,027,340 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\Local Settings\Application Data\slot1.mm1
[2010/02/26 20:27:47 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\REPENTANCE and EL SHADDAI that means.doc
[2010/02/26 19:42:49 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\Local Settings\Application Data\fusioncache.dat
[2010/02/26 19:41:53 | 000,417,760 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/25 08:31:59 | 000,143,927 | ---- | M] () -- C:\Documents and Settings\tyannah nicoles\My Documents\SAVE THIS.JPG
[2010/02/23 21:52:33 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/23 21:45:11 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/02/19 12:21:27 | 000,000,016 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
========== Files Created - No Company Name ==========
[2010/05/17 23:12:26 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\Desktop\FOR MY INFO.doc
[2010/05/16 19:52:54 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\My Documents\INSTRUCTION PRINT.doc
[2010/05/14 17:52:26 | 000,001,278 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\My Documents\More Great Games.lnk
[2010/05/11 23:15:35 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\My Documents\Game Manager.lnk
[2010/05/11 20:12:36 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\My Documents\DUPE 4 JUNE BILLS.doc
[2010/04/28 21:51:20 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\My Documents\PRAYER DECREES.doc
[2010/04/24 12:48:37 | 000,000,372 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\My Documents\spider.sav
[2010/04/19 15:40:32 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\Desktop\Serious Backgammon.lnk
[2010/04/19 15:03:07 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\Desktop\Auslogics Disk Defrag.lnk
[2010/04/13 07:44:55 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\My Documents\BILLS 4 JUNE.doc
[2010/03/18 12:52:03 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\My Documents\Ltr. to CONNIE.doc
[2010/03/08 08:11:17 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\My Documents\UsersNames and Passwords.doc
[2010/02/28 13:37:33 | 000,027,340 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\Local Settings\Application Data\slot1.mm1
[2010/02/26 19:42:49 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\Local Settings\Application Data\fusioncache.dat
[2010/02/25 08:31:59 | 000,143,927 | ---- | C] () -- C:\Documents and Settings\tyannah nicoles\My Documents\SAVE THIS.JPG
[2010/02/23 21:45:11 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/02/19 12:21:26 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/02/03 00:17:37 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\x517_256.dll
[2009/12/28 19:45:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/10/29 02:08:13 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/10/29 02:07:32 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/10/29 02:01:36 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/10/18 19:46:44 | 000,000,008 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/10/18 02:33:52 | 000,000,283 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/10/02 01:13:46 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006/10/02 01:13:46 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/01/22 20:54:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/12/01 21:27:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/09 00:36:12 | 000,000,428 | ---- | C] () -- C:\WINDOWS\TLTitleData.ini
[2005/11/02 01:16:00 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2005/10/20 05:40:14 | 000,000,412 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/09/08 02:55:33 | 000,000,353 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/08/25 01:30:40 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/07/29 23:56:54 | 000,000,284 | ---- | C] () -- C:\WINDOWS\ATRT.INI
[2005/07/11 19:37:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/11 19:31:40 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/11 19:08:14 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/07/11 19:07:56 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/07/06 01:00:30 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2005/07/06 01:00:26 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2005/07/06 01:00:26 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2004/08/10 11:12:05 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 11:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
========== LOP Check ==========
[2010/01/01 21:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2010/04/14 20:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Entertainment
[2010/01/12 00:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/04/22 19:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2009/12/12 12:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/12 02:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BanzaiInteractive
[2009/12/25 21:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Becky Brogan
[2010/02/13 19:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2009/10/31 04:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2010/02/09 09:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Christmasville
[2009/11/04 07:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2007/11/19 13:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/04/04 14:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2010/03/10 01:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum2
[2009/11/07 23:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2010/02/20 00:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2009/10/30 14:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/12/19 13:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/12/09 15:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IntDreams
[2010/03/21 23:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/02/01 15:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/12/03 18:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010/01/14 01:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LPARUFQAYG
[2010/04/23 13:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/01/12 18:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/04/04 15:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/03/06 13:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2009/11/09 23:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2007/11/19 13:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/04/06 16:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2010/05/12 15:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/11/26 03:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2010/01/04 20:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2010/02/25 23:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/12/02 00:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Slapdash Games
[2009/12/15 19:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpecialBit
[2010/01/25 13:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2008/02/18 10:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/03/31 00:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TCARUFQAYG
[2010/05/14 22:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/05 18:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Mirror Mysteries
[2010/04/12 21:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Top Evidence
[2005/07/11 19:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/31 00:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VKARUFQAYG
[2010/05/16 16:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/12/10 14:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildWestQuest2
[2010/04/03 14:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/03/31 00:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XDARUFQAYG
[2010/01/02 21:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/02/23 21:45:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/14 20:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Alawar Entertainment
[2010/01/02 12:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\ArcadeTown 3 Days Zoo Mystery
[2010/04/16 17:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Artogon
[2010/03/21 02:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Auslogics
[2009/12/12 12:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\AVG9
[2010/04/23 16:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\AzuazGames
[2010/02/12 02:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\BanzaiInteractive
[2010/04/25 16:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Big Fish Games
[2010/05/03 13:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Boomzap
[2010/01/22 01:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\cerasus.media
[2010/05/14 15:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\ERS G-Studio
[2009/12/21 19:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Fabulous Finds
[2010/02/20 00:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Flood Light Games
[2010/04/17 19:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\FlyWheelGames
[2010/05/04 02:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Freeze Tag
[2009/12/31 20:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Friday's games
[2010/04/08 21:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Frogwares
[2009/12/16 19:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Futoshiki
[2010/05/09 19:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Game Mill Entertainment
[2010/04/26 21:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\GameHousev1001
[2010/05/04 15:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\GameInvest
[2010/04/06 22:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\GameMill Entertainment
[2009/11/27 15:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Gamers Digital
[2010/02/06 13:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Games
[2010/01/11 07:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Gold Casual Games
[2009/10/29 23:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\GTM_Bodie
[2010/05/05 23:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\HdO Adventure
[2009/12/17 23:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\HiT-MM
[2010/03/30 18:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Image Zone Express
[2010/03/26 10:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\iMaxGen
[2010/02/26 18:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\IronCode
[2009/12/01 02:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Leadertech
[2010/04/08 20:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\LegacyInteractive
[2008/05/06 11:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Lionhead Studios
[2009/12/04 18:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\MastersOfMystery2
[2010/04/11 19:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\MemoryClinic
[2010/03/01 15:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Meridian93
[2010/04/23 13:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Merscom
[2009/11/09 22:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\MSNInstaller
[2010/02/08 21:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Mysteryville2
[2010/03/20 20:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Nevosoft
[2010/04/27 20:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Nevosoft Games
[2010/05/14 21:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Oberon Media
[2009/11/08 20:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Oberonv1001
[2010/04/08 19:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Octoshape
[2009/11/15 20:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Opera
[2010/03/10 16:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Orneon
[2010/05/12 16:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\OtherSide Realm of Eons
[2007/11/19 13:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\ParetoLogic
[2010/05/12 15:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\PlayFirst
[2010/01/18 17:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\PlayPond
[2009/12/01 19:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Playrix Entertainment
[2010/01/04 20:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\PoBros
[2010/02/05 02:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Pogo Games
[2010/03/18 21:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\QB9
[2009/12/21 13:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Reflexivev1002
[2010/03/02 21:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Righteous Kill
[2010/01/22 19:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\RobinsonCrusoeRA
[2010/01/22 22:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\RobinsonCrusoeWT
[2010/01/08 03:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Scholastic
[2009/12/07 17:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\SecretIslandEng
[2010/03/24 21:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\SerpentOfIsis
[2010/05/06 21:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Shockwave
[2010/03/27 13:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Silverback Productions
[2010/04/06 16:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Specialbit
[2009/10/29 23:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\SpinTop
[2010/05/06 19:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\SpinTop Games
[2010/03/18 00:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\SprillRichiEng
[2010/01/20 02:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\TheFixerUpper
[2009/12/05 22:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\TheScruffs
[2009/11/26 01:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\TitanicMystery
[2010/04/12 21:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Top Evidence
[2009/12/09 21:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Total Eclipse
[2009/10/22 14:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Viewpoint
[2005/07/23 23:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\wb05D1SE
[2010/01/07 22:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Wildhollow
[2010/05/16 16:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\WildTangent
[2009/12/26 21:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\WildTangentv1001
[2010/01/28 17:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\Winv1002
[2010/04/20 22:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tyannah nicoles\Application Data\YoudaGames
[2010/05/17 20:43:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/05/17 14:21:21 | 000,147,480 | ---- | M] () -- C:\aaw7boot.log
[2004/08/10 11:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/11/09 16:10:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2009/12/08 15:51:27 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2004/08/10 11:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/07/11 19:11:00 | 000,004,702 | RH-- | M] () -- C:\dell.sdr
[2010/05/17 14:21:22 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2007/09/01 08:15:46 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2008/04/04 13:14:18 | 000,000,246 | ---- | M] () -- C:\INSTALL.LOG
[2004/08/10 11:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/11/01 21:58:20 | 000,000,217 | -H-- | M] () -- C:\IPH.PH
[2010/05/07 01:29:28 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/10 11:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/05/27 10:41:15 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/17 14:21:21 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/08/10 10:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 10:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 10:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /180 >
[2009/11/24 16:47:54 | 000,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2009/11/24 16:50:00 | 000,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2009/11/24 16:51:09 | 000,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2009/11/24 16:50:59 | 000,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2009/11/24 16:48:57 | 000,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2009/11/24 16:50:12 | 000,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2009/11/24 16:49:07 | 000,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/02/04 08:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 06:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/23 21:52:33 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys
[2009/12/31 09:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
========== Alternate Data Streams ==========
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43CFCEB7
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7420C5FC
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F2BA284
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69B9AAE7
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E8968DA
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A47E53E8
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7594D157
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6CC6B34B
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30079599
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB9D94DF
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C5E2795
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E821E59
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8B102B9
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA7BE830
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4A41F2F
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FAFBD6A
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC7F5873
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C0CBD4C
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAB64002
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF0C5444
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6C58E14
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F22DA14
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16ADBA30
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6598A004
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EC7A545
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AF68B2D
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFD53918
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B721CFF
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35FAD15D
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61B54B15
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8A39657
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFF2876E
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:721C42E8
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E3035E2
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B7430D1
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C90B77C
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54997B77
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B121B40
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A7BF72D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEE9DF1B
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88A44CC1
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D6B89CE
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37C8DB03
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3FFFBA9
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7C6AAAB
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6407DD2D
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E411AA0D
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63A0F88A
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A448DB2
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CDC6617
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B60D5127
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A71E8A6B
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42A3BDD7
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1BC99E01
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5080697C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97AAF400
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91DEEE71
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8101D728
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11A42F4E
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88AF1ED3
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F540D2ED
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:902B6A44
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A82539E
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB65A4AA
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAB275B8
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A133096E
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:981349EA
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2556A8A0
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A561857E
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71612023
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FACFF6A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF2E2F0E
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76C67845
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BBAFAAC
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FF5872D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02EC064C
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E9A3410
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FC4D5E3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68EF6203
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59C113EC
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1069F99
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC78DA48
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FA9052D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C8D088C
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21625197
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A871616E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0CB43B2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DF9F99A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50A11A00
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED873558
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2F60835
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C19F43E4
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6250A8A7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B6F7F60
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED86E7AC
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1EA0D54
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33A0D119
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C31E38F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09064307
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B43FFCC
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E426A1F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:269AA4B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F8B72C9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C22C34B
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090E1D16
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66D5476F
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24BBD989
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB8B6B1E
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B92B64
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A732F4D
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97B485E1
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:110A3921
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A19A9C88
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:279FF250
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D6DC04C
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A691DDB
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6444B424
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8391EB5A
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67D4E08E
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1A189EA
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53CC4967
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49AC9A9A
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C5ABDC7
End of report
OTL Extras logfile created on: 5/17/2010 8:57:08 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\tyannah nicoles\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 523.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.62 Gb Total Space | 58.92 Gb Free Space | 82.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DEBRA
Current User Name: tyannah nicoles
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0b\waol.exe" = C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\DellSupport\DSAgnt.exe" = C:\Program Files\DellSupport\DSAgnt.exe:*:Enabled:Dell Support -- (Gteko Ltd.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:HP Update -- (Hewlett-Packard)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera -- File not found
"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware -- (Lavasoft)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A747BFA-13C3-49AE-9306-CBA049821CD3}" = GDP 9
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{96F1BBD6-92F7-421F-8FCB-88B53D217206}" = Gregg College Keyboarding & Document Processing Home 10
"{9D557F57-5B3F-43E1-A1F5-C9CDD00F719F}" = Print Perfect Fonts
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATT-RC" = ATT-RC Self Support Tool
"avast!" = avast! Antivirus
"BFGC" = Big Fish Games: Game Manager
"ERUNT_is1" = ERUNT 1.1j
"Game Console - WildGames" = WildTangent ORB Game Console
"GoToAssist" = GoToAssist 8.0.0.514
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Adapters and Drivers
"ProtectDisc Driver" = ProtectDisc Helper Driver
"Revo Uninstaller" = Revo Uninstaller 1.88
"Serious Backgammon" = Serious Backgammon
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 11/21/2009 11:56:58 AM | Computer Name = DEBRA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\tyannah nicoles\Local Settings\temp\scoped_dir27666\TEMP_INSTALL\manifest.json
failed, 00000005.
Error - 11/21/2009 11:57:39 AM | Computer Name = DEBRA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\tyannah nicoles\Local Settings\temp\scoped_dir27800\TEMP_INSTALL\manifest.json
failed, 00000005.
Error - 11/21/2009 11:58:07 AM | Computer Name = DEBRA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\tyannah nicoles\Local Settings\temp\scoped_dir27892\TEMP_INSTALL\manifest.json
failed, 00000005.
Error - 12/16/2009 11:36:25 AM | Computer Name = DEBRA | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.
Error - 12/16/2009 11:36:26 AM | Computer Name = DEBRA | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.
Error - 12/16/2009 11:36:45 AM | Computer Name = DEBRA | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().
Error - 12/20/2009 4:46:07 PM | Computer Name = DEBRA | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.
Error - 12/20/2009 4:46:07 PM | Computer Name = DEBRA | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.
Error - 12/20/2009 4:46:16 PM | Computer Name = DEBRA | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().
Error - 12/20/2009 4:51:03 PM | Computer Name = DEBRA | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.
[ Application Events ]
Error - 12/28/2009 4:30:07 PM | Computer Name = DEBRA | Source = Application Error | ID = 1000
Description = Faulting application rainforest.exe, version 0.0.0.0, faulting module
igldev32.dll, version 6.14.10.4396, fault address 0x0001e7c0.
Error - 1/1/2010 5:51:37 AM | Computer Name = DEBRA | Source = Application Error | ID = 1000
Description = Faulting application backgamm.exe, version 1.3.1.0, faulting module
backgamm.exe, version 1.3.1.0, fault address 0x0003ffab.
Error - 1/1/2010 5:51:40 AM | Computer Name = DEBRA | Source = Application Error | ID = 1000
Description = Faulting application backgamm.exe, version 1.3.1.0, faulting module
backgamm.exe, version 1.3.1.0, fault address 0x0003ffab.
Error - 1/1/2010 5:51:41 AM | Computer Name = DEBRA | Source = Application Error | ID = 1000
Description = Faulting application backgamm.exe, version 1.3.1.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x0000df3c.
Error - 1/11/2010 10:25:29 AM | Computer Name = DEBRA | Source = Application Error | ID = 1000
Description = Faulting application emeraldtear.exe, version 0.0.0.0, faulting module
emeraldtear.exe, version 0.0.0.0, fault address 0x00134d67.
Error - 2/2/2010 12:44:51 AM | Computer Name = DEBRA | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 2/3/2010 6:43:43 PM | Computer Name = DEBRA | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 2/12/2010 6:19:50 PM | Computer Name = DEBRA | Source = Application Error | ID = 1000
Description = Faulting application theclumsys2.rwg, version 0.0.1.98, faulting module
, version 0.0.1.98, fault address 0x0003c135.
Error - 2/13/2010 5:13:52 AM | Computer Name = DEBRA | Source = Application Error | ID = 1000
Description = Faulting application theclumsys2.rwg, version 0.0.1.98, faulting module
, version 0.0.1.98, fault address 0x0003c135.
Error - 2/28/2010 5:07:42 AM | Computer Name = DEBRA | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
[ System Events ]
Error - 5/16/2010 9:46:45 PM | Computer Name = DEBRA | Source = Service Control Manager | ID = 7034
Description = The McciCMService service terminated unexpectedly. It has done this
1 time(s).
Error - 5/16/2010 9:46:45 PM | Computer Name = DEBRA | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).
Error - 5/16/2010 9:46:45 PM | Computer Name = DEBRA | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).
Error - 5/16/2010 9:46:46 PM | Computer Name = DEBRA | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).
Error - 5/16/2010 9:46:48 PM | Computer Name = DEBRA | Source = Service Control Manager | ID = 7031
Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
10000 milliseconds: Restart the service.
Error - 5/16/2010 9:46:53 PM | Computer Name = DEBRA | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.
Error - 5/17/2010 12:30:55 AM | Computer Name = DEBRA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 0013202EAC69 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).
Error - 5/17/2010 12:32:08 AM | Computer Name = DEBRA | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 86eaf4e8, parameter3
86eaf65c, parameter4 805fb146.
Error - 5/17/2010 10:46:46 AM | Computer Name = DEBRA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 0013202EAC69 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).
Error - 5/17/2010 10:48:23 AM | Computer Name = DEBRA | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 86ff92b0, parameter3
86ff9424, parameter4 805fb146.
End of report
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-16 21:11:48
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\TYANNA~1\LOCALS~1\Temp\uxtdapob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEEA196B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEEA19574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEEA19A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEEA1914C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEEA1964E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEEA1908C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEEA190F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEEA1976E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEEA1972E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEEA198AE]
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF7B09760]
.reloc C:\WINDOWS\system32\drivers\acehlp09.sys section is executable [0xF7210780, 0x28F7A, 0xE0000060]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7177F80]
.reloc C:\WINDOWS\system32\drivers\acedrv09.sys section is executable [0xEE014000, 0x4E05A, 0xE0000060]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \FileSystem\Fastfat \Fat ED8CED20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
---- EOF - GMER 1.0.15 ----
Sign In
Create Account
