Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

possible malware for bigdaddycvk

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: possible malware for bigdaddycvk

Unread postby askey127 » November 3rd, 2011, 7:31 pm

Rundll.exe is a normal, legitimate file that runs other files as applications.
Does it say "what???" it wants to run as an app? Some other file?
rundll.exe ...... ?
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Re: possible malware for bigdaddycvk

Unread postby bigdaddycvk » November 3rd, 2011, 8:19 pm

It pops up in a box, and states DLL encountered a problem running as an App. When I click to technical information, it states that the rundll32.exe has encountered a problem running as an app, and wants me to send to Microsoft.
bigdaddycvk
Active Member
 
Posts: 13
Joined: October 26th, 2011, 2:44 pm

Re: possible malware for bigdaddycvk

Unread postby askey127 » November 4th, 2011, 7:53 am

bigdaddycvk,
It's very difficult to tell which application is trying to use rundll.exe
It's OK and a good idea to send the information to Microsoft.
I don't believe you need GoToAssist any more, so we are uninstalling it.
Adobe Reader needs to be updated.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

GoToAssist 8.0.0.508
Adobe Reader 9.4.6

Take extra care in answering questions posed by any Uninstaller.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.1 are vulnerable.
Go HERE to download AdbeRdr1011_en_US.exe
Save the file to your desktop and run it to install the latest version of Adobe Reader.
After the new Reader is installed, Open Adobe Reader X, as it is called, and OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it finishes, you can remove the Installer from your desktop.
------------------------------------------------------------
Run MalwareBytes' Anti-Malware

As you already have Malwarebytes' Anti-Malware installed on your computer, could you please do a scan using this procedure:
  • Open Malwarebytes' Anti-Malware
  • Select the Update tab. Choose Check for Updates.
  • Restart Malwarebytes Anti-Malware after the Update if you have to.
  • After the update have been completed, select the Settings tab, then the Scanner Settings tab
  • For Action for Potentially Unwanted Programs (PUP), choose Show in results list and check for removal
  • Select to the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.
    The log can also be found via the Logs tab when the application is started.
Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot could prevent MBAM from removing all the malware it found.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: possible malware for bigdaddycvk

Unread postby bigdaddycvk » November 4th, 2011, 6:46 pm

Askey127,

I did everything as directed. When my computer just restarted, it came up with an error message stating the file path to keyboard run dll could not be found.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8086

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/4/2011 6:39:20 PM
mbam-log-2011-11-04 (18-39-20).txt

Scan type: Quick scan
Objects scanned: 213134
Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\documents and settings\all users\application data\keyboardupdateservice.dll (Trojan.SHarpro.PGen) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEAD004E-7E2D-49f8-831C-A01647E85B53} (PUP.MightyMagoo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEAD004E-7E2D-49f8-831C-A01647E85B53} (PUP.MightyMagoo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{97E74A14-E5F1-40CC-9B0F-0D11946E5469} (PUP.MightyMagoo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KeyboardUpdateService (Trojan.SHarpro.PGen) -> Value: KeyboardUpdateService -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Owner\local settings\application data\AOL\aolupdate\aolupdt32.dll (Trojan.SHarpro) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\application data\serviceptr.dll (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\keyboardupdateservice.dll (Trojan.SHarpro.PGen) -> Delete on reboot.
bigdaddycvk
Active Member
 
Posts: 13
Joined: October 26th, 2011, 2:44 pm

Re: possible malware for bigdaddycvk

Unread postby askey127 » November 4th, 2011, 7:38 pm

bigdaddycvk,
We should be able to get rid of that.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    O4 - HKCU..\Run: [KeyboardUpdateService] C:\Documents and Settings\All Users\Application Data\KeyboardUpdateService.dll (Microsoft Corporation)
    
    :Commands
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: possible malware for bigdaddycvk

Unread postby bigdaddycvk » November 5th, 2011, 6:20 am

Askey127, below are the results...

OTL logfile created on: 11/5/2011 6:13:38 AM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 83.49% Memory free
2.41 Gb Paging File | 2.25 Gb Available in Paging File | 93.34% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 11.50 Gb Free Space | 30.85% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 864.55 Gb Free Space | 92.81% Space Free | Partition Type: NTFS

Computer Name: BIGDADDYCVK | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/28 13:01:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ZuneBusEnum)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/10/13 17:06:34 | 000,098,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - [2011/11/05 06:14:25 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BCA077B5-D3DC-4248-99C1-48CB7C7612ED}\MpKsl4d99457b.sys -- (MpKsl4d99457b)
DRV - [2011/11/05 01:41:02 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BCA077B5-D3DC-4248-99C1-48CB7C7612ED}\MpKslb2448aea.sys -- (MpKslb2448aea)
DRV - [2009/08/19 17:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/04/16 13:28:02 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www22.verizon.com/Foryourhome/My ... Login.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/03/21 14:26:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.1.0.37\coFFFw\

[2010/02/18 19:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/03/28 12:28:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/11/03 13:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions
[2011/10/30 15:31:51 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{0ae09f56-98e9-4edf-b01a-aca34e2dbb57}
[2011/11/03 13:14:17 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9n0jygc.default\extensions\{d2650d22-6a2b-4429-9515-47ddcf7b7690}
[2010/03/10 11:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/07/30 16:34:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/07 13:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober253188250.gif
[2010/05/14 18:31:04 | 000,000,196 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober253188250.src

O1 HOSTS File: ([2010/11/11 11:33:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 5858423406 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizon.com/FiOSVoice/UnP ... VMUtil.CAB (IOBIVMUtil.VMDecoder)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugi ... ctivex.cab (P3DActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4F9C0D7-C5C1-42D8-83A5-79E75927912C}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/13 22:29:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/05 16:52:52 | 000,000,000 | R--D | M] - F:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\G:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/03 21:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BugBits
[2011/11/03 19:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Saved Games
[2011/11/03 19:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Floodlight Games
[2011/11/03 19:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2011/11/03 19:31:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hidden Expedition - The Uncharted Islands
[2011/11/03 11:56:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/10/29 11:24:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/29 01:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/10/29 01:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/29 00:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/29 00:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2011/10/29 00:20:46 | 000,000,000 | ---D | C] -- C:\MATS
[2011/10/29 00:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/10/29 00:06:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/10/28 13:00:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/10/22 13:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gD01677OhLlH01677
[2011/10/13 17:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/05 06:19:24 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/05 06:11:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/04 18:41:05 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\dff88273
[2011/11/04 18:38:28 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\3f257d8c
[2011/11/04 17:55:12 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/11/03 21:02:45 | 000,001,174 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2011/11/03 21:02:45 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play BugBits.lnk
[2011/11/03 19:32:51 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Hidden Expedition - The Uncharted Islands.lnk
[2011/11/03 19:22:23 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/03 18:09:02 | 000,011,624 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\2880f589
[2011/11/03 07:27:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/31 15:00:39 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/10/28 23:48:39 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\57808d73
[2011/10/28 20:03:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/28 13:01:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/10/22 13:25:02 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Security Essentials.lnk
[2011/10/13 03:47:00 | 000,397,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/13 03:27:37 | 000,444,010 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/13 03:27:37 | 000,072,268 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/12 11:10:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/04 17:55:12 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/11/04 17:55:09 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/03 21:02:45 | 000,001,174 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2011/11/03 21:02:45 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play BugBits.lnk
[2011/11/03 19:32:51 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Hidden Expedition - The Uncharted Islands.lnk
[2011/10/29 01:03:03 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/28 23:48:39 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\57808d73
[2011/10/28 15:22:48 | 000,011,624 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\2880f589
[2011/10/27 19:41:45 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\3f257d8c
[2011/10/27 19:40:49 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dff88273
[2011/10/22 13:25:02 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Security Essentials.lnk
[2011/09/06 19:36:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Developer Tools
[2010/10/26 21:30:25 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2010/10/18 18:46:43 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2010/09/15 20:29:39 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\CFD22FE827.sys
[2010/09/15 20:29:38 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/03/31 03:17:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/03/24 13:08:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/03/23 18:48:47 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPNX210.ini
[2010/03/18 12:41:53 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/03/18 12:41:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Distortion
[2010/03/18 12:38:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Documents
[2010/03/18 12:38:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\DirectoryService
[2010/03/18 12:38:52 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Electric Clav
[2010/03/18 12:38:51 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/02/24 09:12:41 | 000,019,083 | ---- | C] () -- C:\WINDOWS\System32\DELTREE.EXE
[2010/02/18 18:17:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\ICSweep.exe
[2010/02/18 15:58:38 | 000,332,800 | ---- | C] () -- C:\WINDOWS\mcwget.exe
[2010/02/18 15:53:21 | 000,000,163 | ---- | C] () -- C:\WINDOWS\UltraVNC.ini
[2010/02/07 17:44:27 | 000,000,019 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/01/27 15:35:56 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
[2009/01/27 15:35:56 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2009/01/20 15:35:24 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/01/20 15:35:24 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/01/20 15:35:24 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/01/20 15:35:24 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/01/20 15:35:24 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/01/20 15:35:24 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/01/20 15:35:24 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/01/20 15:35:24 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/01/20 15:35:24 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/01/20 15:35:24 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/01/20 15:35:24 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/01/20 15:35:24 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/01/20 15:35:24 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/01/20 15:35:24 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/01/20 15:35:24 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/01/20 15:35:23 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/01/20 15:33:06 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPSCX7400.ini
[2008/12/29 18:32:05 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2008/09/22 21:00:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/08/20 22:23:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/08/03 21:36:52 | 000,019,564 | ---- | C] () -- C:\WINDOWS\safasic.com
[2008/08/03 00:04:45 | 000,012,695 | ---- | C] () -- C:\WINDOWS\System32\wihusu.dat
[2008/07/29 16:12:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/05 20:12:36 | 000,090,656 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/31 15:22:45 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/03/21 19:47:20 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/17 21:22:09 | 000,000,261 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/03/16 04:45:55 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/03/13 22:35:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/13 22:27:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/13 17:20:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/13 17:19:51 | 000,397,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 03:56:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\smbinst.exe
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,444,010 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,072,268 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:38:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\netui1.dll
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/03 13:17:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\zipfldr.dll
[2003/01/16 13:22:44 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2003/01/16 13:22:44 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2001/08/06 23:16:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\OTS_UI.EXE

========== LOP Check ==========

[2008/05/27 16:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3 Blokes Studios
[2008/07/06 19:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aveyond I
[2011/08/31 20:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2009/11/11 12:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2010/09/15 20:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2008/03/17 21:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/03/13 21:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/01/27 14:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/10/18 14:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2010/03/18 12:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/03/23 18:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/05/22 17:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2009/11/10 17:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2
[2011/11/03 19:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2009/04/22 16:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Forge of Games
[2008/12/16 19:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2011/10/22 23:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gD01677OhLlH01677
[2009/11/14 14:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2009/08/04 18:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Little Games Company
[2008/06/06 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/06/24 21:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/03/01 13:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MinigolfVUG_TacoBell2
[2009/08/04 18:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/07/30 19:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2010/03/04 18:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2009/02/19 19:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nick Chase A Detective Story
[2010/03/18 12:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/01/10 20:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2009/01/27 14:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/10 14:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/01/28 20:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2009/07/23 19:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/02/18 12:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpecialBit
[2011/04/14 13:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/11/04 17:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/20 18:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TikGames
[2010/03/23 18:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/03/18 12:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/06/16 21:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/01/13 11:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/08 12:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/04/03 21:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/01 21:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/05 13:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 16:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/15 12:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\3Stars
[2009/11/08 18:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Alawar
[2010/05/13 13:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AlderGames
[2009/08/06 21:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artogon
[2010/02/21 19:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aveyond 3
[2008/09/13 11:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aveyond II
[2009/04/21 20:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Be a King
[2010/12/15 12:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish Games
[2009/11/11 12:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\blg
[2008/06/23 16:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bloom RU
[2009/07/08 21:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CallingID
[2008/03/26 10:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Citrix
[2008/12/14 16:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.BGHTRACKER.FF9A7CF7577196CAAC94550DA1D63F2169FB7F8F.1
[2009/08/30 15:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\comcasttb
[2009/01/31 10:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Coyotes Tale
[2009/11/07 22:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dekovir
[2011/10/29 00:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2010/04/29 17:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2009/11/07 22:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ERS G-Studio
[2009/04/21 15:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FirstColony
[2011/11/03 19:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Floodlight Games
[2008/08/03 19:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ForgottenRiddles2
[2011/03/17 09:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Friday's games
[2010/06/26 11:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrimaStudio
[2010/11/16 16:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2008/07/31 15:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameHouse
[2010/02/25 19:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2008/03/26 14:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2009/06/04 14:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IronCode
[2010/02/14 22:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2009/11/08 13:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lazy Turtle Games
[2009/01/20 15:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/08/04 18:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Little Games Company
[2008/06/06 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2010/11/15 20:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MA2
[2009/08/11 15:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MagicBall4
[2009/12/04 21:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MastersOfMystery2
[2010/06/24 21:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Merscom
[2010/06/11 22:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2009/12/02 11:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Orneon
[2009/12/10 15:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OtherSide Realm of Eons
[2009/12/10 14:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2010/11/06 18:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayPond
[2008/06/05 16:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pogo Games
[2011/08/12 13:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong
[2010/05/12 15:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RainbowGames
[2009/01/28 19:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RobinsonCrusoe
[2008/06/10 14:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SBTT
[2009/01/19 20:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecretIslandEng
[2009/02/28 18:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SerpentOfIsis
[2009/08/13 16:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\she_is_a_shadow
[2008/07/11 14:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skinux
[2009/04/17 17:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skunk Studios
[2008/07/29 15:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SprillBermudeEng
[2011/04/14 13:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TechWizard
[2009/04/20 18:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TikGames
[2008/07/09 17:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Turtle Odyssey II
[2008/11/14 20:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2009/10/23 19:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2010/11/27 15:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YoudaGames
[2011/11/05 06:19:24 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68A56598
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9689B72

< End of report >
bigdaddycvk
Active Member
 
Posts: 13
Joined: October 26th, 2011, 2:44 pm

Re: possible malware for bigdaddycvk

Unread postby askey127 » November 5th, 2011, 10:52 am

Looks pretty good. How is it running?
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: possible malware for bigdaddycvk

Unread postby bigdaddycvk » November 5th, 2011, 4:50 pm

It is still running slow compared to before I started having the problems. But if you see nothing wrong, I will get used to it! I truly appreciate all of your help in getting the bad stuff off. If you have any ideas of how to get it maybe running any faster, I am all ears. Otherwise, I thank you for your time!!!!!
bigdaddycvk
Active Member
 
Posts: 13
Joined: October 26th, 2011, 2:44 pm

Re: possible malware for bigdaddycvk

Unread postby askey127 » November 5th, 2011, 6:26 pm

bigdaddycvk,
You are most welcome !
You may want to take a look here: http://www.malwareremoval.com/tutorials ... slowly.php
It gives tips on fixing slower running machines.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware