0

Any ideas on this one.....?

I cleaned down a virus infected pc (Windows XP Media Centre Edition SP3 with IE8). All the scans are now clean but iexplore.exe runs as a process in task manager. It throws an error every few minutes saying Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience.

Internet explorer works fine and I have no problem with internet access. The errors do not affect the running of IE.

I'm including the latest logs from Malware Bytes, and DDS ScanLogs.

I ran GMER Rootkit Scanner but the PC blue screened with the error PFN_LIST_CORRUPT.

I also have the original scan log from Malware Bytes identifying the original infectied items which I can include if required.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5518

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14/01/2011 10:48:34
mbam-log-2011-01-14 (10-48-34).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 375341
Time elapsed: 2 hour(s), 1 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


DDS.TXT

DDS (Ver_10-12-12.02) - NTFSx86
Run by nuala at 11:07:40.60 on 14/01/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.653 [GMT 0:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nuala\Desktop\Fixers\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ie/
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
uInternet Settings,ProxyServer = gateway.fasoffice.com:80
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat

7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and

settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common

files\mcafee\systemcore\ScriptSn.20101105163932.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {7F312B9A-208B-49FA-8218-B9AA22EC1463} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google

toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Open with Zoho Office Suite - file://c:/Program Files/zoho/zoho.htm
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-24 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-25 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-29 206096]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc

[2010-8-25 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-25

271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-25 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-25 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-25 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-25

141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-25 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-24 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-24 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-25 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-25 88544]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-9-1 36608]
S3 gel90xne;gel90xne;\??\c:\docume~1\roisin\locals~1\temp\gel90xne.sys --> c:\docume~1\roisin\locals~1\temp\gel90xne.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security

scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-25 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-25 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-24 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-24 40552]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [2011-1-11 27192]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-9-1 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-9-1 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-9-1 121856]
S4 gupdate1ca33e2b1ed34fe;Google Update Service (gupdate1ca33e2b1ed34fe);"c:\program files\google\update\googleupdate.exe"

/svc --> c:\program files\google\update\GoogleUpdate.exe [?]

=============== Created Last 30 ================

2011-01-12 13:21:16 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2011-01-11 14:52:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-11 14:52:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-11 14:52:29 -------- d-----w- c:\docume~1\nuala\applic~1\SUPERAntiSpyware.com
2011-01-11 14:41:18 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2011-01-11 14:41:18 -------- d-----w- c:\program files\SanityCheck
2011-01-11 14:15:39 4608 ----a-w- C:\msimg32.dll
2011-01-11 12:08:24 388096 ----a-r-

c:\docume~1\nuala\applic~1\microsoft\installer\{0761c9a8-8f3a-4216-b4a7-b7afbf24a24a}\HiJackThis.exe
2011-01-10 15:50:36 -------- d-----w- c:\docume~1\nuala\applic~1\Uniblue
2011-01-10 15:49:59 -------- d-----w- c:\docume~1\nuala\locals~1\applic~1\PackageAware
2011-01-10 15:20:01 -------- d-----w- c:\docume~1\nuala\locals~1\applic~1\NokiaAccount
2011-01-10 14:46:12 -------- dc-h--w- c:\windows\ie8
2011-01-10 11:12:51 -------- d-----w- c:\program files\TrendMicro
2011-01-07 19:46:55 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-07 19:46:55 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-07 16:04:58 -------- d-----w- c:\program files\jv16 PowerTools
2011-01-07 15:59:25 -------- d-----w- c:\windows\pss
2011-01-07 15:06:07 -------- d-----w- c:\docume~1\nuala\applic~1\Malwarebytes
2011-01-07 15:05:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-07 15:05:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-07 15:05:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-07 15:05:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-04 19:46:37 53248 ----a-w- c:\windows\system32\drivers\sst6BA.sys
2011-01-04 19:46:37 0 ----a-w- c:\windows\system32\drivers\sst6BA.tmp
2011-01-04 19:46:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\nJpCf06504
2011-01-01 22:19:18 -------- d-----w- c:\docume~1\nuala\applic~1\dingogames
2011-01-01 22:19:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\dingogames
2011-01-01 22:16:03 -------- d-----w- c:\program files\Tasty Planet - Back for Seconds
2010-12-27 23:27:57 -------- d-----w- c:\docume~1\nuala\applic~1\gogii
2010-12-23 19:19:09 -------- d-----w- c:\docume~1\nuala\applic~1\SpinTop Games

==================== Find3M ====================

2011-01-08 14:10:55 4236 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-01-08 14:10:54 88 --sh--r- c:\windows\system32\AD53B5037A.sys
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 18:46:58 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2009-04-09 18:55:17 774144 ----a-w- c:\program files\RngInterstitial.dll

============= FINISH: 11:14:59.76 ===============

ATTACH.TXT


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 15/09/2006 11:39:09
System Uptime: 14/01/2011 10:53:08 (1 hours ago)

Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 107 GiB total, 60.724 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 36.967 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6303 classic
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6303 classic
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

01 LFC strikers 2008-09
123 Free Memory Card Games
123 Free Puzzle
123 Free Solitaire for Children
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.9
BufferChm
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
Corel Photo Album 6
D4100
D4100_Help
Dell CinePlayer
Dell Driver Reset Tool
Dell Network Assistant
Dell Support 3.2
Dell System Restore
DeviceManagementQFolder
EA Download Manager
EA Download Manager UI
ESPNMotion
eSupportQFolder
Free Solitaire
Free Spider
Google Update Helper
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP Product Assistant
HP Product Detection
HP Solution Center 7.0
hph_ProductContext
hph_readme
hph_software
hph_software_req
HPPhotoSmartExpress
HPProductAssistant
ImageMixer VCD/DVD2 for OLYMPUS
InstantShareDevicesMFC
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 21
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
Mastery Series Texas Holdem
McAfee Security Scan Plus
McAfee SecurityCenter
MCU
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft WSE 3.0 Runtime
MSN
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
OLYMPUS Master
OpenOffice.org Installer 1.0
PanoStandAlone
PC Connectivity Solution
Picasa 3
Poker Challenge v2.05
QuickTime
QuickTime 3.0
RealPlayer
RealUpgrade 1.0
Rhapsody Player Engine
Rugrats(TM)
SAMSUNG USB Driver for Mobile Phones
SanityCheck 2.01
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SolutionCenter
Sonic Activation Module
Sonic Encoders
Status
System Requirements Lab
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Voyager USB Driver
WebFldrs XP
WebReg
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Zoo Tycoon 2 - Extinct Animals

==== Event Viewer Messages From Past Week ========

14/01/2011 08:45:21, error: System Error [1003] - Error code 0000004e, parameter1 00000007, parameter2

0000415d, parameter3 00000002, parameter4 00000000.
13/01/2011 09:02:31, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service

terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000

milliseconds: Restart the service.
12/01/2011 15:07:12, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/01/2011 14:33:55, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn

with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
11/01/2011 14:25:06, error: Service Control Manager [7026] - The following boot-start or system-start

driver(s) failed to load: Fips intelppm
10/01/2011 14:20:45, error: DCOM [10001] - Unable to start a DCOM Server:

{3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} as /. The error: "%233" Happened while starting this command:

"c:\PROGRA~1\mcafee.com\agent\mcagent.exe" -Embedding
07/01/2011 16:22:31, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer

with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
07/01/2011 15:52:57, error: Service Control Manager [7026] - The following boot-start or system-start

driver(s) failed to load: IntelIde
07/01/2011 15:51:32, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
07/01/2011 15:48:11, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv

with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
07/01/2011 15:47:18, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with

arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
07/01/2011 15:06:34, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn

with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
07/01/2011 15:05:41, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with

arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
07/01/2011 15:05:21, error: Service Control Manager [7026] - The following boot-start or system-start

driver(s) failed to load: AFD Fips intelppm IPSec mfehidk mfetdi2k MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

WS2IFSL
07/01/2011 15:05:21, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the

AFD service which failed to start because of the following error: A device attached to the system is not

functioning.
07/01/2011 15:05:21, error: Service Control Manager [7001] - The McShield service depends on the McAfee

Validation Trust Protection Service service which failed to start because of the following error: The

dependency service or group failed to start.
07/01/2011 15:05:21, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service

service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A

device attached to the system is not functioning.
07/01/2011 15:05:21, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the

McAfee Firewall Core Service service which failed to start because of the following error: The dependency

service or group failed to start.
07/01/2011 15:05:21, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service

depends on the McAfee Firewall Core Service service which failed to start because of the following error: The

dependency service or group failed to start.
07/01/2011 15:05:21, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the

McAfee Firewall Core Service service which failed to start because of the following error: The dependency

service or group failed to start.
07/01/2011 15:05:21, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends

on the McAfee Validation Trust Protection Service service which failed to start because of the following

error: The dependency service or group failed to start.
07/01/2011 15:05:21, error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on

the McAfee Firewall Core Service service which failed to start because of the following error: The dependency

service or group failed to start.
07/01/2011 15:05:21, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC

driver service which failed to start because of the following error: A device attached to the system is not

functioning.
07/01/2011 15:05:21, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP

Protocol Driver service which failed to start because of the following error: A device attached to the system

is not functioning.
07/01/2011 15:05:21, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios

over Tcpip service which failed to start because of the following error: A device attached to the system is

not functioning.
07/01/2011 15:05:21, error: Service Control Manager [7001] - The Bonjour Service service depends on the

TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the

system is not functioning.
07/01/2011 15:05:21, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the

TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the

system is not functioning.
07/01/2011 15:05:09, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
07/01/2011 15:02:28, error: System Error [1003] - Error code 1000000a, parameter1 00bc55d4, parameter2

00000002, parameter3 00000000, parameter4 8053b8ab.

==== End Of File ===========================

5
Contributors
60
Replies
61
Views
6 Years
Discussion Span
Last Post by gerbil
Featured Replies
  • Do the following: Please download [B]ComboFix by sUBs[/B] from [url]http://www.bleepingcomputer.com/download/anti-virus/combofix[/url] Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page. • You must download it … Read More

  • 1. Please [b][u]open Notepad[/u][/b][list] [*] Click [b]Start[/b] , then [b]Run[/b] [*]Type[b] notepad.exe[/b] in the Run Box.[/list] 2. Now [b]copy/paste[/b] the entire content of the codebox below into the Notepad window: [CODE] KillAll:: Folder:: c:\documents and settings\All Users\Application Data\nJpCf06504 RegLock:: [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}][/CODE] [i][b][color=#CC0000]Note: the above code was created specifically for this … Read More

  • Download [URL=http://oldtimer.geekstogo.com/OTL.exe][b]OTL[/b][/URL] to your Desktop. * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. * Under the [b]Custom Scan[/b] box paste this in: [B] netsvcs %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys … Read More

  • All over now :). Please go to [url=http://virusscan.jotti.org/][u]Jotti's[/u][/url] or to [url=http://www.virustotal.com/][u]virustotal[/u][/url] and have this file scanned. Post the results back here. C:\Dkswtchw.exe =============================== Run OTL [list] [*]Under the [color="#0000FF"][b]Custom Scans/Fixes[/b][/color] box at the bottom, paste in the following [code] :OTL O3 - HKU\S-1-5-21-1087212941-1706535999-453650722-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID … Read More

  • 1

    The ACMRU key records Most Recent Used uses of the Search Assistant [eg, you search for a file with Search in Explorer, the detail is recorded there. But it does not have to be user searches that get entered there, as shown by this one: iexplore.exe http;//clickport.org /ac.php?aid=5&cid=direct2 There may … Read More

0

MBAM log as requested


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

07/01/2011 15:45:59
mbam-log-2011-01-07 (15-45-59).txt

Scan type: Quick scan
Objects scanned: 247965
Time elapsed: 39 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 3
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Security Central (Rogue.SecurityCentral) -> Value: Security Central -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\nuala\start menu\security central (Rogue.SecurityCentral) -> Quarantined and deleted successfully.
c:\documents and settings\tony\start menu\security central (Rogue.SecurityCentral) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
c:\downloads\thelostcityofgoldsetup-dm[1].exe (Adware.TryMedia) -> Quarantined and deleted successfully.
c:\downloads\wobblybobbly-dm[1].exe (Adware.TryMedia) -> Quarantined and deleted successfully.
c:\documents and settings\nuala\application data\Adobe\plugs\kb25652703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\nuala\application data\Adobe\plugs\kb25684234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\macromedia\SwUpdate\Local.dtd (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\macromedia\SwUpdate\Ui.dtd (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\nuala\application data\microsoft\internet explorer\quick launch\security central.lnk (Rogue.SecurityCentral) -> Quarantined and deleted successfully.
c:\documents and settings\tony\application data\microsoft\internet explorer\quick launch\security central.lnk (Rogue.SecurityCentral) -> Quarantined and deleted successfully.
c:\documents and settings\tony\local settings\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\nuala\local settings\Temp\pdfupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\nuala\Desktop\system tool 2011.lnk (Rogue.SystemTool) -> Quarantined and deleted successfully.
c:\documents and settings\nuala\start menu\security central\security central.lnk (Rogue.SecurityCentral) -> Quarantined and deleted successfully.
c:\documents and settings\tony\start menu\security central\security central.lnk (Rogue.SecurityCentral) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.

0

Any ideas on this one.....?

S3 gel90xne;gel90xne;\??\c:\docume~1\roisin\locals~1\temp\gel90xne.sys --> c:\docume~1\roisin\locals~1\temp\gel90xne.sys [?]

2011-01-04 19:46:37 53248 ----a-w- c:\windows\system32\drivers\sst6BA.sys
2011-01-04 19:46:37 0 ----a-w- c:\windows\system32\drivers\sst6BA.tmp
2011-01-04 19:46:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\nJpCf06504

Do you know what these are?

At quick glance, these smell of Rootkit to me.

I imagine Judy will concur....

PP:)

1

Do the following:
Please download ComboFix by sUBs from

http://www.bleepingcomputer.com/download/anti-virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..
• Then post back here with that log and a new scan log from HiJackThis.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

0

Downloaded Combofix as requested.

I disabled AV scanner before running but conbofix needed to reboot and this re-enabled AV. It didn't seem to interfere with the scans though. Combofix wanted to install Microsoft recovery console but couldn't as the computer was disconnected from the internet. The scan then continued.

Combofix log:

ComboFix 11-01-17.04 - nuala 18/01/2011 12:08:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.514 [GMT 0:00]
Running from: c:\documents and settings\nuala\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\B32.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\B64.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Flags.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UA.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UAcpt.dtd
c:\documents and settings\eoghan\Application Data\alot
c:\documents and settings\nuala\Application Data\.#
c:\documents and settings\nuala\Application Data\.#\MBX@164C@384160.###
c:\documents and settings\nuala\Application Data\.#\MBX@164C@384190.###
c:\documents and settings\nuala\Application Data\.#\MBX@164C@3841C0.###
c:\documents and settings\nuala\Application Data\Adobe\AdobeUpdate .exe
c:\documents and settings\nuala\Application Data\Adobe\plugs
c:\documents and settings\nuala\Application Data\alot
c:\documents and settings\nuala\System
c:\documents and settings\nuala\System\win_qs8.jqx
c:\documents and settings\roisin\Application Data\alot
c:\windows\system32\drivers\sst6BA.sys

c:\windows\system32\drivers\asyncmac.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\asyncmac.sys

.
((((((((((((((((((((((((( Files Created from 2010-12-18 to 2011-01-18 )))))))))))))))))))))))))))))))
.

2011-01-18 12:43 . 2008-04-13 18:57 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys
2011-01-18 12:43 . 2008-04-13 18:57 14336 ----a-w- c:\windows\system32\dllcache\asyncmac.sys
2011-01-14 11:19 . 2011-01-14 11:19 -------- d-----w- c:\program files\MSECache
2011-01-11 14:52 . 2011-01-11 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-11 14:52 . 2011-01-13 08:22 -------- d-----w- c:\documents and settings\nuala\Application Data\SUPERAntiSpyware.com
2011-01-11 14:52 . 2011-01-13 08:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-11 14:41 . 2011-01-11 14:43 -------- d-----w- c:\program files\SanityCheck
2011-01-11 14:41 . 2010-08-23 17:07 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2011-01-11 14:15 . 2004-08-10 04:00 4608 ----a-w- C:\msimg32.dll
2011-01-11 12:08 . 2011-01-11 12:08 388096 ----a-r- c:\documents and settings\nuala\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-01-10 15:50 . 2011-01-10 15:50 -------- d-----w- c:\documents and settings\nuala\Application Data\Uniblue
2011-01-10 15:49 . 2011-01-10 15:49 -------- d-----w- c:\documents and settings\nuala\Local Settings\Application Data\PackageAware
2011-01-10 15:20 . 2011-01-10 15:20 -------- d-----w- c:\documents and settings\nuala\Local Settings\Application Data\NokiaAccount
2011-01-10 14:46 . 2011-01-10 14:48 -------- dc-h--w- c:\windows\ie8
2011-01-10 14:20 . 2011-01-10 14:36 -------- d-----w- c:\documents and settings\Nuala_2
2011-01-10 11:12 . 2011-01-10 11:12 -------- d-----w- c:\program files\TrendMicro
2011-01-07 19:53 . 2011-01-07 19:53 664 ----a-w- c:\documents and settings\roisin\Local Settings\Application Data\d3d9caps.tmp
2011-01-07 19:50 . 2011-01-07 19:52 -------- d-----w- c:\documents and settings\roisin\Local Settings\Application Data\AskToolbar
2011-01-07 19:49 . 2011-01-07 19:50 -------- d-----w- c:\documents and settings\roisin\Local Settings\Application Data\Zynga
2011-01-07 19:46 . 2011-01-07 19:46 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-07 19:26 . 2011-01-07 19:26 -------- d-----w- c:\documents and settings\roisin\Application Data\Malwarebytes
2011-01-07 16:32 . 2011-01-07 16:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-01-07 16:29 . 2011-01-07 16:29 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-01-07 16:28 . 2011-01-07 16:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-01-07 16:04 . 2011-01-07 16:05 -------- d-----w- c:\program files\jv16 PowerTools
2011-01-07 15:06 . 2011-01-07 15:06 -------- d-----w- c:\documents and settings\nuala\Application Data\Malwarebytes
2011-01-07 15:05 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-07 15:05 . 2011-01-07 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-07 15:05 . 2011-01-10 16:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-07 15:05 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-04 19:46 . 2011-01-04 19:46 0 ----a-w- c:\windows\system32\drivers\sst6BA.tmp
2011-01-04 19:46 . 2011-01-06 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\nJpCf06504
2011-01-01 22:19 . 2011-01-01 22:19 -------- d-----w- c:\documents and settings\nuala\Application Data\dingogames
2011-01-01 22:19 . 2011-01-01 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\dingogames
2011-01-01 22:16 . 2011-01-01 22:16 -------- d-----w- c:\program files\Tasty Planet - Back for Seconds
2011-01-01 19:41 . 2011-01-01 19:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Zynga
2010-12-27 23:27 . 2010-12-27 23:27 -------- d-----w- c:\documents and settings\nuala\Application Data\gogii
2010-12-23 19:19 . 2010-12-23 19:19 -------- d-----w- c:\documents and settings\nuala\Application Data\SpinTop Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2005-08-16 03:40 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-06 00:26 . 2005-08-16 03:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2005-08-16 03:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2005-08-16 03:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2005-08-16 03:18 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2005-08-16 03:18 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2005-08-16 03:18 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2005-08-16 03:18 1853312 ----a-w- c:\windows\system32\win32k.sys
2009-04-09 18:55 . 2009-04-09 18:55 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-16 11:56 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"gupdate1ca33e2b1ed34fe"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [25/08/2010 18:48 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [29/09/2008 14:40 206096]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [25/08/2010 18:47 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [25/08/2010 18:47 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [25/08/2010 18:48 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [25/08/2010 18:48 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [25/08/2010 18:48 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [25/08/2010 18:48 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [25/08/2010 18:48 88544]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [01/09/2010 18:35 36608]
S3 gel90xne;gel90xne;\??\c:\docume~1\roisin\LOCALS~1\Temp\gel90xne.sys --> c:\docume~1\roisin\LOCALS~1\Temp\gel90xne.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [25/08/2010 18:48 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [25/08/2010 18:48 84264]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [11/01/2011 14:41 27192]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [01/09/2010 18:49 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [01/09/2010 18:49 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [01/09/2010 18:49 121856]
S4 gupdate1ca33e2b1ed34fe;Google Update Service (gupdate1ca33e2b1ed34fe);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2011-01-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1087212941-1706535999-453650722-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2011-01-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1087212941-1706535999-453650722-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2011-01-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1087212941-1706535999-453650722-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2011-01-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1087212941-1706535999-453650722-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2011-01-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1087212941-1706535999-453650722-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2011-01-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1087212941-1706535999-453650722-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2011-01-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1087212941-1706535999-453650722-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2011-01-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1087212941-1706535999-453650722-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2010-12-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1087212941-1706535999-453650722-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2011-01-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1087212941-1706535999-453650722-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2011-01-18 c:\windows\Tasks\User_Feed_Synchronization-{B427C990-FFD1-4FA9-9075-0E8B9A76A1B3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
uInternet Settings,ProxyServer = gateway.fasoffice.com:80
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Open with Zoho Office Suite - file://c:/Program Files/zoho/zoho.htm
FF - ProfilePath - c:\documents and settings\nuala\Application Data\Mozilla\Firefox\Profiles\p2lwzp0o.default\
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{7F312B9A-208B-49FA-8218-B9AA22EC1463} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-18 12:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-01-18 13:04:04
ComboFix-quarantined-files.txt 2011-01-18 13:03

Pre-Run: 64,979,394,560 bytes free
Post-Run: 65,282,338,816 bytes free

- - End Of File - - 90BDB5E363F0A6C85C683B99A8261B01

________________

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 14:08:19, on 18/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gateway.fasoffice.com:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101105163932.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O8 - Extra context menu item: Open with Zoho Office Suite - file://c:/Program Files/zoho/zoho.htm
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7579 bytes

______________________

Thanks for the help

0

Go into Scheduled Tasks and remove everything from there, none of those are needed.
You also have used the wrong version of HiJackThis. You have used the older beta version. Please uninstall this and install the newest version, from this link,
http://free.antivirus.com/hijackthis/
following these instructions:
1. Download and install HijackThis. You will need to download both the Installer and Executable files.
1. Download Installer (See links above)
2. Download Executable (See links above)

2. Once installed, open HijackThis by clicking Start > Program Files > HijackThis and click the button labeled "Do a system scan only".

3. Once the scan is complete, click the AnalyzeThis button. A web page will open containing helpful information regarding HijackThis.
Note: Once the scan is complete, the scan button will read "Save log". You may save the log file to your PC. Once you select where you would like to save the file, it will open in your system's default text editor. Typically this application is Notepad.

Also please do the following:
Please download JavaRa to your desktop and unzip it to its own folder

* Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
* Accept any prompts.
* Open JavaRa.exe again and select Search For Updates.
* Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

0

Thanks for the prompt reply.

I followed your instructions. Everything ran as it should but when I click the AnalyseThis button, I get a message saying that the AnalyseThis feature is incompatible withe these versions of Windows. I am running ver 2.04

Heres the logfile

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:12:39, on 19/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gateway.fasoffice.com:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101105163932.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O8 - Extra context menu item: Open with Zoho Office Suite - file://c:/Program Files/zoho/zoho.htm
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7632 bytes

1

1. Please open Notepad Click Start , then Run
Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:



KillAll::

Folder::
c:\documents and settings\All Users\Application Data\nJpCf06504

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter youre-enable all the programs that were disabled during the running of ComboFix:Combofix.txt
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Attachments CFScript.gif 27.09 KB
0

As requested, please find attached combofix.txt

Regards,

ComboFix 11-01-18.04 - nuala 19/01/2011 11:49:41.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.625 [GMT 0:00]
Running from: c:\documents and settings\nuala\Desktop\Fixers\ComboFix.exe
Command switches used :: c:\documents and settings\nuala\Desktop\Fixers\cfscript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\nJpCf06504
c:\documents and settings\All Users\Application Data\nJpCf06504\nJpCf06504

.
((((((((((((((((((((((((( Files Created from 2010-12-19 to 2011-01-19 )))))))))))))))))))))))))))))))
.

2011-01-19 08:53 . 2011-01-19 08:53 388096 ----a-r- c:\documents and settings\nuala\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-19 08:53 . 2011-01-19 08:53 -------- d-----w- c:\program files\Trend Micro
2011-01-18 12:43 . 2008-04-13 18:57 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys
2011-01-18 12:43 . 2008-04-13 18:57 14336 ----a-w- c:\windows\system32\dllcache\asyncmac.sys
2011-01-14 11:19 . 2011-01-14 11:19 -------- d-----w- c:\program files\MSECache
2011-01-11 14:52 . 2011-01-11 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-11 14:52 . 2011-01-13 08:22 -------- d-----w- c:\documents and settings\nuala\Application Data\SUPERAntiSpyware.com
2011-01-11 14:52 . 2011-01-13 08:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-11 14:41 . 2011-01-11 14:43 -------- d-----w- c:\program files\SanityCheck
2011-01-11 14:41 . 2010-08-23 17:07 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2011-01-11 14:15 . 2004-08-10 04:00 4608 ----a-w- C:\msimg32.dll
2011-01-10 15:50 . 2011-01-10 15:50 -------- d-----w- c:\documents and settings\nuala\Application Data\Uniblue
2011-01-10 15:49 . 2011-01-10 15:49 -------- d-----w- c:\documents and settings\nuala\Local Settings\Application Data\PackageAware
2011-01-10 15:20 . 2011-01-10 15:20 -------- d-----w- c:\documents and settings\nuala\Local Settings\Application Data\NokiaAccount
2011-01-10 14:46 . 2011-01-10 14:48 -------- dc-h--w- c:\windows\ie8
2011-01-10 14:20 . 2011-01-10 14:36 -------- d-----w- c:\documents and settings\Nuala_2
2011-01-10 11:12 . 2011-01-10 11:12 -------- d-----w- c:\program files\TrendMicro
2011-01-07 19:53 . 2011-01-07 19:53 664 ----a-w- c:\documents and settings\roisin\Local Settings\Application Data\d3d9caps.tmp
2011-01-07 19:50 . 2011-01-07 19:52 -------- d-----w- c:\documents and settings\roisin\Local Settings\Application Data\AskToolbar
2011-01-07 19:49 . 2011-01-07 19:50 -------- d-----w- c:\documents and settings\roisin\Local Settings\Application Data\Zynga
2011-01-07 19:46 . 2011-01-07 19:46 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-07 19:26 . 2011-01-07 19:26 -------- d-----w- c:\documents and settings\roisin\Application Data\Malwarebytes
2011-01-07 16:32 . 2011-01-07 16:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-01-07 16:29 . 2011-01-07 16:29 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-01-07 16:28 . 2011-01-07 16:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-01-07 16:04 . 2011-01-07 16:05 -------- d-----w- c:\program files\jv16 PowerTools
2011-01-07 15:06 . 2011-01-07 15:06 -------- d-----w- c:\documents and settings\nuala\Application Data\Malwarebytes
2011-01-07 15:05 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-07 15:05 . 2011-01-07 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-07 15:05 . 2011-01-10 16:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-07 15:05 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-04 19:46 . 2011-01-04 19:46 0 ----a-w- c:\windows\system32\drivers\sst6BA.tmp
2011-01-01 22:19 . 2011-01-01 22:19 -------- d-----w- c:\documents and settings\nuala\Application Data\dingogames
2011-01-01 22:19 . 2011-01-01 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\dingogames
2011-01-01 22:16 . 2011-01-01 22:16 -------- d-----w- c:\program files\Tasty Planet - Back for Seconds
2011-01-01 19:41 . 2011-01-01 19:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Zynga
2010-12-27 23:27 . 2010-12-27 23:27 -------- d-----w- c:\documents and settings\nuala\Application Data\gogii
2010-12-23 19:19 . 2010-12-23 19:19 -------- d-----w- c:\documents and settings\nuala\Application Data\SpinTop Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-19 09:06 . 2009-04-09 18:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-19 09:06 . 2010-09-07 16:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-18 18:12 . 2005-08-16 03:40 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-06 00:26 . 2005-08-16 03:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2005-08-16 03:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2005-08-16 03:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2005-08-16 03:18 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2005-08-16 03:18 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2005-08-16 03:18 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2005-08-16 03:18 1853312 ----a-w- c:\windows\system32\win32k.sys
2009-04-09 18:55 . 2009-04-09 18:55 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-16 11:56 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"gupdate1ca33e2b1ed34fe"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [25/08/2010 18:48 84072]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [25/08/2010 18:48 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [25/08/2010 18:48 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [25/08/2010 18:48 88544]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [25/08/2010 18:48 55840]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [01/09/2010 18:35 36608]
S3 gel90xne;gel90xne;\??\c:\docume~1\roisin\LOCALS~1\Temp\gel90xne.sys --> c:\docume~1\roisin\LOCALS~1\Temp\gel90xne.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [25/08/2010 18:48 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [25/08/2010 18:48 84264]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [11/01/2011 14:41 27192]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [01/09/2010 18:49 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [01/09/2010 18:49 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [01/09/2010 18:49 121856]
S4 gupdate1ca33e2b1ed34fe;Google Update Service (gupdate1ca33e2b1ed34fe);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [29/09/2008 14:40 206096]
S4 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [25/08/2010 18:47 271480]
S4 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [25/08/2010 18:47 271480]
S4 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [25/08/2010 18:48 188136]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
uInternet Settings,ProxyServer = gateway.fasoffice.com:80
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Open with Zoho Office Suite - file://c:/Program Files/zoho/zoho.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-19 12:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(556)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\bgsvcgen.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-01-19 12:41:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-19 12:40
ComboFix2.txt 2011-01-18 13:04

Pre-Run: 65,262,170,112 bytes free
Post-Run: 65,260,711,936 bytes free

- - End Of File - - 34B7FE72C1AB2403B154149CD007D394

0

It appeared at first as if the problem was resolved so I re-enabled McAfee and restarted the pc. The error messages resumed and iexplore.exe appears in task manager as a process from startup.

I suspected McAfee so I completely uninstalled it (something I was reluctant to do as its not my pc). Unfortuneately, on restart the problem is not gone away. What the hell?
:confused:

1

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
0

Unfortunately, I can't download OTL from behind my work firewall so I'll have to do it tonight.

0

Wondering what this one is, also:
2011-01-08 14:10:54 88 --sh--r- c:\windows\system32\AD53B5037A.sys
DDS has it in 3M, but not CF.... something to do with divx? - it appeared on the sys at close to that time...
And this one is still there..
S3: gel90xne.sys

[just trying not to get way out of touch, or step too often on your's an PP's toes, crunchie.. :)]

Edited by gerbil: n/a

0

Wondering what this one is, also:
2011-01-08 14:10:54 88 --sh--r- c:\windows\system32\AD53B5037A.sys
DDS has it in 3M, but not CF.... something to do with divx? - it appeared on the sys at close to that time...

Would be worth uploading to Jotti

And this one is still there..
S3: gel90xne.sys

The ? after the line shows that it probably no longer exists on the machine.

0

I ran OTL scanner and these are the log files:

OTL.TXT

OTL logfile created on: 21/01/2011 08:48:00 - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\nuala\Desktop\otl
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 627.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.08 Gb Total Space | 60.96 Gb Free Space | 56.93% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 36.97 Gb Free Space | 99.27% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 30.24 Gb Total Space | 15.59 Gb Free Space | 51.55% Space Free | Partition Type: FAT32

Computer Name: D177MG2J | User Name: nuala | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/20 15:49:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nuala\Desktop\otl\OTL.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 07:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe


========== Modules (SafeList) ==========

MOD - [2011/01/20 15:49:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nuala\Desktop\otl\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 00:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (gupdate1ca33e2b1ed34fe) Google Update Service (gupdate1ca33e2b1ed34fe)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/08/27 15:36:34 | 000,111,912 | ---- | M] (SingleClick Systems) [Disabled | Stopped] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/08/09 07:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV - [2010/08/23 17:07:28 | 000,027,192 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rspSanity32.sys -- (rspSanity)
DRV - [2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/11/16 09:21:50 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/09/21 08:55:36 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/09/21 08:55:36 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/09/21 08:55:36 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 18:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/03 12:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 12:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616obex.sys -- (s616obex)
DRV - [2007/04/03 12:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007/04/03 12:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 12:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 12:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007/04/03 12:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2006/12/18 18:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/02/10 17:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/05/11 00:33:12 | 000,032,256 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/11/17 20:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 20:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 20:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = gateway.fasoffice.com:80

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = gateway.fasoffice.com:80

IE - HKU\S-1-5-21-1087212941-1706535999-453650722-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKU\S-1-5-21-1087212941-1706535999-453650722-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1087212941-1706535999-453650722-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1087212941-1706535999-453650722-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = gateway.fasoffice.com:80

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/16 11:58:26 | 000,000,000 | ---D | M]

[2008/02/19 18:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nuala\Application Data\Mozilla\Firefox\Profiles\p2lwzp0o.default\extensions
[2008/02/19 18:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nuala\Application Data\Mozilla\Firefox\Profiles\p2lwzp0o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/20 15:56:16 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Documents and Settings\nuala\Application Data\Mozilla\Firefox\Profiles\p2lwzp0o.default\extensions\DefaultManager@Microsoft
[2008/02/19 18:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nuala\Application Data\Mozilla\Firefox\Profiles\p2lwzp0o.default\extensions\staged-xpis
[2010/03/20 20:03:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/15 19:39:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2005/04/27 20:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2006/09/26 11:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2011/01/19 12:24:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKU\S-1-5-21-1087212941-1706535999-453650722-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1087212941-1706535999-453650722-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1087212941-1706535999-453650722-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1087212941-1706535999-453650722-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1087212941-1706535999-453650722-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\nuala\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\nuala\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/21 08:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nuala\Desktop\otl
[2011/01/19 12:20:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/01/19 11:26:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/01/19 08:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nuala\Start Menu\Programs\HiJackThis
[2011/01/19 08:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/18 09:19:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/18 09:19:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/18 09:19:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/18 09:19:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/18 09:15:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/18 09:12:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/14 11:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/01/13 09:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nuala\Desktop\Fixers
[2011/01/13 08:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nuala\My Documents\My Received Files
[2011/01/11 14:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/11 14:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nuala\Application Data\SUPERAntiSpyware.com
[2011/01/11 14:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/11 14:41:18 | 000,027,192 | ---- | C] (Resplendence Software Projects Sp.) -- C:\WINDOWS\System32\drivers\rspSanity32.sys
[2011/01/11 14:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\SanityCheck
[2011/01/11 14:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SanityCheck
[2011/01/11 14:23:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/01/10 15:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nuala\Application Data\Uniblue
[2011/01/10 15:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nuala\Local Settings\Application Data\PackageAware
[2011/01/10 15:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nuala\Local Settings\Application Data\NokiaAccount
[2011/01/10 14:46:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/01/10 11:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2011/01/10 10:50:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nuala\Recent
[2011/01/07 16:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\jv16 PowerTools
[2011/01/07 16:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools
[2011/01/07 15:59:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/01/07 15:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nuala\Application Data\Malwarebytes
[2011/01/07 15:05:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/07 15:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/07 15:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/07 15:05:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/07 15:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/01 22:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nuala\Application Data\dingogames
[2011/01/01 22:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\dingogames
[2011/01/01 22:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\Tasty Planet - Back for Seconds
[2011/01/01 19:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Zynga
[2010/12/27 23:27:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nuala\Application Data\gogii
[2010/12/23 19:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nuala\Application Data\SpinTop Games
[2009/04/09 18:55:52 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/20 11:12:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/20 11:12:06 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/20 11:12:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/19 12:24:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/19 09:12:49 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\nuala\Desktop\HiJackThis.lnk
[2011/01/18 09:04:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\nuala\My Documents\log
[2011/01/14 11:56:32 | 000,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/12 10:58:45 | 000,001,795 | ---- | M] () -- C:\WINDOWS\CDSEUNST.INI
[2011/01/10 16:26:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/10 15:34:09 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\nuala\Desktop\Downloaded Program Updates.lnk
[2011/01/10 15:17:34 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/10 15:17:34 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/10 15:01:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/10 14:51:52 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\nuala\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/10 12:37:51 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2011/01/08 14:10:55 | 000,004,236 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/01/08 14:10:54 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\AD53B5037A.sys
[2011/01/07 20:05:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/04 20:06:27 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\u8jp2jdUZZQky1
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/19 08:53:32 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\nuala\Desktop\HiJackThis.lnk
[2011/01/18 09:19:57 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/18 09:19:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/18 09:19:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/18 09:19:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/18 09:19:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/18 09:04:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\nuala\My Documents\log
[2011/01/11 14:44:45 | 1063,407,616 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/10 12:08:40 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/01/07 15:05:35 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/04 20:06:27 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\u8jp2jdUZZQky1
[2010/09/01 18:35:32 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/09/01 18:35:32 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/09/01 18:34:57 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\nuala\Application Data\$_hpcst$.hpc
[2010/08/27 13:02:00 | 000,106,520 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/22 14:10:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2009/12/13 17:39:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2009/10/30 19:28:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ResortingToDanger.INI
[2008/07/15 14:43:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2008/06/09 21:08:47 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\nuala\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/29 07:48:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/03 20:16:20 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/06/13 20:12:06 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/08 15:54:53 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2007/04/07 18:21:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/03/12 15:53:23 | 001,339,474 | ---- | C] () -- C:\WINDOWS\Uninstallvusb.dll
[2007/01/10 20:07:33 | 000,001,795 | ---- | C] () -- C:\WINDOWS\CDSEUNST.INI
[2007/01/05 22:08:08 | 000,000,042 | ---- | C] () -- C:\WINDOWS\AcrobatSetupStatus.ini
[2007/01/05 22:04:17 | 000,000,243 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/24 14:00:45 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\nuala\Application Data\dvd.bmk
[2006/12/24 12:56:11 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/12/22 13:06:31 | 000,000,058 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2006/11/02 11:47:58 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/11/02 11:28:36 | 000,001,902 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/10/25 18:40:20 | 000,009,950 | ---- | C] () -- C:\Documents and Settings\nuala\Application Data\wklnhst.dat
[2006/09/19 20:38:49 | 000,004,236 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/19 20:38:49 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\AD53B5037A.sys
[2006/09/18 12:43:45 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/09/17 18:03:05 | 000,003,918 | ---- | C] () -- C:\WINDOWS\Solitaire.ini
[2006/09/17 18:03:04 | 000,435,712 | ---- | C] () -- C:\WINDOWS\System32\libmng.dll
[2006/09/15 14:24:43 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\nuala\Local Settings\Application Data\fusioncache.dat
[2006/09/15 13:16:24 | 000,000,225 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/09/13 18:09:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/13 18:04:22 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/13 17:59:59 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/13 17:34:00 | 000,000,475 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 13:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== LOP Check ==========

[2010/10/16 21:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2007/12/30 16:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2010/03/05 20:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2010/12/08 21:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Splash Games
[2009/11/20 21:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2009/08/23 15:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CasualForge
[2005/08/16 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/01/01 22:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dingogames
[2010/01/23 14:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/07/25 17:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2010/10/09 21:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Fishes
[2010/01/01 22:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Frenzy
[2009/05/20 20:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2009/05/20 19:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2010/01/02 20:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2010/01/11 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America
[2010/07/24 22:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/09/25 19:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/04/26 12:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/11/23 17:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2009/08/15 17:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2010/12/27 23:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010/03/31 10:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happyville__
[2009/08/23 13:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2010/04/07 20:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/04/29 14:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2010/03/06 20:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/12/10 16:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2009/12/23 11:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/03/26 21:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/11/13 15:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/05/10 17:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2010/09/26 20:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NatGeoGames
[2010/03/08 19:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2009/05/20 13:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2010/01/24 16:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/08/27 10:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2009/12/25 22:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2006/09/18 12:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2010/07/25 17:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2009/08/03 19:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/25 23:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/12/21 16:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/10/09 19:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2010/03/30 22:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2009/12/10 17:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Questtracers
[2009/12/11 20:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rionix
[2010/09/01 18:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009/12/13 13:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2007/03/20 19:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2009/10/29 16:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2009/12/30 23:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprouts Adventure
[2010/02/14 15:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2010/06/15 12:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2011/01/12 09:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/23 18:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TikGames
[2010/02/12 21:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2009/05/16 11:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XLab
[2009/05/02 12:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/10/30 23:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2007/01/20 13:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eoghan\Application Data\Image Zone Express
[2006/09/19 14:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eoghan\Application Data\Otto
[2008/10/16 19:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eoghan\Application Data\PC Suite
[2008/07/27 10:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eoghan\Application Data\Teleca
[2006/12/14 17:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eoghan\Application Data\Template
[2010/06/29 20:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eoghan\Application Data\Zylom
[2007/12/29 13:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2010/12/14 19:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/02/12 20:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\2monkeys
[2009/12/04 19:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Alawar
[2010/04/22 19:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Amaranth Games
[2009/08/03 12:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\BAMZOOKi
[2010/05/07 19:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Big Fish Games
[2010/12/08 21:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Big Splash Games
[2009/11/20 21:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\blg
[2010/12/23 22:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Boolat Games
[2010/03/09 21:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\cerasus.media
[2009/12/06 10:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Chicken Chase
[2011/01/01 22:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\dingogames
[2009/11/18 15:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\EleFun Games
[2009/12/06 12:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Fever Frenzy
[2010/07/24 22:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Flood Light Games
[2009/11/09 20:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Freezetag
[2010/10/01 19:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Friday's games
[2009/05/10 17:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\GameHouse
[2009/10/25 12:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\GameHousev1001
[2010/04/02 18:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Gamelab
[2010/06/17 18:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\GamesCafe
[2009/12/07 16:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Go-Go Gourmet Chef of the Year
[2010/12/27 23:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\gogii
[2009/11/20 17:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\GraveyardShift
[2009/11/20 19:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Home Sweet Home
[2009/11/20 20:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Home Sweet Home 2
[2009/11/20 20:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Home Sweet Home Christmas
[2010/06/16 19:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Hotdog Hotshot
[2007/11/19 17:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Image Zone Express
[2009/10/31 09:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\iWin
[2009/04/20 19:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Jane s Hotel Family Hero
[2006/10/26 13:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Leadertech
[2010/10/01 21:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Lonely Troops
[2009/12/04 18:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Ludia
[2009/08/18 19:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Meridian93
[2010/03/26 21:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Merscom
[2007/03/28 11:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\MSNInstaller
[2010/04/20 18:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\My Games
[2009/12/30 21:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\MysteryStudio
[2010/09/26 20:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\NatGeoGames
[2010/06/16 18:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\NevoSoft Games
[2007/03/20 18:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\OLYMPUS
[2008/07/07 14:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\PC Suite
[2010/01/01 19:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\PetShowCraze
[2010/12/21 16:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\PlayFirst
[2009/12/08 15:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Playrix Entertainment
[2010/03/30 22:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\PoBros
[2007/11/19 17:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Printer Info Cache
[2010/09/01 18:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Samsung
[2008/10/07 17:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\SmartDraw
[2009/05/10 13:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\SpinTop
[2010/12/23 19:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\SpinTop Games
[2010/12/08 19:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Supermarket Mania 2
[2008/07/17 07:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Teleca
[2006/11/08 15:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Template
[2009/11/23 18:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\TikGames
[2010/04/15 18:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Total Eclipse
[2010/03/06 21:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\TripleHippo
[2010/03/15 20:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Ubisoft
[2011/01/10 15:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Uniblue
[2010/02/12 21:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\ValuSoft
[2010/03/14 17:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Virtual Prophecy
[2010/09/26 19:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\YoudaGames
[2006/11/25 09:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\123 Free Puzzle
[2007/02/24 12:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\123 Free Solitaire for Children
[2007/12/30 16:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\AVG7
[2007/03/26 11:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\Bamzooki
[2010/01/31 18:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\Boomzap
[2009/01/17 13:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\Free Spider TreeCardGames
[2007/10/08 18:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\Image Zone Express
[2006/09/19 20:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\Leadertech
[2010/04/04 12:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\My Games
[2009/03/05 18:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\OLYMPUS
[2006/09/18 14:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\Otto
[2008/06/19 14:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\PC Suite
[2009/12/03 20:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\PlayFirst
[2009/08/21 19:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\SpinTop
[2009/01/23 15:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\Teleca
[2006/10/28 09:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\Template

========== Purity Check ==========

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[1995/10/17 23:00:00 | 000,004,864 | ---- | M] () -- C:\Dkswtchw.exe


< MD5 for: AGP440.SYS >
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/10 11:05:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/10 11:05:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/10 11:05:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/10 11:05:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 00:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2005/08/16 03:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 03:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 03:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9EC86225
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71FA8B7F
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C282BEA
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D43DBBD1
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4A1B920
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E927D7D
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6881EE7
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2F19DA0
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A6D6CB4
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDEB08FD
@Alternate Data Stream - 420 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74A6F815
@Alternate Data Stream - 314 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D5196DD
@Alternate Data Stream - 302 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07557E0B
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BCDC6E07
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56F368C9
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A01545C
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A4BF204
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA8D6B60
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9256664B
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD000392
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A74923C
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1023D41
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:759B7D6F
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E17A249
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F43B7E8F
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E883A78D
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF24D911
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EB79F01
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05F547A9
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:895A78C5
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F41E22A9
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F19A4790
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3B5F2D1
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE9AC04F
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C6D0ABC3
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08801FDB
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03D08225
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A59DD4AD
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91FFEC32
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:816255C3
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CA557DB
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1585E7B2
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BAC2F271
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D6EAEC3
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90595C34
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D47B19A6
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7B70C4E
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A448DB2
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C201DEB
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0915A718
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62525FE7
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:393F7B1E
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10CFA7D4
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9FAC3AB
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8DFD30C
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE95FE7
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E243396
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A966CC2
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93B0BB6F
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33384BC0
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF9C44FE
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D0C3F21
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36A39835
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F96ED45
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04BB186B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7F6E6CB
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E774F04D
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D354012D
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE98C8DF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9547F1DB
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E945C214
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4FCDFD9
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6285236
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:163B8B93
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D994162E
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBCB4421
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72DFB801
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B2BD056
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8999FD56
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EAFDE57
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F7A10DD
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9987109
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C611D6C8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:937C8022
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8140CB50
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80E965A3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C678471
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1170D6E4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10F6E97E
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F986CC21
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFF6B3FF
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77721732
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C08335F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:471AD3D0
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27790C06
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:052E15C3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F81E7082
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8DB81DC
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A2E219
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A18D1A5B
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F6F85C
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:817F0659
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8CB831A
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E29063FF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A05F750A
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E9900EE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:283BD7B3
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:162E02F7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E010546A
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD629819
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B09C4D9
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34B9286E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27F44544
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2512FA90
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B9E79B3
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED9B661E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E412AAF2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13AA281B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1037D53D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA99C0C
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD3C973
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63F8EC77
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F1019FF
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52B3B2D1
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40BAD1B0
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EC5D66C
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA7D76BE
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:896E1EFF
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66871744
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56C17A93
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517B507A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D52F295
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0860D6D6
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943E8182
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:495BE211
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22313216
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E962FBDB
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:971DCCE2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6401C7FF
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:331B76C7
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE6DC701
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DAC1F7
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD36B71
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6425A235
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E3D006
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F760FD47
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD26134
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A2862FF
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29629382
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC7C9796
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:778D008D
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A57500CB
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97995ED4
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79082DD2
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13DF9DD1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE1CB753
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7B98566
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA004D25
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EEDCEA2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B51CAAE
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A6BC948
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBF60A29
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B07EB05A
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A93CCA6B
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0A7408F
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94E6FED6
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A628F34
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78D5846B
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F5F4781
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FECEF728
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9EEB760
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABC3EA46
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:723E56EC
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB5BDBB0
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A633BE5
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7920E530
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33611CFB
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6BFFC4A
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D387C245
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B589BB23
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5460FB2E
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49EB0FDC
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E50C1C9
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:592D7272
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3118E26B
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A688EF17
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67BA17B9
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE6EED8B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0D17155
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C2A42C
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75E82066
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31D2961C
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15752405
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02A78DF6
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF

< End of report >

0

Had to post the 2 logs separately. I presume because the OTL.TXT log is so big

Extras.txt:

OTL Extras logfile created on: 21/01/2011 08:48:00 - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\nuala\Desktop\otl
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 627.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.08 Gb Total Space | 60.96 Gb Free Space | 56.93% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 36.97 Gb Free Space | 99.27% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 30.24 Gb Total Space | 15.59 Gb Free Space | 51.55% Space Free | Partition Type: FAT32

Computer Name: D177MG2J | User Name: nuala | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe" = C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08C1D270-DD63-4E4A-875B-1347C5998E08}" = Rugrats(TM)
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{12BE3579-A34B-47BD-A65C-82B1754E71E1}" = D4100
"{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1D2E8198-25CE-4901-B8EB-8587185C5776}" = Voyager USB Driver
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{3C97C9C5-1AF3-41B0-B61C-185C06C75EE6}" = D4100_Help
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"01 LFC strikers 2008-09" = 01 LFC strikers 2008-09
"123 Free Memory Card Games" = 123 Free Memory Card Games
"123 Free Puzzle" = 123 Free Puzzle
"123 Free Solitaire for Children" = 123 Free Solitaire for Children
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"EA Download Manager" = EA Download Manager
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"Free Solitaire" = Free Solitaire
"Free Spider" = Free Spider
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mastery Series Texas Holdem" = Mastery Series Texas Holdem
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"Poker Challenge v2.05_is1" = Poker Challenge v2.05
"PROSet" = Intel(R) PRO Network Connections Drivers
"QuickTime 3.0" = QuickTime 3.0
"RealPlayer 12.0" = RealPlayer
"SanityCheck_is1" = SanityCheck 2.01
"SystemRequirementsLab" = System Requirements Lab
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1087212941-1706535999-453650722-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/01/2011 11:36:29 | Computer Name = D177MG2J | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00ad2663.

Error - 20/01/2011 11:41:21 | Computer Name = D177MG2J | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00e735e7.

Error - 20/01/2011 11:45:00 | Computer Name = D177MG2J | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00ad2663.

Error - 20/01/2011 11:48:39 | Computer Name = D177MG2J | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00ad2663.

Error - 20/01/2011 11:49:52 | Computer Name = D177MG2J | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00e735e7.

Error - 20/01/2011 11:49:52 | Computer Name = D177MG2J | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00ad2663.

Error - 20/01/2011 11:51:05 | Computer Name = D177MG2J | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00ad2663.

Error - 20/01/2011 11:52:18 | Computer Name = D177MG2J | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00fb35e7.

Error - 20/01/2011 11:54:44 | Computer Name = D177MG2J | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00e735e7.

Error - 20/01/2011 12:03:15 | Computer Name = D177MG2J | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00ad2663.

[ System Events ]
Error - 20/01/2011 05:37:52 | Computer Name = D177MG2J | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 10.100.34.167. The machine with the IP address 10.100.34.122 did
not allow the name to be claimed by this machine.

Error - 20/01/2011 05:43:02 | Computer Name = D177MG2J | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 10.100.34.167. The machine with the IP address 10.100.34.122 did
not allow the name to be claimed by this machine.

Error - 20/01/2011 05:48:12 | Computer Name = D177MG2J | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 10.100.34.167. The machine with the IP address 10.100.34.122 did
not allow the name to be claimed by this machine.

Error - 20/01/2011 05:53:22 | Computer Name = D177MG2J | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 10.100.34.167. The machine with the IP address 10.100.34.122 did
not allow the name to be claimed by this machine.

Error - 20/01/2011 05:58:32 | Computer Name = D177MG2J | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 10.100.34.167. The machine with the IP address 10.100.34.122 did
not allow the name to be claimed by this machine.

Error - 20/01/2011 06:00:33 | Computer Name = D177MG2J | Source = Service Control Manager | ID = 7001
Description = The McAfee Anti-Spam Service service depends on the McAfee Firewall
Core Service service which failed to start because of the following error: %%1058

Error - 20/01/2011 06:34:00 | Computer Name = D177MG2J | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 20/01/2011 07:09:05 | Computer Name = D177MG2J | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 21/01/2011 04:33:20 | Computer Name = D177MG2J | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 21/01/2011 04:46:59 | Computer Name = D177MG2J | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

Thanks for your help. Good look with that first log:)

0

I know this is a real head scratcher. Am I looking at re-installing Windows?

0

Sorry for the late reply. Somehow or other I missed your post.
I am heading out to work now, so I will get to it as soon as I can.

0

No worries mate. Out celebrating Australia day no doubt. :icon_lol:

1

All over now :).

Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

C:\Dkswtchw.exe

===============================

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O3 - HKU\S-1-5-21-1087212941-1706535999-453650722-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    [2011/01/04 20:06:27 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\u8jp2jdUZZQky1
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9EC86225
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71FA8B7F
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C282BEA
    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D43DBBD1
    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4A1B920
    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E927D7D
    @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6881EE7
    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2F19DA0
    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A6D6CB4
    @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDEB08FD
    @Alternate Data Stream - 420 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74A6F815
    @Alternate Data Stream - 314 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D5196DD
    @Alternate Data Stream - 302 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07557E0B
    @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BCDC6E07
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56F368C9
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A01545C
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A4BF204
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA8D6B60
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9256664B
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD000392
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A74923C
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1023D41
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:759B7D6F
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E17A249
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F43B7E8F
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E883A78D
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF24D911
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EB79F01
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05F547A9
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:895A78C5
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F41E22A9
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F19A4790
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3B5F2D1
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE9AC04F
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C6D0ABC3
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08801FDB
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03D08225
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A59DD4AD
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91FFEC32
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:816255C3
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CA557DB
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1585E7B2
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BAC2F271
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D6EAEC3
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90595C34
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D47B19A6
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7B70C4E
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A448DB2
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C201DEB
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0915A718
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62525FE7
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:393F7B1E
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10CFA7D4
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9FAC3AB
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8DFD30C
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE95FE7
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E243396
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A966CC2
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93B0BB6F
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33384BC0
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF9C44FE
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D0C3F21
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36A39835
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F96ED45
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04BB186B
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7F6E6CB
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E774F04D
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D354012D
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE98C8DF
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9547F1DB
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E945C214
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4FCDFD9
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6285236
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:163B8B93
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D994162E
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBCB4421
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72DFB801
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B2BD056
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8999FD56
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EAFDE57
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F7A10DD
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9987109
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C611D6C8
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:937C8022
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8140CB50
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80E965A3
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C678471
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1170D6E4
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10F6E97E
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F986CC21
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFF6B3FF
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77721732
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C08335F
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:471AD3D0
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27790C06
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:052E15C3
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F81E7082
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8DB81DC
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A2E219
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A18D1A5B
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F6F85C
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:817F0659
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8CB831A
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E29063FF
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A05F750A
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E9900EE
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:283BD7B3
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:162E02F7
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E010546A
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD629819
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B09C4D9
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34B9286E
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27F44544
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2512FA90
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B9E79B3
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED9B661E
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E412AAF2
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13AA281B
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1037D53D
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA99C0C
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD3C973
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63F8EC77
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F1019FF
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52B3B2D1
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40BAD1B0
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EC5D66C
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA7D76BE
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:896E1EFF
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66871744
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56C17A93
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517B507A
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D52F295
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0860D6D6
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943E8182
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:495BE211
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22313216
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E962FBDB
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:971DCCE2
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6401C7FF
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:331B76C7
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE6DC701
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DAC1F7
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD36B71
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6425A235
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E3D006
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F760FD47
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD26134
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A2862FF
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29629382
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC7C9796
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:778D008D
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A57500CB
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97995ED4
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79082DD2
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13DF9DD1
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE1CB753
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7B98566
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA004D25
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EEDCEA2
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B51CAAE
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A6BC948
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBF60A29
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B07EB05A
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A93CCA6B
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0A7408F
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94E6FED6
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A628F34
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78D5846B
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F5F4781
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FECEF728
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9EEB760
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABC3EA46
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:723E56EC
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB5BDBB0
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A633BE5
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7920E530
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33611CFB
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6BFFC4A
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D387C245
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B589BB23
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5460FB2E
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49EB0FDC
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E50C1C9
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:592D7272
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3118E26B
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A688EF17
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67BA17B9
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE6EED8B
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0D17155
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C2A42C
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75E82066
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31D2961C
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15752405
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02A78DF6
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF
    :Commands
    [purity]
    [emptyflash]
    [emptytemp]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post log from this run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
0

I can't upload that file from here as uploading exe files is blocked by my corporate firewall. I'll do it from home tonight.

I'm going to carry on with the rest of your recommendations.

0

OTL Log file

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1087212941-1706535999-453650722-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\u8jp2jdUZZQky1 moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9EC86225 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:71FA8B7F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C282BEA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D43DBBD1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A4A1B920 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7E927D7D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A6881EE7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F2F19DA0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0A6D6CB4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DDEB08FD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:74A6F815 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6D5196DD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:07557E0B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BCDC6E07 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:56F368C9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4A01545C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1A4BF204 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CA8D6B60 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9256664B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FD000392 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0A74923C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A1023D41 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:759B7D6F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1E17A249 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F43B7E8F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E883A78D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AF24D911 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2EB79F01 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05F547A9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:895A78C5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F41E22A9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F19A4790 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E3B5F2D1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DE9AC04F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C6D0ABC3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:08801FDB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:03D08225 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A59DD4AD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:91FFEC32 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:816255C3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3CA557DB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1585E7B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BAC2F271 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9D6EAEC3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:90595C34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D47B19A6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A7B70C4E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4A448DB2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1C201DEB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0915A718 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:62525FE7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:393F7B1E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:10CFA7D4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E9FAC3AB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8DFD30C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4EE95FE7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4E243396 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4A966CC2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:93B0BB6F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:33384BC0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FF9C44FE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8D0C3F21 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:36A39835 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1F96ED45 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:04BB186B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F7F6E6CB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E774F04D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D354012D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CE98C8DF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9547F1DB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EA701346 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E945C214 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E4FCDFD9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B6285236 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:163B8B93 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D994162E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1713795 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BBCB4421 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:72DFB801 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:32A82570 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9B2BD056 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8999FD56 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3EAFDE57 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1F7A10DD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D9987109 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C611D6C8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:937C8022 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8140CB50 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:80E965A3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2C678471 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1170D6E4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:10F6E97E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F986CC21 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CFF6B3FF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:77721732 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6C08335F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:471AD3D0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:27790C06 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:052E15C3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F81E7082 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D8DB81DC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C0A2E219 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A18D1A5B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:98F6F85C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:817F0659 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E8CB831A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E29063FF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A05F750A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2E9900EE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:283BD7B3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:162E02F7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E010546A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DD629819 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5B09C4D9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:34B9286E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:27F44544 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2512FA90 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1B9E79B3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ED9B661E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E412AAF2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:13AA281B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1037D53D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8AA99C0C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6FD3C973 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:63F8EC77 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5F1019FF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:52B3B2D1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:40BAD1B0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2EC5D66C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EA7D76BE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:896E1EFF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:66871744 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:56C17A93 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:517B507A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:241FA548 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0D52F295 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0860D6D6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:943E8182 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:495BE211 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:22313216 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E962FBDB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:971DCCE2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6401C7FF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:331B76C7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BE6DC701 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:98DAC1F7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8DD36B71 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6425A235 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:62E3D006 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F760FD47 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6FD26134 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4A2862FF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:29629382 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EC7C9796 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:778D008D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A57500CB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:97995ED4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:79082DD2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:13DF9DD1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DE1CB753 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C7B98566 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AA004D25 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8EEDCEA2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8B51CAAE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3A6BC948 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BBF60A29 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B07EB05A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A93CCA6B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A0A7408F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:94E6FED6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8A628F34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:78D5846B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1F5F4781 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FECEF728 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B9EEB760 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ABC3EA46 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:723E56EC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EB5BDBB0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8A633BE5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7920E530 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:33611CFB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F6BFFC4A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D387C245 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B589BB23 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5460FB2E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:49EB0FDC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9E50C1C9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:592D7272 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3118E26B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A688EF17 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:67BA17B9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DE6EED8B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D0D17155 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:89C2A42C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:75E82066 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:31D2961C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:15752405 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:02A78DF6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:059167AF deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 41620 bytes

User: eoghan
->Flash cache emptied: 1797 bytes

User: LocalService
->Flash cache emptied: 9628 bytes

User: NetworkService

User: nuala
->Flash cache emptied: 946 bytes

User: Nuala_2
->Flash cache emptied: 41620 bytes

User: roisin
->Flash cache emptied: 77568 bytes

User: tony

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: eoghan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 10680337 bytes
->FireFox cache emptied: 3547779 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: nuala
->Temp folder emptied: 25065446 bytes
->Temporary Internet Files folder emptied: 7534925 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3615263 bytes
->Google Chrome cache emptied: 11681535 bytes
->Flash cache emptied: 0 bytes

User: Nuala_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: roisin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 7326364 bytes
->FireFox cache emptied: 5380026 bytes
->Apple Safari cache emptied: 9629696 bytes
->Flash cache emptied: 0 bytes

User: tony

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 265719 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32969 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 81.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.20.3 log created on 01272011_105644

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

0

Results of quick scan:

OTL.TXT

OTL logfile created on: 27/01/2011 11:06:15 - Run 2
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\nuala\Desktop\Fixers\otl
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 708.00 Mb Available Physical Memory | 70.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.08 Gb Total Space | 61.07 Gb Free Space | 57.03% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 36.97 Gb Free Space | 99.27% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: D177MG2J | User Name: nuala | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/20 15:49:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nuala\Desktop\Fixers\otl\OTL.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 07:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe


========== Modules (SafeList) ==========

MOD - [2011/01/20 15:49:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nuala\Desktop\Fixers\otl\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (gupdate1ca33e2b1ed34fe) Google Update Service (gupdate1ca33e2b1ed34fe)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/08/27 15:36:34 | 000,111,912 | ---- | M] (SingleClick Systems) [Disabled | Stopped] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/08/09 07:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV - [2010/08/23 17:07:28 | 000,027,192 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rspSanity32.sys -- (rspSanity)
DRV - [2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/11/16 09:21:50 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/09/21 08:55:36 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/09/21 08:55:36 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/09/21 08:55:36 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 18:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/03 12:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 12:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616obex.sys -- (s616obex)
DRV - [2007/04/03 12:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007/04/03 12:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 12:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 12:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007/04/03 12:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2006/12/18 18:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/02/10 17:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/05/11 00:33:12 | 000,032,256 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/11/17 20:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 20:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 20:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = gateway.fasoffice.com:80

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = gateway.fasoffice.com:80

IE - HKU\S-1-5-21-1087212941-1706535999-453650722-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKU\S-1-5-21-1087212941-1706535999-453650722-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1087212941-1706535999-453650722-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1087212941-1706535999-453650722-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = gateway.fasoffice.com:80

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/16 11:58:26 | 000,000,000 | ---D | M]

[2008/02/19 18:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nuala\Application Data\Mozilla\Firefox\Profiles\p2lwzp0o.default\extensions
[2008/02/19 18:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nuala\Application Data\Mozilla\Firefox\Profiles\p2lwzp0o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/20 15:56:16 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Documents and Settings\nuala\Application Data\Mozilla\Firefox\Profiles\p2lwzp0o.default\extensions\DefaultManager@Microsoft
[2008/02/19 18:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nuala\Application Data\Mozilla\Firefox\Profiles\p2lwzp0o.default\extensions\staged-xpis
[2010/03/20 20:03:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/15 19:39:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2005/04/27 20:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2006/09/26 11:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2011/01/27 10:57:29 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1087212941-1706535999-453650722-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1087212941-1706535999-453650722-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1087212941-1706535999-453650722-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1087212941-1706535999-453650722-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.127 10.1.10.126 10.1.10.27 10.1.10.26
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\nuala\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\nuala\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/27 10:56:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/21 12:28:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/19 12:20:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/01/19 11:26:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/01/19 08:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nuala\Start Menu\Programs\HiJackThis
[2011/01/19 08:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/18 09:19:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/18 09:19:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/18 09:19:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/18 09:19:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/18 09:15:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/18 09:12:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/14 11:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/01/13 09:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nuala\Desktop\Fixers
[2011/01/13 08:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nuala\My Documents\My Received Files
[2011/01/11 14:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/11 14:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nuala\Application Data\SUPERAntiSpyware.com
[2011/01/11 14:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/11 14:41:18 | 000,027,192 | ---- | C] (Resplendence Software Projects Sp.) -- C:\WINDOWS\System32\drivers\rspSanity32.sys
[2011/01/11 14:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\SanityCheck
[2011/01/11 14:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SanityCheck
[2011/01/11 14:23:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/01/10 15:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nuala\Application Data\Uniblue
[2011/01/10 15:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nuala\Local Settings\Application Data\PackageAware
[2011/01/10 15:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nuala\Local Settings\Application Data\NokiaAccount
[2011/01/10 14:46:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/01/10 11:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2011/01/10 10:50:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nuala\Recent
[2011/01/07 16:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\jv16 PowerTools
[2011/01/07 16:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools
[2011/01/07 15:59:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/01/07 15:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nuala\Application Data\Malwarebytes
[2011/01/07 15:05:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/07 15:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/07 15:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/07 15:05:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/07 15:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/01 22:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nuala\Application Data\dingogames
[2011/01/01 22:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\dingogames
[2011/01/01 22:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\Tasty Planet - Back for Seconds
[2011/01/01 19:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Zynga
[2009/04/09 18:55:52 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2011/01/27 10:59:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/27 10:58:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/27 10:58:47 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/27 10:57:29 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/01/19 09:12:49 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\nuala\Desktop\HiJackThis.lnk
[2011/01/18 09:04:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\nuala\My Documents\log
[2011/01/14 11:56:32 | 000,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/12 10:58:45 | 000,001,795 | ---- | M] () -- C:\WINDOWS\CDSEUNST.INI
[2011/01/10 16:26:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/10 15:34:09 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\nuala\Desktop\Downloaded Program Updates.lnk
[2011/01/10 15:17:34 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/10 15:17:34 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/10 15:01:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/10 14:51:52 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\nuala\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/10 12:37:51 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2011/01/08 14:10:55 | 000,004,236 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/01/08 14:10:54 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\AD53B5037A.sys
[2011/01/07 20:05:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/01/19 08:53:32 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\nuala\Desktop\HiJackThis.lnk
[2011/01/18 09:19:57 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/18 09:19:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/18 09:19:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/18 09:19:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/18 09:19:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/18 09:04:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\nuala\My Documents\log
[2011/01/11 14:44:45 | 1063,407,616 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/10 12:08:40 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/01/07 15:05:35 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/01 18:35:32 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/09/01 18:35:32 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/09/01 18:34:57 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\nuala\Application Data\$_hpcst$.hpc
[2010/08/27 13:02:00 | 000,106,520 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/22 14:10:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2009/12/13 17:39:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2009/10/30 19:28:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ResortingToDanger.INI
[2008/07/15 14:43:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2008/06/09 21:08:47 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\nuala\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/29 07:48:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/03 20:16:20 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/06/13 20:12:06 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/08 15:54:53 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2007/04/07 18:21:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/03/12 15:53:23 | 001,339,474 | ---- | C] () -- C:\WINDOWS\Uninstallvusb.dll
[2007/01/10 20:07:33 | 000,001,795 | ---- | C] () -- C:\WINDOWS\CDSEUNST.INI
[2007/01/05 22:08:08 | 000,000,042 | ---- | C] () -- C:\WINDOWS\AcrobatSetupStatus.ini
[2007/01/05 22:04:17 | 000,000,243 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/24 14:00:45 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\nuala\Application Data\dvd.bmk
[2006/12/24 12:56:11 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/12/22 13:06:31 | 000,000,058 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2006/11/02 11:47:58 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/11/02 11:28:36 | 000,001,902 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/10/25 18:40:20 | 000,009,950 | ---- | C] () -- C:\Documents and Settings\nuala\Application Data\wklnhst.dat
[2006/09/19 20:38:49 | 000,004,236 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/19 20:38:49 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\AD53B5037A.sys
[2006/09/18 12:43:45 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/09/17 18:03:05 | 000,003,918 | ---- | C] () -- C:\WINDOWS\Solitaire.ini
[2006/09/17 18:03:04 | 000,435,712 | ---- | C] () -- C:\WINDOWS\System32\libmng.dll
[2006/09/15 14:24:43 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\nuala\Local Settings\Application Data\fusioncache.dat
[2006/09/15 13:16:24 | 000,000,225 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/09/13 18:09:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/13 18:04:22 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/13 17:59:59 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/13 17:34:00 | 000,000,475 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 13:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== LOP Check ==========

[2010/10/16 21:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2007/12/30 16:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2010/03/05 20:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2010/12/08 21:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Splash Games
[2009/11/20 21:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2009/08/23 15:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CasualForge
[2005/08/16 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/01/01 22:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dingogames
[2010/01/23 14:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/07/25 17:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2010/10/09 21:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Fishes
[2010/01/01 22:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Frenzy
[2009/05/20 20:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2009/05/20 19:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2010/01/02 20:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2010/01/11 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America
[2010/07/24 22:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/09/25 19:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/04/26 12:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/11/23 17:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2009/08/15 17:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2010/12/27 23:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010/03/31 10:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happyville__
[2009/08/23 13:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2010/04/07 20:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/04/29 14:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2010/03/06 20:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/12/10 16:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2009/12/23 11:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/03/26 21:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/11/13 15:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/05/10 17:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2010/09/26 20:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NatGeoGames
[2010/03/08 19:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2009/05/20 13:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2010/01/24 16:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/08/27 10:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2009/12/25 22:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2006/09/18 12:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2010/07/25 17:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2009/08/03 19:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/25 23:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/12/21 16:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/10/09 19:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2010/03/30 22:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2009/12/10 17:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Questtracers
[2009/12/11 20:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rionix
[2010/09/01 18:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009/12/13 13:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2007/03/20 19:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2009/10/29 16:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2009/12/30 23:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprouts Adventure
[2010/02/14 15:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2010/06/15 12:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2011/01/12 09:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/23 18:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TikGames
[2010/02/12 21:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2009/05/16 11:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XLab
[2009/05/02 12:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/10/30 23:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2007/01/20 13:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eoghan\Application Data\Image Zone Express
[2006/09/19 14:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eoghan\Application Data\Otto
[2008/10/16 19:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eoghan\Application Data\PC Suite
[2008/07/27 10:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eoghan\Application Data\Teleca
[2006/12/14 17:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eoghan\Application Data\Template
[2010/06/29 20:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eoghan\Application Data\Zylom
[2007/12/29 13:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2010/12/14 19:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/02/12 20:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\2monkeys
[2009/12/04 19:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Alawar
[2010/04/22 19:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Amaranth Games
[2009/08/03 12:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\BAMZOOKi
[2010/05/07 19:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Big Fish Games
[2010/12/08 21:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Big Splash Games
[2009/11/20 21:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\blg
[2010/12/23 22:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Boolat Games
[2010/03/09 21:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\cerasus.media
[2009/12/06 10:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Chicken Chase
[2011/01/01 22:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\dingogames
[2009/11/18 15:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\EleFun Games
[2009/12/06 12:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Fever Frenzy
[2010/07/24 22:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Flood Light Games
[2009/11/09 20:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Freezetag
[2010/10/01 19:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Friday's games
[2009/05/10 17:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\GameHouse
[2009/10/25 12:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\GameHousev1001
[2010/04/02 18:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Gamelab
[2010/06/17 18:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\GamesCafe
[2009/12/07 16:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Go-Go Gourmet Chef of the Year
[2010/12/27 23:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\gogii
[2009/11/20 17:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\GraveyardShift
[2009/11/20 19:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Home Sweet Home
[2009/11/20 20:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Home Sweet Home 2
[2009/11/20 20:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Home Sweet Home Christmas
[2010/06/16 19:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Hotdog Hotshot
[2007/11/19 17:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Image Zone Express
[2009/10/31 09:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\iWin
[2009/04/20 19:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Jane s Hotel Family Hero
[2006/10/26 13:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Leadertech
[2010/10/01 21:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Lonely Troops
[2009/12/04 18:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Ludia
[2009/08/18 19:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Meridian93
[2010/03/26 21:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Merscom
[2007/03/28 11:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\MSNInstaller
[2010/04/20 18:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\My Games
[2009/12/30 21:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\MysteryStudio
[2010/09/26 20:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\NatGeoGames
[2010/06/16 18:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\NevoSoft Games
[2007/03/20 18:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\OLYMPUS
[2008/07/07 14:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\PC Suite
[2010/01/01 19:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\PetShowCraze
[2010/12/21 16:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\PlayFirst
[2009/12/08 15:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Playrix Entertainment
[2010/03/30 22:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\PoBros
[2007/11/19 17:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Printer Info Cache
[2010/09/01 18:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Samsung
[2008/10/07 17:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\SmartDraw
[2009/05/10 13:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\SpinTop
[2010/12/23 19:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\SpinTop Games
[2010/12/08 19:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Supermarket Mania 2
[2008/07/17 07:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Teleca
[2006/11/08 15:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Template
[2009/11/23 18:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\TikGames
[2010/04/15 18:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Total Eclipse
[2010/03/06 21:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\TripleHippo
[2010/03/15 20:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Ubisoft
[2011/01/10 15:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Uniblue
[2010/02/12 21:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\ValuSoft
[2010/03/14 17:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\Virtual Prophecy
[2010/09/26 19:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nuala\Application Data\YoudaGames
[2006/11/25 09:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\123 Free Puzzle
[2007/02/24 12:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\123 Free Solitaire for Children
[2007/12/30 16:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\AVG7
[2007/03/26 11:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\Bamzooki
[2010/01/31 18:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\Boomzap
[2009/01/17 13:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\Free Spider TreeCardGames
[2007/10/08 18:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\Image Zone Express
[2006/09/19 20:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\Leadertech
[2010/04/04 12:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\My Games
[2009/03/05 18:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\OLYMPUS
[2006/09/18 14:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\Otto
[2008/06/19 14:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\PC Suite
[2009/12/03 20:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\PlayFirst
[2009/08/21 19:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\SpinTop
[2009/01/23 15:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\Teleca
[2006/10/28 09:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\roisin\Application Data\Template

========== Purity Check ==========

< End of report >

0

I uploaded that file to both sites you suggested. It came back clean.

Thanks again for all your help.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.