Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

possible malware for bigdaddycvk

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

possible malware for bigdaddycvk

Unread postby bigdaddycvk » October 26th, 2011, 3:27 pm

I had some recent issues with being able to log onto my computer. I was eventually able to run anti-malware and it stated that some were removed, but my computer is still acting slowly.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 14:52:54 on 2011-10-26
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1324 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www22.verizon.com/Foryourhome/My ... Login.aspx
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:60364
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10w_ActiveX.exe -update activex
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x5\programs\WPLauncher.hta
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/sdccommon ... gctlsr.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 5858423406
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnP ... VMUtil.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugi ... ctivex.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E4F9C0D7-C5C1-42D8-83A5-79E75927912C} : DhcpNameServer = 192.168.1.1
Notify: GoToAssist - c:\program files\citrix\gotoassist\508\G2AWinLogon.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKslcdf8ced7;MpKslcdf8ced7;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{052cd59b-911a-4def-be1d-030ae939747e}\MpKslcdf8ced7.sys [2011-10-25 28752]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-16 24652]
S1 MpKsl2d938967;MpKsl2d938967;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db800f14-88ed-4e69-8cfe-b2a4c24e4d95}\mpksl2d938967.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db800f14-88ed-4e69-8cfe-b2a4c24e4d95}\MpKsl2d938967.sys [?]
S1 MpKsl2e23f664;MpKsl2e23f664;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db800f14-88ed-4e69-8cfe-b2a4c24e4d95}\mpksl2e23f664.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db800f14-88ed-4e69-8cfe-b2a4c24e4d95}\MpKsl2e23f664.sys [?]
S1 MpKsl3c4539d4;MpKsl3c4539d4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ebdc13e7-8ec4-42da-9a77-7d1222b7ef75}\mpksl3c4539d4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ebdc13e7-8ec4-42da-9a77-7d1222b7ef75}\MpKsl3c4539d4.sys [?]
S1 MpKsl40d9e716;MpKsl40d9e716;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{90c822b1-179f-4023-82da-9a8003ef6042}\mpksl40d9e716.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{90c822b1-179f-4023-82da-9a8003ef6042}\MpKsl40d9e716.sys [?]
S1 MpKsl835ece3a;MpKsl835ece3a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a12ffd81-dbab-411b-89da-e7a2265081d7}\mpksl835ece3a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a12ffd81-dbab-411b-89da-e7a2265081d7}\MpKsl835ece3a.sys [?]
S1 MpKsl981eb293;MpKsl981eb293;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6af724c6-f1b8-4c53-8dbd-3be7417e776d}\mpksl981eb293.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6af724c6-f1b8-4c53-8dbd-3be7417e776d}\MpKsl981eb293.sys [?]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 98304]
S3 EraserUtilDrvI9;EraserUtilDrvI9;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi9.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI9.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\19.tmp --> c:\windows\system32\19.tmp [?]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys --> c:\windows\system32\drivers\RTL8192su.sys [?]
.
=============== Created Last 30 ================
.
2011-10-26 02:28:33 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{052cd59b-911a-4def-be1d-030ae939747e}\MpKslcdf8ced7.sys
2011-10-26 02:26:12 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{052cd59b-911a-4def-be1d-030ae939747e}\offreg.dll
2011-10-26 02:25:20 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{052cd59b-911a-4def-be1d-030ae939747e}\mpengine.dll
2011-10-23 13:23:07 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-23 13:23:07 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-22 17:19:12 -------- d-----w- c:\documents and settings\all users\application data\gD01677OhLlH01677
2011-10-13 21:36:20 -------- d-----w- c:\program files\iPod
2011-10-13 21:35:49 -------- d-----w- c:\program files\iTunes
2011-10-13 21:26:51 -------- d-----w- c:\program files\Bonjour
2011-10-13 19:08:06 -------- d-----w- c:\program files\Graboid
.
==================== Find3M ====================
.
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-07 13:22:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-11 22:20:36 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
.
============= FINISH: 14:54:15.46 ===============
bigdaddycvk
Active Member
 
Posts: 13
Joined: October 26th, 2011, 2:44 pm
Advertisement
Register to Remove

Re: possible malware for bigdaddycvk

Unread postby askey127 » October 27th, 2011, 6:30 pm

Hi bigdaddycvk,
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Double click on the icon to run it.
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

So we are looking for the log from TDSSKiller, and the two logs from OTL.
Use separate replies if you wish.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: possible malware for bigdaddycvk

Unread postby bigdaddycvk » October 28th, 2011, 1:19 pm

Below are the 2 from OTL. There was nothing from the TDSSKiller.


OTL logfile created on: 10/28/2011 1:02:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 32.20% Memory free
2.67 Gb Paging File | 1.36 Gb Available in Paging File | 51.02% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 10.01 Gb Free Space | 26.86% Space Free | Partition Type: NTFS
Drive D: | 17.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 931.51 Gb Total Space | 864.58 Gb Free Space | 92.82% Space Free | Partition Type: NTFS

Computer Name: BIGDADDYCVK | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/28 13:01:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2008/10/27 02:05:00 | 000,171,008 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FARNFDA.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/15 01:02:00 | 000,175,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAMTFDA.EXE
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2003/03/07 05:00:38 | 000,262,223 | ---- | M] () -- C:\Programs\PrintServer110.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/27 19:15:24 | 000,101,376 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\KeyboardUpdateService.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2003/07/16 16:48:31 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2003/03/07 05:00:38 | 000,262,223 | ---- | M] () -- C:\Programs\PrintServer110.exe
MOD - [2003/03/07 05:00:36 | 000,454,723 | ---- | M] () -- C:\Programs\PrintEngine110.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ZuneBusEnum)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/10/13 17:06:34 | 000,098,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2008/03/13 21:51:25 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe -- (GoToAssist)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - [2011/10/27 22:24:41 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CBCEC9C5-E3B1-4B3F-928D-B48E8102E141}\MpKsl7b178241.sys -- (MpKsl7b178241)
DRV - [2009/08/19 17:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/04/16 13:28:02 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FF 83 46 0F 9F F8 49 44 9C D8 C3 2D FC C1 F1 73 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FF 83 46 0F 9F F8 49 44 9C D8 C3 2D FC C1 F1 73 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FF 83 46 0F 9F F8 49 44 9C D8 C3 2D FC C1 F1 73 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FF 83 46 0F 9F F8 49 44 9C D8 C3 2D FC C1 F1 73 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1202660629-2077806209-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1202660629-2077806209-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1202660629-2077806209-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www22.verizon.com/Foryourhome/My ... Login.aspx
IE - HKU\S-1-5-21-1202660629-2077806209-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FF 83 46 0F 9F F8 49 44 9C D8 C3 2D FC C1 F1 73 [binary data]
IE - HKU\S-1-5-21-1202660629-2077806209-725345543-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1202660629-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1202660629-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1202660629-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60364

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 60364
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/03/21 14:26:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.1.0.37\coFFFw\

[2010/02/18 19:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/03/28 12:28:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/10/26 15:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions
[2011/10/28 12:57:43 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{0ae09f56-98e9-4edf-b01a-aca34e2dbb57}
[2011/08/11 18:21:51 | 000,000,000 | ---D | M] (SocialRibbons LP2) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{0dd5ab7a-9db5-0aa4-e914-7148cd6c0afc}
[2010/02/18 20:54:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/11 20:19:38 | 000,000,000 | ---D | M] (Window Shopper - Powered by Superfish) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\superfish@superfish.com
[2011/08/11 18:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{0dd5ab7a-9db5-0aa4-e914-7148cd6c0afc}\chrome\content\dca\core\extensionManager
[2010/03/10 11:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/07/30 16:34:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/07 13:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober253188250.gif
[2010/05/14 18:31:04 | 000,000,196 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober253188250.src

O1 HOSTS File: ([2010/11/11 11:33:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {0F4683FF-F89F-4449-9CD8-C32DFCC1F173} - C:\Documents and Settings\Owner\Local Settings\Application Data\TCPIPWOW64.dll (Microsoft Corporation)
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-2077806209-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-2077806209-725345543-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1202660629-2077806209-725345543-1003..\Run: [Apple Update] C:\Documents and Settings\Owner\Local Settings\Application Data\AIM\AIMUpdate\AIMup.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1202660629-2077806209-725345543-1003..\Run: [Borland Update] C:\Documents and Settings\Owner\Local Settings\Application Data\AOL\AOLUpdate\AOLupdt32.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1202660629-2077806209-725345543-1003..\Run: [KeyboardUpdateService] C:\Documents and Settings\All Users\Application Data\KeyboardUpdateService.dll ()
O4 - HKU\S-1-5-21-1202660629-2077806209-725345543-1003..\Run: [uTorrent] F:\New Folder (2)\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-2077806209-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-2077806209-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1202660629-2077806209-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1202660629-2077806209-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1202660629-2077806209-725345543-1003\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1202660629-2077806209-725345543-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 5858423406 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizon.com/FiOSVoice/UnP ... VMUtil.CAB (IOBIVMUtil.VMDecoder)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugi ... ctivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4F9C0D7-C5C1-42D8-83A5-79E75927912C}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1202660629-2077806209-725345543-1003 Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/13 22:29:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/05 20:37:20 | 000,000,030 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011/05/05 16:52:52 | 000,000,000 | R--D | M] - F:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\G:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/28 13:00:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/10/27 19:15:24 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Local Settings\Application Data\TCPIPWOW64.dll
[2011/10/26 15:52:57 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Local Settings\Application Data\ServicePTR.dll
[2011/10/25 18:45:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/10/22 13:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gD01677OhLlH01677
[2011/10/13 17:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/10/13 17:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/13 17:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/13 17:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/13 15:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/28 13:02:29 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\dff88273
[2011/10/28 13:01:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/10/27 19:52:36 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\3f257d8c
[2011/10/27 19:15:25 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Local Settings\Application Data\TCPIPWOW64.dll
[2011/10/27 19:15:24 | 000,101,376 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\KeyboardUpdateService.dll
[2011/10/27 07:27:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/26 15:52:59 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Local Settings\Application Data\ServicePTR.dll
[2011/10/23 22:22:55 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/23 22:16:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/23 09:27:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/22 13:25:02 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Security Essentials.lnk
[2011/10/13 17:39:21 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/13 03:47:00 | 000,397,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/13 03:27:37 | 000,444,010 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/13 03:27:37 | 000,072,268 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/12 11:10:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/03 04:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/27 19:41:45 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\3f257d8c
[2011/10/27 19:40:49 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dff88273
[2011/10/27 19:15:26 | 000,101,376 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\KeyboardUpdateService.dll
[2011/10/22 13:25:02 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Security Essentials.lnk
[2011/10/13 17:39:20 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/06 19:36:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Developer Tools
[2010/10/26 21:30:25 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2010/10/18 18:46:43 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2010/09/15 20:29:39 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\CFD22FE827.sys
[2010/09/15 20:29:38 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/03/31 03:17:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/03/24 13:08:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/03/23 18:48:47 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPNX210.ini
[2010/03/18 12:41:53 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/03/18 12:41:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Distortion
[2010/03/18 12:38:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Documents
[2010/03/18 12:38:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\DirectoryService
[2010/03/18 12:38:52 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Electric Clav
[2010/03/18 12:38:51 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/02/24 09:12:41 | 000,019,083 | ---- | C] () -- C:\WINDOWS\System32\DELTREE.EXE
[2010/02/18 18:17:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\ICSweep.exe
[2010/02/18 15:58:38 | 000,332,800 | ---- | C] () -- C:\WINDOWS\mcwget.exe
[2010/02/18 15:53:21 | 000,000,163 | ---- | C] () -- C:\WINDOWS\UltraVNC.ini
[2010/02/07 17:44:27 | 000,000,019 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/01/27 15:35:56 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
[2009/01/27 15:35:56 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2009/01/20 15:35:24 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/01/20 15:35:24 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/01/20 15:35:24 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/01/20 15:35:24 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/01/20 15:35:24 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/01/20 15:35:24 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/01/20 15:35:24 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/01/20 15:35:24 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/01/20 15:35:24 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/01/20 15:35:24 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/01/20 15:35:24 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/01/20 15:35:24 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/01/20 15:35:24 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/01/20 15:35:24 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/01/20 15:35:24 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/01/20 15:35:23 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/01/20 15:33:06 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPSCX7400.ini
[2008/12/29 18:32:05 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2008/09/22 21:00:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/08/20 22:23:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/08/03 21:36:52 | 000,019,564 | ---- | C] () -- C:\WINDOWS\safasic.com
[2008/08/03 00:04:45 | 000,012,695 | ---- | C] () -- C:\WINDOWS\System32\wihusu.dat
[2008/07/29 16:12:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/05 20:12:36 | 000,090,656 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/31 15:22:45 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/03/21 19:47:20 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/17 21:22:09 | 000,000,261 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/03/16 04:45:55 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/03/13 22:35:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/13 22:27:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/13 17:20:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/13 17:19:51 | 000,397,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 03:56:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\smbinst.exe
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,444,010 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,072,268 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:38:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\netui1.dll
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/03 13:17:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\zipfldr.dll
[2003/01/16 13:22:44 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2003/01/16 13:22:44 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2002/11/14 13:58:04 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2002/11/14 13:58:04 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2002/11/14 13:58:02 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2002/11/14 13:58:02 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2002/11/14 13:58:02 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2001/08/06 23:16:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\OTS_UI.EXE

========== LOP Check ==========

[2008/05/27 16:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3 Blokes Studios
[2008/07/06 19:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aveyond I
[2011/08/31 20:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2009/11/11 12:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2010/09/15 20:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2008/03/17 21:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/03/13 21:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/01/27 14:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/01/27 14:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/10/18 14:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2010/03/18 12:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/03/23 18:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/05/22 17:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2009/11/10 17:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2
[2011/02/06 20:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2009/04/22 16:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Forge of Games
[2008/12/16 19:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2011/10/22 23:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gD01677OhLlH01677
[2009/11/14 14:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2009/08/04 18:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Little Games Company
[2008/06/06 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/06/24 21:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/03/01 13:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MinigolfVUG_TacoBell2
[2009/08/04 18:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/07/30 19:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2010/03/04 18:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2009/02/19 19:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nick Chase A Detective Story
[2010/03/18 12:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/01/10 20:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2009/01/27 14:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/10 14:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/01/28 20:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2009/07/23 19:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/02/18 12:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpecialBit
[2011/04/14 13:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/08/31 21:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/20 18:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TikGames
[2010/03/23 18:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/03/18 12:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/06/16 21:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/01/13 11:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/08 12:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/04/03 21:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/01 21:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/05 13:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 16:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/07/06 12:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amandalynne\Application Data\COMCASTTOOLBAR
[2010/02/15 12:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\3Stars
[2009/11/08 18:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Alawar
[2010/05/13 13:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AlderGames
[2009/08/06 21:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artogon
[2010/02/21 19:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aveyond 3
[2008/09/13 11:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aveyond II
[2009/04/21 20:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Be a King
[2010/12/15 12:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish Games
[2009/11/11 12:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\blg
[2008/06/23 16:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bloom RU
[2009/07/08 21:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CallingID
[2008/03/26 10:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Citrix
[2008/12/14 16:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.BGHTRACKER.FF9A7CF7577196CAAC94550DA1D63F2169FB7F8F.1
[2009/08/30 15:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\comcasttb
[2009/01/31 10:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Coyotes Tale
[2009/11/07 22:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dekovir
[2009/01/27 14:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2010/04/29 17:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2009/11/07 22:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ERS G-Studio
[2009/04/21 15:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FirstColony
[2008/08/03 19:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ForgottenRiddles2
[2011/03/17 09:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Friday's games
[2010/06/26 11:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrimaStudio
[2010/11/16 16:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2008/07/31 15:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameHouse
[2010/02/25 19:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2008/03/26 14:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2009/06/04 14:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IronCode
[2010/02/14 22:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2009/11/08 13:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lazy Turtle Games
[2009/01/20 15:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/08/04 18:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Little Games Company
[2008/06/06 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2010/11/15 20:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MA2
[2009/08/11 15:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MagicBall4
[2009/12/04 21:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MastersOfMystery2
[2010/06/24 21:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Merscom
[2010/06/11 22:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2009/12/02 11:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Orneon
[2009/12/10 15:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OtherSide Realm of Eons
[2009/12/10 14:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2010/11/06 18:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayPond
[2008/06/05 16:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pogo Games
[2011/08/12 13:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong
[2010/05/12 15:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RainbowGames
[2009/01/28 19:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RobinsonCrusoe
[2008/06/10 14:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SBTT
[2009/01/19 20:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecretIslandEng
[2009/02/28 18:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SerpentOfIsis
[2009/08/13 16:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\she_is_a_shadow
[2008/07/11 14:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skinux
[2009/04/17 17:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skunk Studios
[2008/07/29 15:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SprillBermudeEng
[2011/04/14 13:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TechWizard
[2009/04/20 18:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TikGames
[2008/07/09 17:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Turtle Odyssey II
[2011/02/06 20:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2008/11/14 20:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2011/10/27 18:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2009/10/23 19:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2010/11/27 15:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YoudaGames
[2011/10/23 22:22:55 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AF0DC60
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAE2C3A5
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19F08842
@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:945FE29C
@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98982C88
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68A56598
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:307C79F4
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCF7E75A
@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8CE1FE5
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B894C266
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C681EF1
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AA21473
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8908BDEA
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04B9B70F
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20240A47
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0AF4473
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FC5F43A
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ED07655
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E76E7F3
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3F95A98
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D6C4572
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD7C3EFB
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6468C896
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C3E753C
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DC21D414
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E5EA40F
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2495D97A
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C017FB1
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:737160C1
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:522EA216
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EAD6852
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1610EDC
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EC7A545
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE524528
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC4C6FB4
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76403E94
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70F0A2F4
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D091E13E
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF1334B0
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E60033F
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80ED6380
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80EA2EA3
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3ECD30CF
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C491D31
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:140CF428
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EDA76B4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BCF4DE2
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F65F6C4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F7DD688
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED2ADD13
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB42AC3C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47A24D4B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AB8D21A
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01442FD8
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4921BC9
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFFC9DD0
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AE3CF4E
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1968990D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA7D76BE
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB6D0B2
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67C320D1
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5335CE76
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FED25C29
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:848CC150
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EBCAF87
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FA1EAA7
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8384DB6
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:162E02F7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A18431D9
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:639F0420
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A2862FF
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60C897F3
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27F44544
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:268F887D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D6B18F1
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13AE32E5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E962FBDB
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:774A0E14
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A18D1A5B
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8776F88E
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BE7E50E
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76A59E49
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61A065F2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:425759C6
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D69B4B5
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BCA993F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:375FC7E7
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33DB8278
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14A1BBE3
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09C490AD
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0FEE87
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9F6664C
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B85C37B
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29629382
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F96ED45
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2D4B33E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A8AA31
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F50A55A
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB170088
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B803FAA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A384652A
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20C69EEE
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8182692
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:574C4CBD
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F00E008B
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A97118EB
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C270C64
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D387C245
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B8D652C
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F14D1F80
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A843AC18
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3750BE5
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DF07E8F
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55CC8080
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B55B892
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6514A833
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83

< End of report >


OTL Extras logfile created on: 10/28/2011 1:02:38 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 32.20% Memory free
2.67 Gb Paging File | 1.36 Gb Available in Paging File | 51.02% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 10.01 Gb Free Space | 26.86% Space Free | Partition Type: NTFS
Drive D: | 17.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 931.51 Gb Total Space | 864.58 Gb Free Space | 92.82% Space Free | Partition Type: NTFS

Computer Name: BIGDADDYCVK | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter
"80:TCP" = 80:TCP:*:Enabled:HTTP
"443:TCP" = 443:TCP:*:Enabled:HTTPS
"21:TCP" = 21:TCP:*:Enabled:FTP
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\New Folder (2)\uTorrent.exe" = F:\New Folder (2)\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{104A059B-CD20-4632-A8F6-D8C80E14782D}" = Magellan POI File Editor
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}" = EPSON Stylus CX7400 Series Scanner Driver Update
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B64BC516-2406-43AE-A21A-1E387A2343B1}" = ContentManager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D547A594-AA85-4B92-80EB-47B371B98C68}" = Verizon Download Manager
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"BFGC" = Big Fish Games: Game Manager
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON NX210 Series" = EPSON NX210 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"GoToAssist" = GoToAssist 8.0.0.508
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"UnityWebPlayer" = Unity Web Player
"Unlocker" = Unlocker 1.8.7
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1202660629-2077806209-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2011 3:01:08 AM | Computer Name = BIGDADDYCVK | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Search Enhancement Pack -- Error 1714. The older
version of Microsoft Search Enhancement Pack cannot be removed. Contact your technical
support group. System Error 1612.

Error - 10/25/2011 3:00:54 AM | Computer Name = BIGDADDYCVK | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Search Enhancement Pack -- Error 1714. The older
version of Microsoft Search Enhancement Pack cannot be removed. Contact your technical
support group. System Error 1612.

Error - 10/26/2011 3:01:08 AM | Computer Name = BIGDADDYCVK | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Search Enhancement Pack -- Error 1714. The older
version of Microsoft Search Enhancement Pack cannot be removed. Contact your technical
support group. System Error 1612.

Error - 10/27/2011 3:00:56 AM | Computer Name = BIGDADDYCVK | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Search Enhancement Pack -- Error 1714. The older
version of Microsoft Search Enhancement Pack cannot be removed. Contact your technical
support group. System Error 1612.

Error - 10/27/2011 2:25:14 PM | Computer Name = BIGDADDYCVK | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/27/2011 2:25:16 PM | Computer Name = BIGDADDYCVK | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/27/2011 4:51:42 PM | Computer Name = BIGDADDYCVK | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 10/27/2011 7:51:56 PM | Computer Name = BIGDADDYCVK | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 10/27/2011 8:05:15 PM | Computer Name = BIGDADDYCVK | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 10/28/2011 3:00:59 AM | Computer Name = BIGDADDYCVK | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Search Enhancement Pack -- Error 1714. The older
version of Microsoft Search Enhancement Pack cannot be removed. Contact your technical
support group. System Error 1612.

[ System Events ]
Error - 10/23/2011 10:18:46 PM | Computer Name = BIGDADDYCVK | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%2

Error - 10/23/2011 10:18:46 PM | Computer Name = BIGDADDYCVK | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IHA_MessageCenter service
to connect.

Error - 10/23/2011 10:18:46 PM | Computer Name = BIGDADDYCVK | Source = Service Control Manager | ID = 7000
Description = The IHA_MessageCenter service failed to start due to the following
error: %%1053

Error - 10/23/2011 10:18:46 PM | Computer Name = BIGDADDYCVK | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator service failed to start due to the following
error: %%2

Error - 10/23/2011 10:18:46 PM | Computer Name = BIGDADDYCVK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 10/24/2011 3:01:46 AM | Computer Name = BIGDADDYCVK | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Search Enhancement Pack.

Error - 10/25/2011 3:01:18 AM | Computer Name = BIGDADDYCVK | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Search Enhancement Pack.

Error - 10/26/2011 3:01:49 AM | Computer Name = BIGDADDYCVK | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Search Enhancement Pack.

Error - 10/27/2011 3:01:53 AM | Computer Name = BIGDADDYCVK | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Search Enhancement Pack.

Error - 10/28/2011 3:01:30 AM | Computer Name = BIGDADDYCVK | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Search Enhancement Pack.


< End of report >
bigdaddycvk
Active Member
 
Posts: 13
Joined: October 26th, 2011, 2:44 pm

Re: possible malware for bigdaddycvk

Unread postby askey127 » October 29th, 2011, 9:18 am

bigdaddycvk,
-----------------------------------------------
It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

Also, the use of the program Graboid is risky, because you are sharing your machine with many others, some of which may have infections
I would suggest you get rid of it.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Java(TM) 6 Update 22
HiJackThis
µTorrent

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AF0DC60
    @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAE2C3A5
    @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC
    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19F08842
    @Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:945FE29C
    @Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
    @Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98982C88
    @Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68A56598
    @Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137
    @Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
    @Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
    @Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
    @Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
    @Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:307C79F4
    @Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCF7E75A
    @Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8CE1FE5
    @Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B894C266
    @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C681EF1
    @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AA21473
    @Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8908BDEA
    @Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04B9B70F
    @Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20240A47
    @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0AF4473
    @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FC5F43A
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ED07655
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E76E7F3
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3F95A98
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D6C4572
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD7C3EFB
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6468C896
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C3E753C
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DC21D414
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E5EA40F
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2495D97A
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C017FB1
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:737160C1
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:522EA216
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EAD6852
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1610EDC
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EC7A545
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE524528
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC4C6FB4
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76403E94
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70F0A2F4
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D091E13E
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF1334B0
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E60033F
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80ED6380
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80EA2EA3
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3ECD30CF
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C491D31
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:140CF428
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EDA76B4
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BCF4DE2
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F65F6C4
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F7DD688
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED2ADD13
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB42AC3C
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47A24D4B
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AB8D21A
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01442FD8
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4921BC9
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFFC9DD0
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AE3CF4E
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1968990D
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA7D76BE
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB6D0B2
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67C320D1
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5335CE76
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FED25C29
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:848CC150
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EBCAF87
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FA1EAA7
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8384DB6
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:162E02F7
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A18431D9
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:639F0420
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A2862FF
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60C897F3
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27F44544
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:268F887D
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D6B18F1
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13AE32E5
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E962FBDB
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:774A0E14
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A18D1A5B
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8776F88E
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BE7E50E
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76A59E49
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61A065F2
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:425759C6
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D69B4B5
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BCA993F
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:375FC7E7
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33DB8278
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14A1BBE3
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09C490AD
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0FEE87
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9F6664C
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B85C37B
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29629382
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F96ED45
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2D4B33E
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A8AA31
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F50A55A
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB170088
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B803FAA
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A384652A
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20C69EEE
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8182692
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:574C4CBD
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F00E008B
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A97118EB
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C270C64
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D387C245
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B8D652C
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F14D1F80
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A843AC18
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3750BE5
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DF07E8F
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55CC8080
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B55B892
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6514A833
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
    
    :Files
    C:\Documents and Settings\Owner\Application Data\uTorrent
    C:\Documents and Settings\Owner\Application Data\Uniblue
    
    :Commands
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: possible malware for bigdaddycvk

Unread postby bigdaddycvk » October 29th, 2011, 11:44 am

Thank you for your guidance! I have completed all that you have communicated, but could not find nor know about the Graboid program. Over the last 24 hours, when I have tried to look up on Google toolbar, it has directed me continually to an Ad site. Would this be because of the Graboid? Also, computer is still running very slow compared to normal. Again, I appreciate all of your help!

OTL logfile created on: 10/29/2011 11:35:42 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.48% Memory free
2.41 Gb Paging File | 1.99 Gb Available in Paging File | 82.27% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 11.94 Gb Free Space | 32.05% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 864.58 Gb Free Space | 92.81% Space Free | Partition Type: NTFS

Computer Name: BIGDADDYCVK | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/28 13:01:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ZuneBusEnum)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/10/13 17:06:34 | 000,098,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2008/03/13 21:51:25 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe -- (GoToAssist)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - [2011/10/29 11:30:37 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D4F719BC-B2DE-40F9-95D7-378DD38F5D7F}\MpKsle6aee6a7.sys -- (MpKsle6aee6a7)
DRV - [2011/10/28 21:36:19 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D4F719BC-B2DE-40F9-95D7-378DD38F5D7F}\MpKsl4f74d50f.sys -- (MpKsl4f74d50f)
DRV - [2009/08/19 17:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/04/16 13:28:02 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www22.verizon.com/Foryourhome/My ... Login.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FF 83 46 0F 9F F8 49 44 9C D8 C3 2D FC C1 F1 73 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60364

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 60364
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/03/21 14:26:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.1.0.37\coFFFw\

[2010/02/18 19:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/03/28 12:28:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/10/26 15:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions
[2011/10/29 11:37:30 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{0ae09f56-98e9-4edf-b01a-aca34e2dbb57}
[2011/08/11 18:21:51 | 000,000,000 | ---D | M] (SocialRibbons LP2) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{0dd5ab7a-9db5-0aa4-e914-7148cd6c0afc}
[2010/02/18 20:54:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/11 20:19:38 | 000,000,000 | ---D | M] (Window Shopper - Powered by Superfish) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\superfish@superfish.com
[2011/08/11 18:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{0dd5ab7a-9db5-0aa4-e914-7148cd6c0afc}\chrome\content\dca\core\extensionManager
[2010/03/10 11:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/07/30 16:34:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/07 13:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober253188250.gif
[2010/05/14 18:31:04 | 000,000,196 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober253188250.src

O1 HOSTS File: ([2010/11/11 11:33:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {0F4683FF-F89F-4449-9CD8-C32DFCC1F173} - C:\Documents and Settings\Owner\Local Settings\Application Data\TCPIPWOW64.dll (Microsoft Corporation)
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KeyboardUpdateService] C:\Documents and Settings\All Users\Application Data\KeyboardUpdateService.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 5858423406 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizon.com/FiOSVoice/UnP ... VMUtil.CAB (IOBIVMUtil.VMDecoder)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugi ... ctivex.cab (P3DActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4F9C0D7-C5C1-42D8-83A5-79E75927912C}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/13 22:29:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/05 16:52:52 | 000,000,000 | R--D | M] - F:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\G:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/29 11:24:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/29 01:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/10/29 01:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/29 00:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/29 00:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2011/10/29 00:20:46 | 000,000,000 | ---D | C] -- C:\MATS
[2011/10/29 00:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/10/29 00:06:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/10/28 19:58:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/10/28 13:00:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/10/27 19:15:26 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\KeyboardUpdateService.dll
[2011/10/27 19:15:24 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Local Settings\Application Data\TCPIPWOW64.dll
[2011/10/26 15:52:57 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Local Settings\Application Data\ServicePTR.dll
[2011/10/22 13:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gD01677OhLlH01677
[2011/10/13 17:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/13 15:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/29 11:41:39 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\dff88273
[2011/10/29 11:37:21 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\3f257d8c
[2011/10/29 11:35:36 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/29 11:29:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/29 01:03:03 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/29 00:00:02 | 000,004,906 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\2880f589
[2011/10/28 23:48:39 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\57808d73
[2011/10/28 20:03:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/28 13:01:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/10/27 07:27:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/22 13:25:02 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Security Essentials.lnk
[2011/10/13 03:47:00 | 000,397,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/13 03:27:37 | 000,444,010 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/13 03:27:37 | 000,072,268 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/12 11:10:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/29 01:03:03 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/28 23:48:39 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\57808d73
[2011/10/28 15:22:48 | 000,004,906 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\2880f589
[2011/10/27 19:41:45 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\3f257d8c
[2011/10/27 19:40:49 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dff88273
[2011/10/22 13:25:02 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Security Essentials.lnk
[2011/09/06 19:36:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Developer Tools
[2010/10/26 21:30:25 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2010/10/18 18:46:43 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2010/09/15 20:29:39 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\CFD22FE827.sys
[2010/09/15 20:29:38 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/03/31 03:17:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/03/24 13:08:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/03/23 18:48:47 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPNX210.ini
[2010/03/18 12:41:53 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/03/18 12:41:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Distortion
[2010/03/18 12:38:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Documents
[2010/03/18 12:38:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\DirectoryService
[2010/03/18 12:38:52 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Electric Clav
[2010/03/18 12:38:51 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/02/24 09:12:41 | 000,019,083 | ---- | C] () -- C:\WINDOWS\System32\DELTREE.EXE
[2010/02/18 18:17:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\ICSweep.exe
[2010/02/18 15:58:38 | 000,332,800 | ---- | C] () -- C:\WINDOWS\mcwget.exe
[2010/02/18 15:53:21 | 000,000,163 | ---- | C] () -- C:\WINDOWS\UltraVNC.ini
[2010/02/07 17:44:27 | 000,000,019 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/01/27 15:35:56 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
[2009/01/27 15:35:56 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2009/01/20 15:35:24 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/01/20 15:35:24 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/01/20 15:35:24 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/01/20 15:35:24 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/01/20 15:35:24 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/01/20 15:35:24 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/01/20 15:35:24 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/01/20 15:35:24 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/01/20 15:35:24 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/01/20 15:35:24 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/01/20 15:35:24 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/01/20 15:35:24 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/01/20 15:35:24 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/01/20 15:35:24 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/01/20 15:35:24 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/01/20 15:35:23 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/01/20 15:33:06 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPSCX7400.ini
[2008/12/29 18:32:05 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2008/09/22 21:00:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/08/20 22:23:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/08/03 21:36:52 | 000,019,564 | ---- | C] () -- C:\WINDOWS\safasic.com
[2008/08/03 00:04:45 | 000,012,695 | ---- | C] () -- C:\WINDOWS\System32\wihusu.dat
[2008/07/29 16:12:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/05 20:12:36 | 000,090,656 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/31 15:22:45 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/03/21 19:47:20 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/17 21:22:09 | 000,000,261 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/03/16 04:45:55 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/03/13 22:35:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/13 22:27:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/13 17:20:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/13 17:19:51 | 000,397,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 03:56:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\smbinst.exe
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,444,010 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,072,268 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:38:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\netui1.dll
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/03 13:17:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\zipfldr.dll
[2003/01/16 13:22:44 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2003/01/16 13:22:44 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2001/08/06 23:16:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\OTS_UI.EXE

========== LOP Check ==========

[2008/05/27 16:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3 Blokes Studios
[2008/07/06 19:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aveyond I
[2011/08/31 20:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2009/11/11 12:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2010/09/15 20:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2008/03/17 21:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/03/13 21:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/01/27 14:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/01/27 14:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/10/18 14:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2010/03/18 12:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/03/23 18:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/05/22 17:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2009/11/10 17:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2
[2011/02/06 20:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2009/04/22 16:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Forge of Games
[2008/12/16 19:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2011/10/22 23:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gD01677OhLlH01677
[2009/11/14 14:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2009/08/04 18:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Little Games Company
[2008/06/06 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/06/24 21:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/03/01 13:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MinigolfVUG_TacoBell2
[2009/08/04 18:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/07/30 19:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2010/03/04 18:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2009/02/19 19:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nick Chase A Detective Story
[2010/03/18 12:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/01/10 20:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2009/01/27 14:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/10 14:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/01/28 20:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2009/07/23 19:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/02/18 12:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpecialBit
[2011/04/14 13:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/08/31 21:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/20 18:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TikGames
[2010/03/23 18:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/03/18 12:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/06/16 21:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/01/13 11:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/08 12:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/04/03 21:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/01 21:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/05 13:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 16:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/15 12:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\3Stars
[2009/11/08 18:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Alawar
[2010/05/13 13:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AlderGames
[2009/08/06 21:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artogon
[2010/02/21 19:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aveyond 3
[2008/09/13 11:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aveyond II
[2009/04/21 20:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Be a King
[2010/12/15 12:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish Games
[2009/11/11 12:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\blg
[2008/06/23 16:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bloom RU
[2009/07/08 21:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CallingID
[2008/03/26 10:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Citrix
[2008/12/14 16:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.BGHTRACKER.FF9A7CF7577196CAAC94550DA1D63F2169FB7F8F.1
[2009/08/30 15:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\comcasttb
[2009/01/31 10:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Coyotes Tale
[2009/11/07 22:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dekovir
[2009/01/27 14:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2011/10/29 00:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2010/04/29 17:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2009/11/07 22:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ERS G-Studio
[2009/04/21 15:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FirstColony
[2008/08/03 19:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ForgottenRiddles2
[2011/03/17 09:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Friday's games
[2010/06/26 11:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrimaStudio
[2010/11/16 16:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2008/07/31 15:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameHouse
[2010/02/25 19:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2008/03/26 14:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2009/06/04 14:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IronCode
[2010/02/14 22:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2009/11/08 13:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lazy Turtle Games
[2009/01/20 15:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/08/04 18:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Little Games Company
[2008/06/06 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2010/11/15 20:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MA2
[2009/08/11 15:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MagicBall4
[2009/12/04 21:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MastersOfMystery2
[2010/06/24 21:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Merscom
[2010/06/11 22:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2009/12/02 11:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Orneon
[2009/12/10 15:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OtherSide Realm of Eons
[2009/12/10 14:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2010/11/06 18:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayPond
[2008/06/05 16:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pogo Games
[2011/08/12 13:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong
[2010/05/12 15:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RainbowGames
[2009/01/28 19:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RobinsonCrusoe
[2008/06/10 14:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SBTT
[2009/01/19 20:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecretIslandEng
[2009/02/28 18:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SerpentOfIsis
[2009/08/13 16:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\she_is_a_shadow
[2008/07/11 14:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skinux
[2009/04/17 17:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skunk Studios
[2008/07/29 15:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SprillBermudeEng
[2011/04/14 13:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TechWizard
[2009/04/20 18:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TikGames
[2008/07/09 17:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Turtle Odyssey II
[2008/11/14 20:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2009/10/23 19:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2010/11/27 15:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YoudaGames
[2011/10/29 11:35:36 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
bigdaddycvk
Active Member
 
Posts: 13
Joined: October 26th, 2011, 2:44 pm

Re: possible malware for bigdaddycvk

Unread postby askey127 » October 29th, 2011, 3:36 pm

bigdaddycvk,
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *graboid*
    (IHA_MessageCenter service*
    *uTorrent*
    
    :folderfind
    *graboid*
    *IHA_MessageCenter service*
    *uTorrent*
    
    :Regfind
    graboid
    IHA_MessageCenter
    uTorrent
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: possible malware for bigdaddycvk

Unread postby bigdaddycvk » October 29th, 2011, 9:13 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 21:08 on 29/10/2011 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "*graboid*"
No files found.

Searching for "(IHA_MessageCenter service*"
No files found.

Searching for "*uTorrent*"
C:\WINDOWS\Prefetch\UTORRENT.EXE-0AD1AEE9.pf --a---- 66552 bytes [13:04 29/10/2011] [15:18 29/10/2011] 8FB32535B6257877DB87852DC981721C

========== folderfind ==========

Searching for "*graboid*"
C:\Program Files\Graboid d------ [19:08 13/10/2011]

Searching for "*IHA_MessageCenter service*"
No folders found.

Searching for "*uTorrent*"
No folders found.

========== Regfind ==========

Searching for "graboid"
No data found.

Searching for "IHA_MessageCenter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Verizon|IHA_MessageCenter|Bin|CmdAgent.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Verizon|IHA_MessageCenter|Bin|DisplayAgent.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Verizon|IHA_MessageCenter|Bin|Interop.NATUPNPLib.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Verizon|IHA_MessageCenter|Bin|Interop.NETCONLib.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Verizon|IHA_MessageCenter|Bin|Interop.NetFwTypeLib.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Verizon|IHA_MessageCenter|Bin|log4net.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Verizon|IHA_MessageCenter|Bin|MemoryAnalyzer.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Verizon|IHA_MessageCenter|Bin|Verizon_IHAMessageCenter.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9283180872EB9974B87CF2577A6BBC05]
"ProductName"="IHA_MessageCenter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9283180872EB9974B87CF2577A6BBC05\SourceList]
"PackageName"="IHA_MessageCenter.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Verizon\IHA_MessageCenter\Bin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Verizon\IHA_MessageCenter\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Verizon\IHA_MessageCenter\Templates\OUTAGE_1_0\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Verizon\IHA_MessageCenter\Templates\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Verizon\IHA_MessageCenter\Templates\VOICE_MAIL_1_0\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Verizon\IHA_MessageCenter\Messages\Processed\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Verizon\IHA_MessageCenter\Messages\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Verizon\IHA_MessageCenter\Templates\CREDIT_CARD_1_0\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Verizon\IHA_MessageCenter\Config\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04017A5189B1C2FD8FEE5753384A0A88]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\OUTAGE_1_0\update.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\06D6F54DEB00B84EEE97E29C4CAF0132]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\VOICE_MAIL_1_0\iha_icon.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0ABF9017A7CBE83AB394CCE5577CE97A]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\OUTAGE_1_0\remind.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0F7273C4671B851025E6F868067A44A2]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\OUTAGE_1_0\ihalogo.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\145A6B43184AEEEAD159BAB1690595DB]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\OUTAGE_1_0\close.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15DDA3B9B92FD69DD82B25C172978455]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Bin\CmdAgent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\21D89531607461A1AC1477D4A9E724F6]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\OUTAGE_1_0\box_bg.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DCB8D7C4BA75507B1FA34C5A6641423]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\OUTAGE_1_0\Client_Rules.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30176299287E2C423EB95F70523945A6]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\VOICE_MAIL_1_0\close.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\335B89C2BB44D1E6D4E528922D85849B]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\VOICE_MAIL_1_0\Client_Rules.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3568E0B24BF79BB035C24843BDCFC7F8]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\OUTAGE_1_0\Message.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35F1493FB5D5E17AFBAFF233537B0AB3]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\OUTAGE_1_0\outage_box_bg.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38F9C298B8924EC9A2541AF8A48228AB]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\VOICE_MAIL_1_0\pat2.mid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C8B502AA9DCF7E1144AA4190FDB80C8]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Bin\log4net.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3D69D1D4D2C84A7B34A3C9018A4AFFBE]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\VOICE_MAIL_1_0\MessageCenter.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FFDA9A0F9C6F2ECC0D9EFECD402788D]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Config\ClientDefaultProperties.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\439B783E2C64B2373CA3DD5C7D3C199F]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\VOICE_MAIL_1_0\box_bg.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4ABCF34F146B1B2A8E8722DA6E9C19B2]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Messages\Processed\test.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B8B6652BFECB775736481D66C4B8CE7]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Bin\log.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F6DB27071AAC3FCCA038CDB787CE224]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\OUTAGE_1_0\vmail_box_bg.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\57647273D7D21A78E2E34A67430F07AF]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Bin\DisplayAgent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E0A82B3F70D176378205304DDE818F5]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\CREDIT_CARD_1_0\update.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5F999309C552F0181DB5CF05E778ACAF]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Bin\startuptasklist.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6EEFEF68624EB856F0DA6FEA6E74D44B]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Bin\hnetcfg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7681D7E965A09C254F5CA256636690B2]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85F1E745A378E0BB8CA249EEA6E2436C]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\VOICE_MAIL_1_0\msgcenter.css"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B2084E667207481A21515CED615F4F7]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\CREDIT_CARD_1_0\msgcenter.css"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8BC3CAA8C461962E558A58A95727C0C2]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Bin\Interop.NetFwTypeLib.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D0FEC5F064A103A58DBA6C11A26825D]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\VOICE_MAIL_1_0\speaker.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DABAFE9EB6F44F36636892DEB5CB75C]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\CREDIT_CARD_1_0\box_bg.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97181CE16A03EA69159B2738BFA823EE]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\CREDIT_CARD_1_0\Message.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\973C55701A5DD2A50B6E3568D99A4EAA]
"9283180872EB9974B87CF2577A6BBC05"="02:\Software\Verizon\IHA_MessageCenter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A7185BCFACA2FCD0670A4E176B9A6CC9]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\VOICE_MAIL_1_0\vmail_box_bg.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9CFB600E77FCDD887F9FAAF4FFCB35F]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Bin\MemoryAnalyzer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD6E10AAED911EF2E9905E4EF869BF87]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\OUTAGE_1_0\MessageCenter.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ADD087F5FA53831ABD92364DC93D3B57]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\CREDIT_CARD_1_0\remind.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA75B6AEFBDE7923AAD4F073BBF967BE]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\VOICE_MAIL_1_0\ihalogo.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB95A393533F782305E162CE0976AEFA]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BBBA01CAA37DF1B82035ADC0FE5998C7]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Bin\Interop.NETCONLib.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BE5C41C65E5B5DD7B55041E9860D710F]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\VOICE_MAIL_1_0\Message.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BE710DC69E1B7CB006F7E3DFD2B06FA4]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\OUTAGE_1_0\speaker.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C209A33DD5A4E0301C79152350A0FA71]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\CREDIT_CARD_1_0\close.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C48B161129F6CFD52C1EBC5C6854389B]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\VOICE_MAIL_1_0\vmail_msgcenter.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D690E9763A9DB3CCB674455B30216800]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\VOICE_MAIL_1_0\update.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6BD163F871E8CA90FDE11B0715C0307]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\OUTAGE_1_0\iha_icon.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EA6309C7673FD76371A5A56AFBEED353]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\OUTAGE_1_0\msgcenter.css"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EB2A02026A2F3ED376C63F00D1788E65]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Config\ClientConfigProperties.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC63876DF3153543AEFAB96036FA5B52]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Bin\Interop.NATUPNPLib.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3BC90A91B489B7D407B4C0B1E1D398F]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\VOICE_MAIL_1_0\remind.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FCDCEC820DDF9D61F8D4BE4EB3084818]
"9283180872EB9974B87CF2577A6BBC05"="C:\Program Files\Verizon\IHA_MessageCenter\Templates\CREDIT_CARD_1_0\MessageCenter.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9283180872EB9974B87CF2577A6BBC05\InstallProperties]
"DisplayName"="IHA_MessageCenter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80813829-BE27-4799-8BC7-2F75A7B6CB50}]
"DisplayName"="IHA_MessageCenter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Verizon\IHA_MessageCenter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IHA_MESSAGECENTER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IHA_MESSAGECENTER\0000]
"Service"="IHA_MessageCenter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IHA_MESSAGECENTER\0000]
"DeviceDesc"="IHA_MessageCenter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application]
"Sources"="Zune WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WebClient VSS VBRuntime Userinit Userenv UploadM UPHClean tgsrvc_verizondm System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Spybot - Search & Destroy 2 sprtsvc_verizondm SpoolerCtrs Software Restriction Policies Software Installation SNL HiveManager ServiceModel Audit 3.0.0.0 SecurityCenter SeaPort SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance Protexis Licensing Service PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NDP1.1sp1-KB979906-X86 NDP1.1sp1-KB953297-X86 NDP1.1sp1-KB2572067-X86 NDP1.1sp1-KB2416447-X86 MSSQLSERVER/MSDE MSSHA MsiInstaller MSDTC Client MSDTC MSDMine MPSampleSubmission mnmsrvc Microsoft.Transactions.Bridge 3.0.0.0 Microso
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IHA_MessageCenter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IHA_MessageCenter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IHA_MessageCenter]
"ImagePath"=""C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IHA_MessageCenter\Enum]
"0"="Root\LEGACY_IHA_MESSAGECENTER\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50000:UDP"="50000:UDP:*:Enabled:IHA_MessageCenter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_IHA_MESSAGECENTER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_IHA_MESSAGECENTER\0000]
"Service"="IHA_MessageCenter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_IHA_MESSAGECENTER\0000]
"DeviceDesc"="IHA_MessageCenter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application]
"Sources"="Zune WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WebClient VSS VBRuntime Userinit Userenv UploadM UPHClean tgsrvc_verizondm System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Spybot - Search & Destroy 2 sprtsvc_verizondm SpoolerCtrs Software Restriction Policies Software Installation SNL HiveManager ServiceModel Audit 3.0.0.0 SecurityCenter SeaPort SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance Protexis Licensing Service PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NDP1.1sp1-KB979906-X86 NDP1.1sp1-KB953297-X86 NDP1.1sp1-KB2572067-X86 NDP1.1sp1-KB2416447-X86 MSSQLSERVER/MSDE MSSHA MsiInstaller MSDTC Client MSDTC MSDMine MPSampleSubmission mnmsrvc Microsoft.Transactions.Bridge 3.0.0.0 Microso
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\IHA_MessageCenter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\IHA_MessageCenter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\IHA_MessageCenter]
"ImagePath"=""C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50000:UDP"="50000:UDP:*:Enabled:IHA_MessageCenter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IHA_MESSAGECENTER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IHA_MESSAGECENTER\0000]
"Service"="IHA_MessageCenter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IHA_MESSAGECENTER\0000]
"DeviceDesc"="IHA_MessageCenter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
"Sources"="Zune WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WebClient VSS VBRuntime Userinit Userenv UploadM UPHClean tgsrvc_verizondm System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Spybot - Search & Destroy 2 sprtsvc_verizondm SpoolerCtrs Software Restriction Policies Software Installation SNL HiveManager ServiceModel Audit 3.0.0.0 SecurityCenter SeaPort SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance Protexis Licensing Service PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NDP1.1sp1-KB979906-X86 NDP1.1sp1-KB953297-X86 NDP1.1sp1-KB2572067-X86 NDP1.1sp1-KB2416447-X86 MSSQLSERVER/MSDE MSSHA MsiInstaller MSDTC Client MSDTC MSDMine MPSampleSubmission mnmsrvc Microsoft.Transactions.Bridge 3.0.0.0 Mic
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IHA_MessageCenter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHA_MessageCenter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHA_MessageCenter]
"ImagePath"=""C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHA_MessageCenter\Enum]
"0"="Root\LEGACY_IHA_MESSAGECENTER\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50000:UDP"="50000:UDP:*:Enabled:IHA_MessageCenter"

Searching for "uTorrent"
[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"item"="uTorrent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"command"=""F:\New Folder (2)\uTorrent.exe""
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"F:\New Folder (2)\uTorrent.exe"="µTorrent"
[HKEY_USERS\S-1-5-21-1202660629-2077806209-725345543-1003\Software\Classes\Applications\uTorrent.exe]
[HKEY_USERS\S-1-5-21-1202660629-2077806209-725345543-1003_Classes\Applications\uTorrent.exe]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"F:\New Folder (2)\uTorrent.exe"="µTorrent"

-= EOF =-
bigdaddycvk
Active Member
 
Posts: 13
Joined: October 26th, 2011, 2:44 pm

Re: possible malware for bigdaddycvk

Unread postby askey127 » November 2nd, 2011, 4:04 pm

bigdaddycvk,
If you are still with me, let me apologize for the delay.
Our town got zapped with a large snowstorm that wiped out power and my ISP.
Could not get a message out or in.

What do you use the Verizon Messaging system for?
Is Verizon your Internet provider?
Were you getting help for your computer from Verizon? Are you still?

----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Reg
    [-HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "F:\New Folder (2)\uTorrent.exe"=-
    [-HKEY_USERS\S-1-5-21-1202660629-2077806209-725345543-1003\Software\Classes\Applications\uTorrent.exe]
    [-HKEY_USERS\S-1-5-21-1202660629-2077806209-725345543-1003_Classes\Applications\uTorrent.exe]
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "F:\New Folder (2)\uTorrent.exe"=-
    
    :Files
    C:\WINDOWS\Prefetch\UTORRENT.EXE-0AD1AEE9.pf
    C:\Program Files\Graboid
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Let me know about the answers to the questions.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: possible malware for bigdaddycvk

Unread postby bigdaddycvk » November 2nd, 2011, 5:06 pm

Hello Askey127! no problem about the delay. Thank you so much for your assistance in getting my system cleaned up. I am not sure exactly when, but over the past few weeks it has been acting different - much slower. Noticeable still, specifically at start-up. Regarding the Verizon messanger, I may have had some help from them when I first subscribe to Verizon - who is our internet provider, although I see no reason to still have that function on my computer. Below are the results of the latest OTL scan...

OTL logfile created on: 11/2/2011 4:52:33 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.39% Memory free
2.41 Gb Paging File | 2.11 Gb Available in Paging File | 87.46% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 11.92 Gb Free Space | 31.98% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 864.77 Gb Free Space | 92.83% Space Free | Partition Type: NTFS

Computer Name: BIGDADDYCVK | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/28 13:01:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ZuneBusEnum)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/10/13 17:06:34 | 000,098,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2008/03/13 21:51:25 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe -- (GoToAssist)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - [2011/11/02 16:50:20 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{61AFA7C2-E33A-4225-BDC8-7B50D58C9855}\MpKslc12bc003.sys -- (MpKslc12bc003)
DRV - [2011/11/02 11:40:02 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{61AFA7C2-E33A-4225-BDC8-7B50D58C9855}\MpKslbc360b95.sys -- (MpKslbc360b95)
DRV - [2009/08/19 17:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/04/16 13:28:02 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www22.verizon.com/Foryourhome/My ... Login.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FF 83 46 0F 9F F8 49 44 9C D8 C3 2D FC C1 F1 73 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60364

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 60364
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/03/21 14:26:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.1.0.37\coFFFw\

[2010/02/18 19:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/03/28 12:28:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/10/31 08:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions
[2011/10/30 15:31:51 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{0ae09f56-98e9-4edf-b01a-aca34e2dbb57}
[2011/08/11 18:21:51 | 000,000,000 | ---D | M] (SocialRibbons LP2) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{0dd5ab7a-9db5-0aa4-e914-7148cd6c0afc}
[2010/02/18 20:54:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/02 16:43:30 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{d2650d22-6a2b-4429-9515-47ddcf7b7690}
[2011/08/11 20:19:38 | 000,000,000 | ---D | M] (Window Shopper - Powered by Superfish) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\superfish@superfish.com
[2011/08/11 18:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{0dd5ab7a-9db5-0aa4-e914-7148cd6c0afc}\chrome\content\dca\core\extensionManager
[2010/03/10 11:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/07/30 16:34:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/07 13:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober253188250.gif
[2010/05/14 18:31:04 | 000,000,196 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober253188250.src

O1 HOSTS File: ([2010/11/11 11:33:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {0F4683FF-F89F-4449-9CD8-C32DFCC1F173} - C:\Documents and Settings\Owner\Local Settings\Application Data\TCPIPWOW64.dll (Microsoft Corporation)
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KeyboardUpdateService] C:\Documents and Settings\All Users\Application Data\KeyboardUpdateService.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 5858423406 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizon.com/FiOSVoice/UnP ... VMUtil.CAB (IOBIVMUtil.VMDecoder)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugi ... ctivex.cab (P3DActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4F9C0D7-C5C1-42D8-83A5-79E75927912C}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/13 22:29:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/05 16:52:52 | 000,000,000 | R--D | M] - F:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\G:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/01 10:35:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/10/29 11:24:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/29 01:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/10/29 01:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/29 00:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/29 00:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2011/10/29 00:20:46 | 000,000,000 | ---D | C] -- C:\MATS
[2011/10/29 00:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/10/29 00:06:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/10/28 13:00:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/10/27 19:15:26 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\KeyboardUpdateService.dll
[2011/10/27 19:15:24 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Local Settings\Application Data\TCPIPWOW64.dll
[2011/10/26 15:52:57 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Local Settings\Application Data\ServicePTR.dll
[2011/10/22 13:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gD01677OhLlH01677
[2011/10/13 17:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/02 16:55:20 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/02 16:48:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/01 14:03:43 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\dff88273
[2011/11/01 13:56:30 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\3f257d8c
[2011/11/01 12:23:28 | 000,011,624 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\2880f589
[2011/10/31 20:40:06 | 000,360,653 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Photo0028.jpg
[2011/10/31 15:00:39 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/10/29 01:03:03 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/28 23:48:39 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\57808d73
[2011/10/28 20:03:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/28 13:01:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/10/27 07:27:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/22 13:25:02 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Security Essentials.lnk
[2011/10/13 03:47:00 | 000,397,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/13 03:27:37 | 000,444,010 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/13 03:27:37 | 000,072,268 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/12 11:10:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/31 20:40:04 | 000,360,653 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Photo0028.jpg
[2011/10/29 01:03:03 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/28 23:48:39 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\57808d73
[2011/10/28 15:22:48 | 000,011,624 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\2880f589
[2011/10/27 19:41:45 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\3f257d8c
[2011/10/27 19:40:49 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dff88273
[2011/10/22 13:25:02 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Security Essentials.lnk
[2011/09/06 19:36:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Developer Tools
[2010/10/26 21:30:25 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2010/10/18 18:46:43 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2010/09/15 20:29:39 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\CFD22FE827.sys
[2010/09/15 20:29:38 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/03/31 03:17:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/03/24 13:08:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/03/23 18:48:47 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPNX210.ini
[2010/03/18 12:41:53 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/03/18 12:41:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Distortion
[2010/03/18 12:38:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Documents
[2010/03/18 12:38:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\DirectoryService
[2010/03/18 12:38:52 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Electric Clav
[2010/03/18 12:38:51 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/02/24 09:12:41 | 000,019,083 | ---- | C] () -- C:\WINDOWS\System32\DELTREE.EXE
[2010/02/18 18:17:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\ICSweep.exe
[2010/02/18 15:58:38 | 000,332,800 | ---- | C] () -- C:\WINDOWS\mcwget.exe
[2010/02/18 15:53:21 | 000,000,163 | ---- | C] () -- C:\WINDOWS\UltraVNC.ini
[2010/02/07 17:44:27 | 000,000,019 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/01/27 15:35:56 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
[2009/01/27 15:35:56 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2009/01/20 15:35:24 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/01/20 15:35:24 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/01/20 15:35:24 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/01/20 15:35:24 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/01/20 15:35:24 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/01/20 15:35:24 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/01/20 15:35:24 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/01/20 15:35:24 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/01/20 15:35:24 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/01/20 15:35:24 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/01/20 15:35:24 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/01/20 15:35:24 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/01/20 15:35:24 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/01/20 15:35:24 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/01/20 15:35:24 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/01/20 15:35:23 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/01/20 15:33:06 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPSCX7400.ini
[2008/12/29 18:32:05 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2008/09/22 21:00:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/08/20 22:23:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/08/03 21:36:52 | 000,019,564 | ---- | C] () -- C:\WINDOWS\safasic.com
[2008/08/03 00:04:45 | 000,012,695 | ---- | C] () -- C:\WINDOWS\System32\wihusu.dat
[2008/07/29 16:12:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/05 20:12:36 | 000,090,656 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/31 15:22:45 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/03/21 19:47:20 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/17 21:22:09 | 000,000,261 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/03/16 04:45:55 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/03/13 22:35:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/13 22:27:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/13 17:20:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/13 17:19:51 | 000,397,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 03:56:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\smbinst.exe
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,444,010 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,072,268 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:38:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\netui1.dll
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/03 13:17:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\zipfldr.dll
[2003/01/16 13:22:44 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2003/01/16 13:22:44 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2001/08/06 23:16:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\OTS_UI.EXE

========== LOP Check ==========

[2008/05/27 16:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3 Blokes Studios
[2008/07/06 19:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aveyond I
[2011/08/31 20:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2009/11/11 12:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2010/09/15 20:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2008/03/17 21:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/03/13 21:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/01/27 14:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/01/27 14:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/10/18 14:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2010/03/18 12:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/03/23 18:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/05/22 17:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2009/11/10 17:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2
[2011/02/06 20:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2009/04/22 16:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Forge of Games
[2008/12/16 19:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2011/10/22 23:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gD01677OhLlH01677
[2009/11/14 14:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2009/08/04 18:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Little Games Company
[2008/06/06 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/06/24 21:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/03/01 13:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MinigolfVUG_TacoBell2
[2009/08/04 18:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/07/30 19:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2010/03/04 18:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2009/02/19 19:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nick Chase A Detective Story
[2010/03/18 12:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/01/10 20:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2009/01/27 14:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/10 14:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/01/28 20:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2009/07/23 19:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/02/18 12:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpecialBit
[2011/04/14 13:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/08/31 21:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/20 18:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TikGames
[2010/03/23 18:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/03/18 12:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/06/16 21:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/01/13 11:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/08 12:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/04/03 21:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/01 21:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/05 13:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 16:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/15 12:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\3Stars
[2009/11/08 18:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Alawar
[2010/05/13 13:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AlderGames
[2009/08/06 21:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artogon
[2010/02/21 19:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aveyond 3
[2008/09/13 11:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aveyond II
[2009/04/21 20:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Be a King
[2010/12/15 12:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish Games
[2009/11/11 12:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\blg
[2008/06/23 16:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bloom RU
[2009/07/08 21:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CallingID
[2008/03/26 10:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Citrix
[2008/12/14 16:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.BGHTRACKER.FF9A7CF7577196CAAC94550DA1D63F2169FB7F8F.1
[2009/08/30 15:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\comcasttb
[2009/01/31 10:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Coyotes Tale
[2009/11/07 22:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dekovir
[2009/01/27 14:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2011/10/29 00:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2010/04/29 17:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2009/11/07 22:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ERS G-Studio
[2009/04/21 15:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FirstColony
[2008/08/03 19:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ForgottenRiddles2
[2011/03/17 09:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Friday's games
[2010/06/26 11:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrimaStudio
[2010/11/16 16:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2008/07/31 15:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameHouse
[2010/02/25 19:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2008/03/26 14:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2009/06/04 14:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IronCode
[2010/02/14 22:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2009/11/08 13:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lazy Turtle Games
[2009/01/20 15:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/08/04 18:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Little Games Company
[2008/06/06 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2010/11/15 20:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MA2
[2009/08/11 15:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MagicBall4
[2009/12/04 21:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MastersOfMystery2
[2010/06/24 21:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Merscom
[2010/06/11 22:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2009/12/02 11:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Orneon
[2009/12/10 15:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OtherSide Realm of Eons
[2009/12/10 14:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2010/11/06 18:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayPond
[2008/06/05 16:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pogo Games
[2011/08/12 13:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong
[2010/05/12 15:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RainbowGames
[2009/01/28 19:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RobinsonCrusoe
[2008/06/10 14:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SBTT
[2009/01/19 20:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecretIslandEng
[2009/02/28 18:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SerpentOfIsis
[2009/08/13 16:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\she_is_a_shadow
[2008/07/11 14:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skinux
[2009/04/17 17:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skunk Studios
[2008/07/29 15:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SprillBermudeEng
[2011/04/14 13:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TechWizard
[2009/04/20 18:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TikGames
[2008/07/09 17:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Turtle Odyssey II
[2008/11/14 20:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2009/10/23 19:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2010/11/27 15:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YoudaGames
[2011/11/02 16:55:20 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
bigdaddycvk
Active Member
 
Posts: 13
Joined: October 26th, 2011, 2:44 pm

Re: possible malware for bigdaddycvk

Unread postby bigdaddycvk » November 2nd, 2011, 5:10 pm

Askey127, a few more things regarding my computer: over the past few days, when I try to get information from the google toolbar, I am constantly redirected to different sites.

Also, there has been an update sitting at the bottom of my screen for a few months now. When I try and update - it states "Some Update could not be installed", and lists a Microsoft Search Pack as not able to be installed.
bigdaddycvk
Active Member
 
Posts: 13
Joined: October 26th, 2011, 2:44 pm

Re: possible malware for bigdaddycvk

Unread postby askey127 » November 3rd, 2011, 12:30 pm

bigdaddycvk,
I don't know that I can help with the Search Pack.
Let's go after the rest.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL

I am assuming you did NOT purposely set up a proxy server on this machine.
If you DID set up a proxy and you want to retain it, do not copy the last five (5) lines from the Code box when you paste them into OTL.

  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
    :OTL
    [2010/02/18 20:54:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/08/11 18:21:51 | 000,000,000 | ---D | M] (SocialRibbons LP2) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{0dd5ab7a-9db5-0aa4-e914-7148cd6c0afc}
    [2011/08/11 20:19:38 | 000,000,000 | ---D | M] (Window Shopper - Powered by Superfish) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\superfish@superfish.com
    [2011/08/11 20:19:38 | 000,000,000 | ---D | M] (Window Shopper - Powered by Superfish) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\superfish@superfish.com
    [2011/08/11 18:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{0dd5ab7a-9db5-0aa4-e914-7148cd6c0afc}\chrome\content\dca\core\extensionManager
    O2 - BHO: (Reg Error: Value error.) - {0F4683FF-F89F-4449-9CD8-C32DFCC1F173} - C:\Documents and Settings\Owner\Local Settings\Application Data\TCPIPWOW64.dll (Microsoft Corporation)
    O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FF 83 46 0F 9F F8 49 44 9C D8 C3 2D FC C1 F1 73 [binary data]
    
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60364
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 60364
    FF - prefs.js..network.proxy.type: 1
    
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: possible malware for bigdaddycvk

Unread postby bigdaddycvk » November 3rd, 2011, 1:39 pm

Below are the results. There is now, every so often, an error that pops up stating something about a DLL error and it wants to send to Microsoft.

OTL logfile created on: 11/3/2011 1:26:32 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.53% Memory free
2.41 Gb Paging File | 2.12 Gb Available in Paging File | 87.60% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 11.76 Gb Free Space | 31.57% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 864.77 Gb Free Space | 92.83% Space Free | Partition Type: NTFS

Computer Name: BIGDADDYCVK | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/28 13:01:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ZuneBusEnum)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/10/13 17:06:34 | 000,098,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2008/03/13 21:51:25 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe -- (GoToAssist)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - [2011/11/03 13:20:57 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{350D035E-AA97-4436-8D39-86E2DC26262C}\MpKsl702f6b46.sys -- (MpKsl702f6b46)
DRV - [2011/11/03 02:14:27 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{350D035E-AA97-4436-8D39-86E2DC26262C}\MpKsl5ec68208.sys -- (MpKsl5ec68208)
DRV - [2009/08/19 17:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/04/16 13:28:02 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www22.verizon.com/Foryourhome/My ... Login.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/03/21 14:26:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.1.0.37\coFFFw\

[2010/02/18 19:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/03/28 12:28:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/11/03 13:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions
[2011/10/30 15:31:51 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{0ae09f56-98e9-4edf-b01a-aca34e2dbb57}
[2011/11/03 13:14:17 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{d2650d22-6a2b-4429-9515-47ddcf7b7690}
[2010/03/10 11:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/07/30 16:34:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/07 13:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober253188250.gif
[2010/05/14 18:31:04 | 000,000,196 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober253188250.src

O1 HOSTS File: ([2010/11/11 11:33:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KeyboardUpdateService] C:\Documents and Settings\All Users\Application Data\KeyboardUpdateService.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 5858423406 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizon.com/FiOSVoice/UnP ... VMUtil.CAB (IOBIVMUtil.VMDecoder)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugi ... ctivex.cab (P3DActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4F9C0D7-C5C1-42D8-83A5-79E75927912C}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/13 22:29:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/05 16:52:52 | 000,000,000 | R--D | M] - F:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\G:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/03 11:56:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/10/29 11:24:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/29 01:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/10/29 01:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/29 00:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/29 00:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2011/10/29 00:20:46 | 000,000,000 | ---D | C] -- C:\MATS
[2011/10/29 00:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/10/29 00:06:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/10/28 13:00:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/10/27 19:15:26 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\KeyboardUpdateService.dll
[2011/10/26 15:52:57 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Local Settings\Application Data\ServicePTR.dll
[2011/10/22 13:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gD01677OhLlH01677
[2011/10/13 17:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/03 13:26:04 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/03 13:18:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/03 13:15:24 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\dff88273
[2011/11/03 12:09:17 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\3f257d8c
[2011/11/03 07:27:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/01 12:23:28 | 000,011,624 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\2880f589
[2011/10/31 20:40:06 | 000,360,653 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Photo0028.jpg
[2011/10/31 15:00:39 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/10/29 01:03:03 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/28 23:48:39 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\57808d73
[2011/10/28 20:03:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/28 13:01:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/10/22 13:25:02 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Security Essentials.lnk
[2011/10/13 03:47:00 | 000,397,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/13 03:27:37 | 000,444,010 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/13 03:27:37 | 000,072,268 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/12 11:10:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/31 20:40:04 | 000,360,653 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Photo0028.jpg
[2011/10/29 01:03:03 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/28 23:48:39 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\57808d73
[2011/10/28 15:22:48 | 000,011,624 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\2880f589
[2011/10/27 19:41:45 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\3f257d8c
[2011/10/27 19:40:49 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dff88273
[2011/10/22 13:25:02 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Security Essentials.lnk
[2011/09/06 19:36:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Developer Tools
[2010/10/26 21:30:25 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2010/10/18 18:46:43 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2010/09/15 20:29:39 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\CFD22FE827.sys
[2010/09/15 20:29:38 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/03/31 03:17:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/03/24 13:08:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/03/23 18:48:47 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPNX210.ini
[2010/03/18 12:41:53 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/03/18 12:41:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Distortion
[2010/03/18 12:38:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Documents
[2010/03/18 12:38:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\DirectoryService
[2010/03/18 12:38:52 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Electric Clav
[2010/03/18 12:38:51 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/02/24 09:12:41 | 000,019,083 | ---- | C] () -- C:\WINDOWS\System32\DELTREE.EXE
[2010/02/18 18:17:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\ICSweep.exe
[2010/02/18 15:58:38 | 000,332,800 | ---- | C] () -- C:\WINDOWS\mcwget.exe
[2010/02/18 15:53:21 | 000,000,163 | ---- | C] () -- C:\WINDOWS\UltraVNC.ini
[2010/02/07 17:44:27 | 000,000,019 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/01/27 15:35:56 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
[2009/01/27 15:35:56 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2009/01/20 15:35:24 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/01/20 15:35:24 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/01/20 15:35:24 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/01/20 15:35:24 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/01/20 15:35:24 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/01/20 15:35:24 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/01/20 15:35:24 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/01/20 15:35:24 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/01/20 15:35:24 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/01/20 15:35:24 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/01/20 15:35:24 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/01/20 15:35:24 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/01/20 15:35:24 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/01/20 15:35:24 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/01/20 15:35:24 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/01/20 15:35:23 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/01/20 15:33:06 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPSCX7400.ini
[2008/12/29 18:32:05 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2008/09/22 21:00:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/08/20 22:23:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/08/03 21:36:52 | 000,019,564 | ---- | C] () -- C:\WINDOWS\safasic.com
[2008/08/03 00:04:45 | 000,012,695 | ---- | C] () -- C:\WINDOWS\System32\wihusu.dat
[2008/07/29 16:12:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/05 20:12:36 | 000,090,656 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/31 15:22:45 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/03/21 19:47:20 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/17 21:22:09 | 000,000,261 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/03/16 04:45:55 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/03/13 22:35:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/13 22:27:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/13 17:20:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/13 17:19:51 | 000,397,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 03:56:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\smbinst.exe
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,444,010 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,072,268 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:38:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\netui1.dll
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/03 13:17:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\zipfldr.dll
[2003/01/16 13:22:44 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2003/01/16 13:22:44 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2001/08/06 23:16:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\OTS_UI.EXE

========== LOP Check ==========

[2008/05/27 16:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3 Blokes Studios
[2008/07/06 19:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aveyond I
[2011/08/31 20:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2009/11/11 12:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2010/09/15 20:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2008/03/17 21:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/03/13 21:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/01/27 14:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/01/27 14:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/10/18 14:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2010/03/18 12:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/03/23 18:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/05/22 17:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2009/11/10 17:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2
[2011/02/06 20:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2009/04/22 16:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Forge of Games
[2008/12/16 19:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2011/10/22 23:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gD01677OhLlH01677
[2009/11/14 14:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2009/08/04 18:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Little Games Company
[2008/06/06 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/06/24 21:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/03/01 13:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MinigolfVUG_TacoBell2
[2009/08/04 18:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/07/30 19:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2010/03/04 18:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2009/02/19 19:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nick Chase A Detective Story
[2010/03/18 12:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/01/10 20:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2009/01/27 14:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/10 14:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/01/28 20:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2009/07/23 19:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/02/18 12:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpecialBit
[2011/04/14 13:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/08/31 21:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/20 18:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TikGames
[2010/03/23 18:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/03/18 12:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/06/16 21:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/01/13 11:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/08 12:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/04/03 21:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/01 21:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/05 13:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 16:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/15 12:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\3Stars
[2009/11/08 18:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Alawar
[2010/05/13 13:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AlderGames
[2009/08/06 21:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artogon
[2010/02/21 19:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aveyond 3
[2008/09/13 11:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aveyond II
[2009/04/21 20:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Be a King
[2010/12/15 12:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish Games
[2009/11/11 12:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\blg
[2008/06/23 16:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bloom RU
[2009/07/08 21:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CallingID
[2008/03/26 10:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Citrix
[2008/12/14 16:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.BGHTRACKER.FF9A7CF7577196CAAC94550DA1D63F2169FB7F8F.1
[2009/08/30 15:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\comcasttb
[2009/01/31 10:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Coyotes Tale
[2009/11/07 22:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dekovir
[2009/01/27 14:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2011/10/29 00:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2010/04/29 17:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2009/11/07 22:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ERS G-Studio
[2009/04/21 15:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FirstColony
[2008/08/03 19:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ForgottenRiddles2
[2011/03/17 09:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Friday's games
[2010/06/26 11:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrimaStudio
[2010/11/16 16:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2008/07/31 15:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameHouse
[2010/02/25 19:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2008/03/26 14:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2009/06/04 14:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IronCode
[2010/02/14 22:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2009/11/08 13:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lazy Turtle Games
[2009/01/20 15:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/08/04 18:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Little Games Company
[2008/06/06 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2010/11/15 20:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MA2
[2009/08/11 15:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MagicBall4
[2009/12/04 21:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MastersOfMystery2
[2010/06/24 21:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Merscom
[2010/06/11 22:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2009/12/02 11:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Orneon
[2009/12/10 15:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OtherSide Realm of Eons
[2009/12/10 14:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2010/11/06 18:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayPond
[2008/06/05 16:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pogo Games
[2011/08/12 13:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong
[2010/05/12 15:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RainbowGames
[2009/01/28 19:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RobinsonCrusoe
[2008/06/10 14:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SBTT
[2009/01/19 20:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecretIslandEng
[2009/02/28 18:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SerpentOfIsis
[2009/08/13 16:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\she_is_a_shadow
[2008/07/11 14:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skinux
[2009/04/17 17:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skunk Studios
[2008/07/29 15:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SprillBermudeEng
[2011/04/14 13:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TechWizard
[2009/04/20 18:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TikGames
[2008/07/09 17:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Turtle Odyssey II
[2008/11/14 20:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2009/10/23 19:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2010/11/27 15:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YoudaGames
[2011/11/03 13:26:04 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
bigdaddycvk
Active Member
 
Posts: 13
Joined: October 26th, 2011, 2:44 pm

Re: possible malware for bigdaddycvk

Unread postby bigdaddycvk » November 3rd, 2011, 1:43 pm

Askey127, the Windows PowerShell does not familiar either. Not sure if this is supposed to be on here...
bigdaddycvk
Active Member
 
Posts: 13
Joined: October 26th, 2011, 2:44 pm

Re: possible malware for bigdaddycvk

Unread postby askey127 » November 3rd, 2011, 3:59 pm

bigdaddycvk,
Next time you see an error message about a .dll file, please note the exact file name and write it down, along with what it says is the problem.

The PowerShell is a legitimate Microsoft program.
It is not harmful, and does not use a lot of resources. You can leave it alone.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Files
    
    C:\Documents and Settings\All Users\Application Data\DriverCure
    C:\Documents and Settings\All Users\Application Data\FileCure
    C:\Documents and Settings\Owner\Application Data\DriverCure
     ipconfig /flushdns /c
    
    :Commands
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: possible malware for bigdaddycvk

Unread postby bigdaddycvk » November 3rd, 2011, 5:31 pm

askey127,
When I click on information when the error pops up, it references a rundll32.exe, and states it is not able to be "run as an app". Below are most recent results from the OTL.

OTL logfile created on: 11/3/2011 5:25:02 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 83.10% Memory free
2.41 Gb Paging File | 2.26 Gb Available in Paging File | 93.44% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 11.73 Gb Free Space | 31.49% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 864.77 Gb Free Space | 92.83% Space Free | Partition Type: NTFS

Computer Name: BIGDADDYCVK | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/28 13:01:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ZuneBusEnum)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/10/13 17:06:34 | 000,098,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2008/03/13 21:51:25 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe -- (GoToAssist)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - [2011/11/03 17:25:53 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{350D035E-AA97-4436-8D39-86E2DC26262C}\MpKslfdc8cf22.sys -- (MpKslfdc8cf22)
DRV - [2011/11/03 13:20:57 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{350D035E-AA97-4436-8D39-86E2DC26262C}\MpKsl702f6b46.sys -- (MpKsl702f6b46)
DRV - [2009/08/19 17:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/04/16 13:28:02 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www22.verizon.com/Foryourhome/My ... Login.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/03/21 14:26:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.1.0.37\coFFFw\

[2010/02/18 19:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/03/28 12:28:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/11/03 13:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions
[2011/10/30 15:31:51 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{0ae09f56-98e9-4edf-b01a-aca34e2dbb57}
[2011/11/03 13:14:17 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{d2650d22-6a2b-4429-9515-47ddcf7b7690}
[2010/03/10 11:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/07/30 16:34:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/07 13:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober253188250.gif
[2010/05/14 18:31:04 | 000,000,196 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober253188250.src

O1 HOSTS File: ([2010/11/11 11:33:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KeyboardUpdateService] C:\Documents and Settings\All Users\Application Data\KeyboardUpdateService.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 5858423406 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizon.com/FiOSVoice/UnP ... VMUtil.CAB (IOBIVMUtil.VMDecoder)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugi ... ctivex.cab (P3DActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4F9C0D7-C5C1-42D8-83A5-79E75927912C}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/13 22:29:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/05 16:52:52 | 000,000,000 | R--D | M] - F:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\G:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/03 11:56:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/10/29 11:24:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/29 01:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/10/29 01:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/29 00:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/29 00:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2011/10/29 00:20:46 | 000,000,000 | ---D | C] -- C:\MATS
[2011/10/29 00:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/10/29 00:06:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/10/28 13:00:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/10/27 19:15:26 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\KeyboardUpdateService.dll
[2011/10/26 15:52:57 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Local Settings\Application Data\ServicePTR.dll
[2011/10/22 13:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gD01677OhLlH01677
[2011/10/13 17:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/03 17:33:26 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\3f257d8c
[2011/11/03 17:32:24 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\dff88273
[2011/11/03 17:31:02 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/03 17:22:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/03 07:27:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/01 12:23:28 | 000,011,624 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\2880f589
[2011/10/31 20:40:06 | 000,360,653 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Photo0028.jpg
[2011/10/31 15:00:39 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/10/29 01:03:03 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/28 23:48:39 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\57808d73
[2011/10/28 20:03:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/28 13:01:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/10/22 13:25:02 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Security Essentials.lnk
[2011/10/13 03:47:00 | 000,397,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/13 03:27:37 | 000,444,010 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/13 03:27:37 | 000,072,268 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/12 11:10:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/31 20:40:04 | 000,360,653 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Photo0028.jpg
[2011/10/29 01:03:03 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/28 23:48:39 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\57808d73
[2011/10/28 15:22:48 | 000,011,624 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\2880f589
[2011/10/27 19:41:45 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\3f257d8c
[2011/10/27 19:40:49 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dff88273
[2011/10/22 13:25:02 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Security Essentials.lnk
[2011/09/06 19:36:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Developer Tools
[2010/10/26 21:30:25 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2010/10/18 18:46:43 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2010/09/15 20:29:39 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\CFD22FE827.sys
[2010/09/15 20:29:38 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/03/31 03:17:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/03/24 13:08:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/03/23 18:48:47 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPNX210.ini
[2010/03/18 12:41:53 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/03/18 12:41:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Distortion
[2010/03/18 12:38:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Documents
[2010/03/18 12:38:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\DirectoryService
[2010/03/18 12:38:52 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Electric Clav
[2010/03/18 12:38:51 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/02/24 09:12:41 | 000,019,083 | ---- | C] () -- C:\WINDOWS\System32\DELTREE.EXE
[2010/02/18 18:17:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\ICSweep.exe
[2010/02/18 15:58:38 | 000,332,800 | ---- | C] () -- C:\WINDOWS\mcwget.exe
[2010/02/18 15:53:21 | 000,000,163 | ---- | C] () -- C:\WINDOWS\UltraVNC.ini
[2010/02/07 17:44:27 | 000,000,019 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/01/27 15:35:56 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
[2009/01/27 15:35:56 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2009/01/20 15:35:24 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/01/20 15:35:24 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/01/20 15:35:24 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/01/20 15:35:24 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/01/20 15:35:24 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/01/20 15:35:24 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/01/20 15:35:24 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/01/20 15:35:24 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/01/20 15:35:24 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/01/20 15:35:24 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/01/20 15:35:24 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/01/20 15:35:24 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/01/20 15:35:24 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/01/20 15:35:24 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/01/20 15:35:24 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/01/20 15:35:23 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/01/20 15:33:06 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPSCX7400.ini
[2008/12/29 18:32:05 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2008/09/22 21:00:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/08/20 22:23:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/08/03 21:36:52 | 000,019,564 | ---- | C] () -- C:\WINDOWS\safasic.com
[2008/08/03 00:04:45 | 000,012,695 | ---- | C] () -- C:\WINDOWS\System32\wihusu.dat
[2008/07/29 16:12:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/05 20:12:36 | 000,090,656 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/31 15:22:45 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/03/21 19:47:20 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/17 21:22:09 | 000,000,261 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/03/16 04:45:55 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/03/13 22:35:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/13 22:27:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/13 17:20:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/13 17:19:51 | 000,397,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 03:56:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\smbinst.exe
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,444,010 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,072,268 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:38:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\netui1.dll
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/03 13:17:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\zipfldr.dll
[2003/01/16 13:22:44 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2003/01/16 13:22:44 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2001/08/06 23:16:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\OTS_UI.EXE

========== LOP Check ==========

[2008/05/27 16:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3 Blokes Studios
[2008/07/06 19:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aveyond I
[2011/08/31 20:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2009/11/11 12:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2010/09/15 20:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2008/03/17 21:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/03/13 21:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/01/27 14:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/10/18 14:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2010/03/18 12:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/03/23 18:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/05/22 17:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2009/11/10 17:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2
[2009/04/22 16:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Forge of Games
[2008/12/16 19:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2011/10/22 23:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gD01677OhLlH01677
[2009/11/14 14:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2009/08/04 18:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Little Games Company
[2008/06/06 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/06/24 21:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/03/01 13:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MinigolfVUG_TacoBell2
[2009/08/04 18:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/07/30 19:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2010/03/04 18:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2009/02/19 19:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nick Chase A Detective Story
[2010/03/18 12:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/01/10 20:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2009/01/27 14:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/10 14:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/01/28 20:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2009/07/23 19:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/02/18 12:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpecialBit
[2011/04/14 13:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/08/31 21:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/20 18:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TikGames
[2010/03/23 18:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/03/18 12:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/06/16 21:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/01/13 11:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/08 12:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/04/03 21:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/01 21:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/05 13:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 16:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/15 12:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\3Stars
[2009/11/08 18:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Alawar
[2010/05/13 13:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AlderGames
[2009/08/06 21:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artogon
[2010/02/21 19:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aveyond 3
[2008/09/13 11:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aveyond II
[2009/04/21 20:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Be a King
[2010/12/15 12:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish Games
[2009/11/11 12:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\blg
[2008/06/23 16:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bloom RU
[2009/07/08 21:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CallingID
[2008/03/26 10:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Citrix
[2008/12/14 16:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.BGHTRACKER.FF9A7CF7577196CAAC94550DA1D63F2169FB7F8F.1
[2009/08/30 15:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\comcasttb
[2009/01/31 10:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Coyotes Tale
[2009/11/07 22:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dekovir
[2011/10/29 00:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2010/04/29 17:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2009/11/07 22:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ERS G-Studio
[2009/04/21 15:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FirstColony
[2008/08/03 19:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ForgottenRiddles2
[2011/03/17 09:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Friday's games
[2010/06/26 11:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrimaStudio
[2010/11/16 16:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2008/07/31 15:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameHouse
[2010/02/25 19:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2008/03/26 14:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2009/06/04 14:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IronCode
[2010/02/14 22:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2009/11/08 13:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lazy Turtle Games
[2009/01/20 15:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/08/04 18:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Little Games Company
[2008/06/06 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2010/11/15 20:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MA2
[2009/08/11 15:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MagicBall4
[2009/12/04 21:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MastersOfMystery2
[2010/06/24 21:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Merscom
[2010/06/11 22:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2009/12/02 11:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Orneon
[2009/12/10 15:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OtherSide Realm of Eons
[2009/12/10 14:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2010/11/06 18:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayPond
[2008/06/05 16:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pogo Games
[2011/08/12 13:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong
[2010/05/12 15:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RainbowGames
[2009/01/28 19:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RobinsonCrusoe
[2008/06/10 14:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SBTT
[2009/01/19 20:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecretIslandEng
[2009/02/28 18:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SerpentOfIsis
[2009/08/13 16:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\she_is_a_shadow
[2008/07/11 14:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skinux
[2009/04/17 17:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skunk Studios
[2008/07/29 15:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SprillBermudeEng
[2011/04/14 13:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TechWizard
[2009/04/20 18:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TikGames
[2008/07/09 17:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Turtle Odyssey II
[2008/11/14 20:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2009/10/23 19:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2010/11/27 15:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YoudaGames
[2011/11/03 17:31:02 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
bigdaddycvk
Active Member
 
Posts: 13
Joined: October 26th, 2011, 2:44 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware