Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Killed Virus, Still Missing Desktop & Start/Programs files - lMmik

Started by Babyfangs , Jun 06 2011 11:04 PM

  • Please log in to reply

#1
Babyfangs
Posted 06 June 2011 - 11:04 PM

Babyfangs

    New Member

  • Member
  • Pip
  • 1 posts
Hi -
I've read lots of posts and gone through the general spyware/virus removal items recommended. Our MS Security Essentials scan removed trojans and something else I can't recall at this point (hideicons virus?)...sorry...the first removal was an Alurian virus, then trojan this and that. Then I got nervous and did the 'rkill' and then 'Malbytes' to clean anything I missed...another virus was removed. The 'lMmikoMOHSe.exe' and '17948452.exe' kept coming up in rkill - I finally cleaned it enough times to kill everything...however...I still have the blue screen background (we had a photo up), missing icons (one of the rkill/virus remover hits brought up a few icons, but not all), and when you go to the start menu/all programs it says 'empty'. I know it's not empty, as I can go through the 'My Docs' and pull programs up that way. I have no idea at this point if I killed it or just don't know how to go further (I'm not an expert by any means). I generally use your site to kill trojans (we have the TFC, rKill, ERUNT, MBAM...we took MBAM off and traded for the MS Security Essentials), we had some problems with the redirect trojan in the past and cleaned right up (after an hour or two....). Yes, I've tried the right click/show icons, and at one point the photo came back, then disappeared again. I do have the bottom taskbar and can right click.

Can anyone help me get my desktop/start menu back? (my internet icon came back, so I can read/post here from the problem computer).
We run WIndows XP, below is my OTL.txt file copy.
Thank you thank you thank you (I've been at this for 5 hours...)

OTL logfile created on: 6/6/2011 9:32:09 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.93% Memory free
2.60 Gb Paging File | 2.11 Gb Available in Paging File | 81.27% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 47.76 Gb Free Space | 64.14% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/06 21:31:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:42 | 000,226,984 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/02/05 20:52:06 | 000,299,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live Safety Center\wlscUploader.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/01 21:19:43 | 001,529,856 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/06/22 01:23:40 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/09/03 13:16:56 | 000,217,088 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2003/07/11 15:51:16 | 000,057,344 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe
PRC - [2003/06/11 02:52:26 | 000,122,880 | ---- | M] (Visual Networks) -- C:\Program Files\Visual Networks\Visual IP InSight\SBC\ipmon32.exe
PRC - [2003/06/11 02:52:24 | 000,380,928 | ---- | M] (Visual Networks) -- C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
PRC - [2002/09/10 22:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe


========== Modules (SafeList) ==========

MOD - [2011/06/06 21:31:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/07/09 07:51:47 | 000,198,144 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2003/06/11 02:52:24 | 000,098,304 | ---- | M] (Visual Networks) -- C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPHk2KS2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (0323601299449581mcinstcleanup) McAfee Application Installer Cleanup (0323601299449581)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/06/06 20:59:45 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{455FE909-6522-47E8-BE56-6F92285FF5D6}\MpKslf4e1a4bb.sys -- (MpKslf4e1a4bb)
DRV - [2011/06/06 20:55:25 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{455FE909-6522-47E8-BE56-6F92285FF5D6}\MpKslb9007ee6.sys -- (MpKslb9007ee6)
DRV - [2010/09/22 22:20:55 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2009/11/11 12:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/11 12:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/08/19 09:49:37 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/08/19 09:49:36 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/11/20 15:14:28 | 000,646,825 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2003/11/20 15:13:40 | 001,232,741 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2003/11/20 15:12:56 | 000,059,717 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2003/11/20 15:12:42 | 000,037,048 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/08/28 16:58:40 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....Terms}&fr=yie7c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2007/04/18 03:32:37 | 000,007,288 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 0websearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 2005-search.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 600pics.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 absolutepics.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 ad.yieldmanager.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 alex.fileburst.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 all-tgp.org # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 apps.deskwizz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 awmdabest.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 barteros.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 besthardcore.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 best-targeted-traffic.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bins.elitemediagroup.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bn.i-ru.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bundleware.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 burnsrecyclinginc.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 campaigns.interclick.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 command.adservs.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 content.dollarrevenue.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 content.exetraffic.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 content2.dollarrevenue.com # ***Inserted By STOPzilla***
O1 - Hosts: 128 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [fontnav] C:\Program Files\WordPerfect Office 11\Font Navigator\FontNav.exe (Bitstream Inc.)
O4 - HKLM..\Run: [IPInSightLAN 02] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe (Visual Networks)
O4 - HKLM..\Run: [IPInSightMonitor 02] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo!, Inc.)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([pattta.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.micr.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1133516922296 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-its - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\System32\WRLogonNtf.dll (Webroot Software, Inc.)
O24 - Desktop Components:0 () - http://us.i1.yimg.co...2/sbc/right.gif
O24 - Desktop Components:1 () - file:///C:/Documents%20and%20Settings/Owner/My%20Documents/My%20Pictures/52002867.PM5
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/02 12:20:56 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/06 21:31:32 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/06 18:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/06 16:45:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/06/06 16:26:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Windows XP Restore
[2011/06/05 20:01:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Application Data\NevoSoft
[2011/05/30 15:20:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Application Data\RaidersLostTomb
[2011/05/18 14:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\SelectRebates
[2011/05/13 21:01:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/05/13 21:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/13 21:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/13 21:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/13 20:59:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/05/13 20:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/05/13 20:58:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple
[2011/05/13 20:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/05/13 20:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/05/13 20:57:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/05/13 20:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/13 20:56:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/05/13 20:56:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/05/13 18:02:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Application Data\Manifesto Games
[2011/05/08 18:31:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\My Documents\Maximize Games
[1 C:\Documents and Settings\Owner\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/06 21:31:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/06 21:04:45 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/06 21:00:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/06 20:59:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/06 20:47:32 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/06 20:47:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/06 18:07:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/06 17:46:15 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/03 17:10:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/29 15:18:30 | 000,002,262 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\stock_car_racing.pp.wpd
[2011/05/24 17:57:39 | 000,114,688 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/11 17:02:27 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/05/09 15:26:40 | 000,515,539 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\2750.pdf
[1 C:\Documents and Settings\Owner\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/06 18:07:19 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/06 17:46:15 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/29 15:18:30 | 000,002,262 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\stock_car_racing.pp.wpd
[2011/05/13 20:58:21 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/09 15:26:40 | 000,515,539 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\2750.pdf
[2011/03/05 14:20:53 | 000,011,756 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\1300347407
[2011/03/05 14:20:53 | 000,011,756 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1300347407
[2011/02/07 19:49:04 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~q5YWdIUwQr
[2011/02/07 19:49:04 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~q5YWdIUwQ
[2011/02/07 19:22:14 | 000,785,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/01 20:38:32 | 000,000,023 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/01/01 20:38:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/08/11 20:37:07 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/08/11 15:08:59 | 000,124,401 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2010/08/11 15:08:59 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2010/08/11 14:52:26 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/01/18 21:05:34 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/08/21 13:45:42 | 000,000,566 | ---- | C] () -- C:\WINDOWS\fnerr.dat
[2009/08/20 10:08:38 | 000,000,117 | ---- | C] () -- C:\WINDOWS\thumbs.ini
[2008/05/19 08:23:29 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/04/18 00:12:14 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2006/07/02 23:07:20 | 000,001,940 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\ViewerApp.dat
[2006/07/02 12:16:41 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/06/01 15:10:25 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/06/01 15:07:44 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2006/06/01 15:06:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2005/12/26 10:36:57 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/12/26 10:36:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/12/18 02:52:36 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2005/09/17 12:57:24 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/07/20 13:56:25 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\pwmdtl40.dll
[2005/07/20 13:56:25 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\cwsmaf40.dll
[2005/07/20 13:56:25 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\cwpwmd10.dll
[2005/07/20 13:56:24 | 001,097,728 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/07/20 13:56:24 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2005/07/20 13:56:24 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2005/07/20 13:56:24 | 000,182,784 | ---- | C] () -- C:\WINDOWS\System32\DGVorbis.dll
[2005/07/20 13:56:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Mp3dec.dll
[2005/07/20 13:56:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\MP3enc.dll
[2005/07/20 13:56:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2005/07/20 13:56:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/07/07 13:53:18 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2005/07/07 13:53:17 | 000,034,816 | ---- | C] () -- C:\WINDOWS\patch.exe
[2005/06/22 02:05:31 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/22 01:31:09 | 000,000,341 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/06/05 23:43:46 | 000,000,206 | ---- | C] () -- C:\WINDOWS\RealFlight.INI
[2005/03/16 18:31:21 | 000,114,688 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/14 01:26:57 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/11 23:25:39 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/01/09 11:14:03 | 000,061,678 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
[2005/01/09 11:14:03 | 000,012,358 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2005/01/09 11:12:29 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/12/28 17:24:00 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\msxmidi.exe
[2004/12/05 18:31:06 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\System32\jac.dll
[2004/11/27 23:07:23 | 000,000,154 | ---- | C] () -- C:\WINDOWS\sb_affiliate.ini
[2004/11/27 10:14:49 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\System32\d2kpax.exe
[2004/11/27 10:14:48 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\wininet32.exe
[2004/11/27 10:14:48 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\System32\system32.dll
[2004/11/27 10:14:48 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\rocky.exe
[2004/11/27 10:14:48 | 000,000,000 | RHS- | C] () -- C:\Program Files\q330994.exe
[2004/11/27 10:14:48 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\ntldr.exe
[2004/11/27 10:14:48 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\System32\msxslab.dll
[2004/11/27 10:14:48 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\mssys.com
[2004/11/27 10:14:48 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\dllhelp.exe
[2004/11/27 10:14:48 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\System32\d2kpax.dll
[2004/11/27 10:14:48 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\cvchost.exe
[2004/11/24 12:20:14 | 000,126,740 | ---- | C] () -- C:\Program Files\SBC Self Support Tool
[2004/11/24 12:11:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/11/24 11:24:14 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/11/24 11:16:29 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbacoin.ini
[2004/11/24 11:14:59 | 000,000,510 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2004/11/24 11:07:36 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2004/11/24 11:06:50 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/11/24 10:25:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/11/24 10:18:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/11/24 02:09:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/11/24 02:09:04 | 000,396,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/11/20 14:39:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/16 13:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 13:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 13:42:52 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\rdpcdd.sys
[2003/07/16 13:41:25 | 000,432,796 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 13:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 13:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 13:41:21 | 000,067,370 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 13:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 13:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 13:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 13:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 13:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/11/13 12:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbavs.dll

========== LOP Check ==========

[2010/03/01 17:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\263d4cd
[2009/12/03 17:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2011/03/30 19:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aliasworlds
[2010/11/21 20:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cupcakecafe
[2010/10/24 21:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Fishes
[2010/01/06 00:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2009/11/19 23:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2010/04/12 20:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America
[2010/03/11 17:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Arctica
[2011/03/16 15:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Madagascar
[2010/06/01 18:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2011/03/16 18:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/01/04 17:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/11/22 22:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2010/02/16 20:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GOA
[2011/03/02 19:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games
[2010/06/13 21:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2011/04/12 16:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2007/04/18 04:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Iomatic
[2010/01/24 12:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2010/03/20 20:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2010/11/14 00:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/11/21 19:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2010/02/01 23:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2011/04/11 21:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft-Breeze
[2010/11/26 18:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/04/29 22:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2011/01/23 17:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Robin Hood
[2011/01/20 19:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2007/04/18 02:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/03/06 13:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/25 23:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Terrafarmers
[2004/11/24 12:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2009/12/14 22:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Youdagames
[2007/04/18 02:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZILLAbar
[2010/07/12 19:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/05/13 21:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/07 15:04:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\1morebee
[2010/10/17 15:47:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\AlderGames
[2011/03/30 19:00:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\aliasworlds
[2010/10/15 21:29:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Be a King 2
[2010/10/29 16:36:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Boolat Games
[2010/01/18 21:06:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Camel101
[2009/03/01 00:53:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/11/02 14:16:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\ContentGuard
[2011/03/06 23:05:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\DivoGames
[2011/04/21 21:27:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Farm Mania 2.1
[2010/06/01 18:13:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\freshgames
[2011/03/12 16:44:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\FriendsGamesNetwork
[2010/07/18 20:34:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Fugazo
[2010/01/04 17:26:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\gamehouse
[2010/07/04 13:16:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\GamesCafe
[2010/02/16 20:07:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\GOA
[2009/12/28 19:18:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\GraveyardShift
[2011/03/02 19:38:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Green Clover Games
[2010/07/29 16:08:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Hotdog Hotshot
[2010/03/03 11:16:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\iMaxGen
[2011/01/29 01:54:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Islands
[2010/04/05 20:04:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Jane s Hotel Family Hero
[2004/12/29 14:55:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/02/06 21:52:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\LEGO Company
[2010/11/14 00:38:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2011/05/13 18:02:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Manifesto Games
[2010/01/31 21:54:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Meridian93
[2011/06/05 20:01:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\NevoSoft
[2010/06/12 19:12:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\NevoSoft Games
[2011/04/11 21:44:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Nevosoft-Breeze
[2010/08/08 20:05:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Peace Craft
[2010/08/25 23:48:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\PeaceCraft2
[2010/01/14 20:33:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Pi Eye Games
[2011/01/16 18:59:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2011/05/30 15:23:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\RaidersLostTomb
[2011/01/23 17:51:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Robin Hood
[2010/03/30 19:27:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\ShinyTales
[2010/06/07 16:31:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Super-Cow
[2011/01/18 17:24:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Supermarket Mania 2
[2011/03/22 12:35:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Vasilek Games
[2010/10/02 14:27:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\World-Loom
[2010/10/17 16:34:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Youdagames
[2011/06/06 21:04:45 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 55837 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PVX2VCGKMVF9V8N4TKBRVDNGCMXLJ4M28WDP36MLTJ5KJ4VPXHAT
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C04C48D4
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41B89F80
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18B7103A
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:399EDB8F
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:825D5945
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4295826C

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP