Jump to content

Recurring infection due to ave.exe


Recommended Posts

I've had to use mbam several times to get rid of the ave.exe infection, but it always seems to come back when I click on a google link that's been redirected. After mbam has deleted the infection my firefox.exe and ie explorer.exe (and other applications) don't open- they ask me what program I want to use to run them.

I've followed the instructions suggested and created a DDS.txt and Attach.txt. I also downloaded GMER rootkit scanner but everytime I try to run it I get a blue screen (5 times so far).

Recent MBAM log file:

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3993

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

16/04/2010 03:16:02

mbam-log-2010-04-16 (03-16-02).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 209942

Time elapsed: 1 hour(s), 10 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 6

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Lisa Bennett\Local Settings\Application Data\ave.exe" /START "firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Lisa Bennett\Local Settings\Application Data\ave.exe" /START "iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Lisa Bennett\Local Settings\Application Data\ave.exe" /START "firefox.exe -safe-mode") Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Lisa Bennett\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

DDS.txt:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Lisa Bennett at 22:51:35.36 on 13/04/2010

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_18

Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1022.409 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\DebugDiag\DbgSvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxctcoms.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

C:\Program Files\Lexmark 5400 Series\lxctmon.exe

C:\Program Files\Lexmark 5400 Series\ezprint.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe

C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Lisa Bennett\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uStart Page = hxxp://www.Google.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe

mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe

mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE

mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe"

mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s

mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe"

mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [EnableDCOM] N

mRun: [restrictanonymous] 1 (0x1)

mRun: [restrictanonymoussam] 1 (0x1)

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [NPSStartup]

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\lisa bennett\start menu\programs\imvu\Run IMVU.lnk

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

Trusted Zone: bt.com\www

Trusted Zone: internet

Trusted Zone: itv.com\www

Trusted Zone: mcafee.com

Trusted Zone: microsoft.com\*.update

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\www.update

Trusted Zone: motive.com\pbttbc.bt

Trusted Zone: windowsupdate.com\download

Trusted Zone: yahoo.com

Trusted Zone: yahoo.com\bt.software

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1261488826203

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261488216515

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

TCP: {E7A8B5D3-9432-49EE-A4AE-E25F5AC4A1CA} = 194.72.9.34,62.6.40.178

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lisabe~1\applic~1\mozilla\firefox\profiles\viyuion8.default\

FF - prefs.js: browser.startup.homepage - www.google.co.uk

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\documents and settings\lisa bennett\application data\mozilla\firefox\profiles\viyuion8.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-16 214664]

R2 DbgSvc;Debug Diagnostic Service;c:\program files\debugdiag\DbgSvc.exe [2007-1-16 316256]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-2-28 54752]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-9 93320]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-9 359952]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-9 144704]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-14 38224]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-9 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-9 79816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-9 35272]

R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-9 34248]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-9 40552]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-12-25 36608]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================

2010-04-13 21:49:09 0 ----a-w- c:\documents and settings\lisa bennett\defogger_reenable

2010-04-12 11:01:31 0 d-----w- c:\documents and settings\lisa bennett\GameHouse

2010-04-11 22:45:44 0 d-----w- c:\docume~1\lisabe~1\applic~1\Little Noir Stories

2010-04-10 23:33:37 0 d-----w- c:\docume~1\lisabe~1\applic~1\Magic3

2010-04-10 14:36:51 6132 ----a-w- C:\zipfolder_fix.reg

2010-04-10 14:36:46 5582 ----a-w- C:\vbs_file_fix.reg

2010-04-10 14:36:41 6612 ----a-w- C:\xp_url_shortcut_fix.reg

2010-04-10 14:36:35 3278 ----a-w- C:\tiff_fix.reg

2010-04-10 14:36:31 4382 ----a-w- C:\xp_txt_fix.reg

2010-04-10 14:36:25 1608 ----a-w- C:\xp_scr_fix.reg

2010-04-10 14:35:08 1864 ----a-w- C:\scf_assoc_fix.reg

2010-04-10 14:34:54 2690 ----a-w- C:\xp_regfile.reg

2010-04-10 14:34:47 2424 ----a-w- C:\xp_mspfix.reg

2010-04-10 14:34:42 5164 ----a-w- C:\msi1.reg

2010-04-10 14:34:27 5276 ----a-w- C:\xp_mscfix.reg

2010-04-10 14:34:22 5212 ----a-w- C:\xp_mpg_fix_reg.reg

2010-04-10 14:34:18 4884 ----a-w- C:\linkfile_fix.reg

2010-04-10 14:34:13 7250 ----a-w- C:\xp_jpg_jpe_jpeg_file_assoc_fix.reg

2010-04-10 14:34:06 3482 ----a-w- C:\ie_fix.reg

2010-04-10 14:33:55 5172 ----a-w- C:\xp_inf_assoc.reg

2010-04-10 14:33:50 356 ----a-w- C:\xp_ico_file_assoc_fix.reg

2010-04-10 14:33:45 6076 ----a-w- C:\html_association_fix.reg

2010-04-10 14:33:37 1652 ----a-w- C:\xp_hta_fix.reg

2010-04-10 14:32:43 1600 ----a-w- C:\xp_hlp_file_fix.reg

2010-04-10 14:32:27 2834 ----a-w- C:\xp_giffile_fix.reg

2010-04-10 14:32:20 5438 ----a-w- C:\folder_reg.reg

2010-04-10 14:32:14 2452 ----a-w- C:\xp_eml_file_assoc.reg

2010-04-10 14:32:09 4956 ----a-w- C:\xp_drive_association_fix.reg

2010-04-10 14:32:03 5806 ----a-w- C:\xp_directory_reg.reg

2010-04-10 14:31:57 1236 ----a-w- C:\cpl_file_assoc.reg

2010-04-10 14:31:49 758 ----a-w- C:\xp_chm_fix.reg

2010-04-10 14:31:08 7556 ----a-w- C:\xp_cabfile.reg

2010-04-10 14:29:59 2034 ----a-w- C:\xp_com_fix.reg

2010-04-10 14:29:16 3732 ----a-w- C:\batch_file_assoc.reg

2010-04-10 14:28:13 2600 ----a-w- C:\xp_exe_fix.reg

2010-04-10 14:21:17 0 d-----w- c:\docume~1\lisabe~1\applic~1\Uniblue

2010-04-10 14:19:36 0 d-----w- c:\program files\Uniblue

2010-04-08 21:11:26 1440 ------w- c:\windows\mdusys.s

2010-04-08 21:11:26 0 ----a-w- c:\windows\mdsys.s

2010-04-08 11:51:19 0 d-----w- c:\docume~1\alluse~1\applic~1\game_fillup_v2_usa

2010-04-01 09:51:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Playrix Entertainment

2010-04-01 00:03:20 0 d-----w- c:\program files\uTorrent

2010-04-01 00:02:43 0 d-----w- c:\docume~1\lisabe~1\applic~1\uTorrent

2010-03-29 16:23:33 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-03-29 16:21:21 0 d-----w- c:\program files\Windows Installer Clean Up

2010-03-29 16:20:56 0 d-----w- c:\program files\MSECACHE

2010-03-29 16:14:46 0 d-----w- c:\windows\SxsCaPendDel

2010-03-29 15:02:32 0 d-----w- c:\docume~1\lisabe~1\applic~1\BanzaiInteractive

2010-03-29 15:02:32 0 d-----w- c:\docume~1\alluse~1\applic~1\BanzaiInteractive

2010-03-29 13:15:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Happyville__

2010-03-28 12:27:42 0 d-----w- c:\docume~1\lisabe~1\applic~1\GameMill Entertainment

2010-03-27 14:05:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Particles

2010-03-27 14:05:11 0 d-----w- c:\docume~1\lisabe~1\applic~1\Specialbit

2010-03-25 15:56:15 0 d-----w- c:\docume~1\lisabe~1\applic~1\Artogon

2010-03-25 00:25:37 0 d-----w- c:\docume~1\lisabe~1\applic~1\Merscom

2010-03-22 21:32:15 0 d-----w- C:\symcache

2010-03-22 21:31:17 0 d-----w- c:\program files\DebugDiag

2010-03-22 09:35:53 0 d-----w- c:\docume~1\lisabe~1\applic~1\Jetdogs Studios

2010-03-20 17:18:41 0 d-----w- c:\docume~1\lisabe~1\applic~1\V-Games

2010-03-20 15:01:44 0 d-----w- c:\program files\ACW

2010-03-15 10:49:46 4992 ----a-w- c:\windows\system32\drivers\Amfilter.sys

2010-03-15 10:49:46 11264 ----a-w- c:\windows\system32\drivers\Amusbprt.sys

2010-03-15 07:59:25 0 d-----w- c:\windows\system32\wbem\Repository

2010-03-15 07:58:12 0 d-----w- c:\docume~1\lisabe~1\applic~1\Flood Light Games

2010-03-15 07:58:11 0 d-----w- c:\docume~1\lisabe~1\applic~1\ERS G-Studio

2010-03-15 07:58:11 0 d-----w- c:\docume~1\lisabe~1\applic~1\Dragon Altar Games

2010-03-15 07:58:11 0 d-----w- c:\docume~1\lisabe~1\applic~1\ChaYoWo Games

2010-03-15 07:58:11 0 d-----w- c:\docume~1\lisabe~1\applic~1\Cat's Eye Games

2010-03-15 07:58:11 0 d-----w- c:\docume~1\lisabe~1\applic~1\CasualForge

2010-03-15 07:58:11 0 d-----w- c:\docume~1\lisabe~1\applic~1\BrokenHearts

2010-03-15 07:58:11 0 d-----w- c:\docume~1\lisabe~1\applic~1\Boomzap

2010-03-15 07:58:11 0 d-----w- c:\docume~1\lisabe~1\applic~1\blg

2010-03-15 07:58:11 0 d-----w- c:\docume~1\lisabe~1\applic~1\BlamGames

2010-03-15 07:58:11 0 d-----w- c:\docume~1\lisabe~1\applic~1\Artifex Mundi

2010-03-15 07:58:06 0 d-----w- c:\docume~1\lisabe~1\applic~1\World-Loom

2010-03-15 07:58:06 0 d-----w- c:\docume~1\lisabe~1\applic~1\Virtual Prophecy

2010-03-15 07:58:06 0 d-----w- c:\docume~1\lisabe~1\applic~1\Valusoft

2010-03-15 07:58:06 0 d-----w- c:\docume~1\lisabe~1\applic~1\Top Evidence

2010-03-15 07:58:06 0 d-----w- c:\docume~1\lisabe~1\applic~1\TheFixerUpper

2010-03-15 07:58:06 0 d-----w- c:\docume~1\lisabe~1\applic~1\SevenSails

2010-03-15 07:58:06 0 d-----w- c:\docume~1\lisabe~1\applic~1\PoBros

2010-03-15 07:58:06 0 d-----w- c:\docume~1\lisabe~1\applic~1\OtherSide Realm of Eons

2010-03-15 07:58:06 0 d-----w- c:\docume~1\lisabe~1\applic~1\Orneon

2010-03-15 07:58:06 0 d-----w- c:\docume~1\lisabe~1\applic~1\MysteryStudio

2010-03-15 07:58:06 0 d-----w- c:\docume~1\lisabe~1\applic~1\MastersOfMystery2

2010-03-15 07:58:06 0 d-----w- c:\docume~1\lisabe~1\applic~1\LegacyInteractive

2010-03-15 07:58:06 0 d-----w- c:\docume~1\lisabe~1\applic~1\LaJangada

2010-03-15 07:58:06 0 d-----w- c:\docume~1\lisabe~1\applic~1\JoyBits

2010-03-15 07:58:06 0 d-----w- c:\docume~1\lisabe~1\applic~1\Janes Realty2

2010-03-15 07:58:05 0 d-----w- c:\docume~1\lisabe~1\applic~1\Janes_Realty

2010-03-15 07:58:05 0 d-----w- c:\docume~1\lisabe~1\applic~1\iMaxGen

2010-03-15 07:58:05 0 d-----w- c:\docume~1\lisabe~1\applic~1\HdO Adventure

2010-03-15 07:58:05 0 d-----w- c:\docume~1\lisabe~1\applic~1\Green Clover Games

2010-03-15 07:58:05 0 d-----w- c:\docume~1\lisabe~1\applic~1\Gestalt Games

2010-03-15 07:58:05 0 d-----w- c:\docume~1\lisabe~1\applic~1\Gamers Digital

2010-03-15 07:58:05 0 d-----w- c:\docume~1\lisabe~1\applic~1\GameMill

2010-03-15 07:58:05 0 d-----w- c:\docume~1\lisabe~1\applic~1\GameInvest

2010-03-15 07:58:05 0 d-----w- c:\docume~1\lisabe~1\applic~1\Game Mill Entertainment

2010-03-15 07:58:05 0 d-----w- c:\docume~1\lisabe~1\applic~1\Friday's games

2010-03-15 07:58:05 0 d-----w- c:\docume~1\lisabe~1\applic~1\Freezetag

2010-03-15 07:57:29 0 d-----w- c:\program files\ATI Technologies

2010-03-15 07:57:29 0 d-----w- c:\program files\ATI

==================== Find3M ====================

2010-04-01 08:45:17 1706 ----a-w- c:\docume~1\lisabe~1\applic~1\wklnhst.dat

2010-03-29 23:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-29 23:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-29 16:23:15 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-03-12 02:39:13 127319867 ----a-w- C:\sdat5917.exe

2010-02-11 04:12:00 887724 ----a-w- c:\windows\system32\ativva6x.dat

2010-02-11 04:12:00 3107788 ----a-w- c:\windows\system32\ativva5x.dat

2004-07-22 10:51:34 3432656 ----a-w- c:\program files\ManagedDX.CAB

2004-07-19 22:58:36 1156363 ----a-w- c:\program files\BDANT.cab

2004-07-19 22:53:26 976020 ----a-w- c:\program files\BDAXP.cab

2004-07-09 14:17:16 13265040 ----a-w- c:\program files\dxnt.cab

2004-07-09 09:13:48 15493481 ----a-w- c:\program files\DirectX.cab

2004-07-09 09:13:46 703080 ----a-w- c:\program files\BDA.cab

2004-07-09 04:08:36 472576 ----a-w- c:\program files\dxsetup.exe

2004-07-09 04:08:34 2242560 ----a-w- c:\program files\dsetup32.dll

2004-07-09 03:03:10 62976 ----a-w- c:\program files\DSETUP.dll

============= FINISH: 22:53:02.33 ===============

I'd be grateful for any help

Attach.zip

Link to post
Share on other sites

  • 4 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.