Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple iexplore.exe processes in task manager


  • This topic is locked This topic is locked
16 replies to this topic

#1 fluffybunney

fluffybunney

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 09 June 2010 - 09:37 AM

Hello all wonderful people...

I have some unexpected trouble with my computer. I run a Dell Inspiron 510m on Windows XP professional.
Recently I noticed in task manager that there are several iexeplore.exe processes running, and when I tried to kill the 'spare' ones, they would not budge, or kill the main browser window but the spares remain.

I have Panda Cloud Antivirus. I installed A-Squared anti malware and ran the full scan, it found some things and I remowed all the threats it found. However, the multiple iexplore processes continued...

I ran a full scan with Malwarebytes Antimalware and it also found a few threats, which I also removed as the software instructed. However, stilll the multiple processes remain...

I just did a DDS log, and I will attach the attach txt file. GMER froze on me...


DDS (Ver_10-03-17.01) - NTFSx86
Run by STSTAdmin at 14:32:58.25 on 09/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.510.128 [GMT 3:00]

AV: Panda Cloud Antivirus *On-access scanning enabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
AV: Emsisoft Anti-Malware *On-access scanning enabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
C:\WINDOWS\PixArt\PAP7501\PACTray.exe
C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Cobian Backup 10\Cobian.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\STSTAdmin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.dell.co.uk/myway
mWinlogon: Shell=Explorer.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IntelZeroConfig] c:\program files\intel\wireless\bin\ZCfgSvc.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [GUCI_AVS] c:\windows\pixart\pap7501\GUCI_AVS.exe
mRun: [PACTray] c:\windows\pixart\pap7501\PACTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [a-squared] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247247311580
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247247283740
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.3.1/jinstall-1_3_1-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2010-6-8 39576]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2010-6-8 11776]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2009-10-13 114312]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2010-6-8 1916080]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-6-9 67584]
R2 NanoServiceMain;NanoServiceMain;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2009-10-30 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2009-10-30 146952]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2009-10-13 95880]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2009-10-13 101512]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2010-6-8 71008]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iwintrusted.exe --> c:\program files\iwin games\iWinTrusted.exe [?]
S3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;c:\windows\system32\drivers\wa301b.sys [1980-1-1 33847]
S3 GUCI_AVS;Canyon USB2.0 PC Camera;c:\windows\system32\drivers\GUCI_AVS.sys [2010-2-18 580992]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2007-9-21 420480]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2009-11-16 256512]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2009-11-16 398720]
S3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\usbvm323.sys [2008-2-18 260608]

=============== Created Last 30 ================

2010-06-09 11:13:40 0 d-----w- c:\program files\Cobian Backup 10
2010-06-08 21:04:46 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 16:00:25 0 d-----w- c:\program files\Emsisoft Anti-Malware
2010-06-08 14:36:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Cateia Games
2010-05-30 16:14:42 0 d-----w- c:\docume~1\ststad~1\applic~1\SevenSails
2010-05-22 02:21:03 54156 ---ha-w- c:\windows\QTFont.qfn
2010-05-22 02:21:03 1409 ----a-w- c:\windows\QTFont.for
2010-05-13 00:51:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-13 00:51:43 411368 ----a-w- c:\windows\system32\deployJava1.dll

==================== Find3M ====================

2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-29 12:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 12:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-04-06 01:52:46 2462720 ----a-w- c:\windows\system32\dllcache\WMVCore.dll
2008-11-10 13:43:00 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111020081111\index.dat
2009-09-17 17:37:11 32768 --sha-w- c:\windows\temp\cookies\index.dat
2009-09-17 17:37:11 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-09-17 17:37:11 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 14:35:24.07 ===============



Thanks in advance for your help!

Attached Files



BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:10:38 PM

Posted 14 June 2010 - 11:15 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 fluffybunney

fluffybunney
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 18 June 2010 - 07:14 PM

Hello. I did a new log for that DDS thing and also tried a GMER scan(I don't know what it should look like but I unchecked the boxes as in the instructions).

Also, my computer has trouble with a Microsoft update, and it's this one: Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906) and it has been attempting to install it for weeks but it never installs for some reason. Also I got like 8 svchost.exe processes running currently. What to do?



DDS (Ver_10-03-17.01) - NTFSx86
Run by STSTAdmin at 4:01:32.24 on 19/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.510.289 [GMT 3:00]

AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
AV: Emsisoft Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
svchost.exe
C:\WINDOWS\Explorer.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\PixArt\PAP7501\PACTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\STSTAdmin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.dell.co.uk/myway
mWinlogon: Shell=Explorer.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IntelZeroConfig] c:\program files\intel\wireless\bin\ZCfgSvc.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [GUCI_AVS] c:\windows\pixart\pap7501\GUCI_AVS.exe
mRun: [PACTray] c:\windows\pixart\pap7501\PACTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247247311580
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247247283740
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.3.1/jinstall-1_3_1-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2009-10-13 114312]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-6-9 67584]
R2 NanoServiceMain;NanoServiceMain;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2009-10-30 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2009-10-30 146952]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2009-10-13 95880]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2009-10-13 101512]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iwintrusted.exe --> c:\program files\iwin games\iWinTrusted.exe [?]
S3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;c:\windows\system32\drivers\wa301b.sys [1980-1-1 33847]
S3 GUCI_AVS;Canyon USB2.0 PC Camera;c:\windows\system32\drivers\GUCI_AVS.sys [2010-2-18 580992]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2007-9-21 420480]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2009-11-16 256512]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2009-11-16 398720]
S3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\usbvm323.sys [2008-2-18 260608]

=============== Created Last 30 ================

2010-06-12 12:05:49 0 d-----w- c:\docume~1\ststad~1\applic~1\Awem
2010-06-09 11:13:40 0 d-----w- c:\program files\Cobian Backup 10
2010-06-08 21:04:46 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 16:00:25 0 d-----w- c:\program files\Emsisoft Anti-Malware
2010-06-08 14:36:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Cateia Games
2010-05-30 16:14:42 0 d-----w- c:\docume~1\ststad~1\applic~1\SevenSails
2010-05-22 02:21:03 54156 ---ha-w- c:\windows\QTFont.qfn
2010-05-22 02:21:03 1409 ----a-w- c:\windows\QTFont.for

==================== Find3M ====================

2010-05-13 00:51:18 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-29 12:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 12:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-04-06 01:52:46 2462720 ----a-w- c:\windows\system32\dllcache\WMVCore.dll
2008-11-10 13:43:00 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111020081111\index.dat
2009-09-17 17:37:11 32768 --sha-w- c:\windows\temp\cookies\index.dat
2009-09-17 17:37:11 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-09-17 17:37:11 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 4:02:22.45 ===============

Thanks for your help...

Attached Files


Edited by fluffybunney, 19 June 2010 - 04:06 AM.


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:38 PM

Posted 20 June 2010 - 05:09 PM

Hello, fluffybunney.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.
  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!



Multiple iexplore.exe or svchost.exe are often quite normal. With IE 8, you have 1 instance of iexplore.exe when you launch it, plus one additional for each tab you have open. (e.g. only one tab = 2 iexplore.exe; 4 tabs = 5 iexplore.exe instances). Many things call svchost.exe. Killing iexplore.exe via task manager may take a few tries.



Step 1

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT


  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts.



Step 2


Do you have issues installing any update other than the one you called out? Or is it only that one? Please copy the contents of C:\Windows\Windowsupdate.log and paste it in your reply.



Step 3

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 fluffybunney

fluffybunney
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 21 June 2010 - 07:35 AM

Hello etavares,

I began to suspect malware because suddenly my computer and internet got significantly slower-it took longer and longer to load simple not image or video heavy sites...

Here's the OTL txt log

OTL logfile created on: 21/06/2010 14:51:01 - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\STSTAdmin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

510.00 Mb Total Physical Memory | 62.00 Mb Available Physical Memory | 12.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 50.45 Gb Free Space | 67.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D9LJ2B1J
Current User Name: STSTAdmin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/21 14:49:58 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\STSTAdmin\My Documents\Downloads\OTL.exe
PRC - [2010/04/01 21:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/30 18:29:56 | 000,136,448 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2009/10/30 18:29:01 | 000,361,728 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2009/02/06 19:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/11/14 15:50:46 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAP7501\PACTray.exe
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/29 18:27:30 | 000,143,360 | ---- | M] (Vimicro Corporation) -- C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
PRC - [2008/04/14 03:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
PRC - [2007/01/15 19:11:26 | 000,073,728 | ---- | M] (Microsoft) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
PRC - [2005/06/03 03:31:50 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/06/03 03:28:34 | 000,372,809 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/06/03 03:26:58 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2005/06/03 03:25:56 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/06/03 03:25:20 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/06/01 00:51:36 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2005/06/01 00:46:16 | 000,401,408 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/10/20 22:04:44 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2004/05/16 22:18:26 | 000,528,384 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2004/02/02 17:32:16 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2003/10/29 04:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/05/28 19:32:40 | 000,086,016 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
PRC - [2003/02/26 13:08:42 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe


========== Modules (SafeList) ==========

MOD - [2010/06/21 14:49:58 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\STSTAdmin\My Documents\Downloads\OTL.exe
MOD - [2008/04/14 03:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (iWinTrusted)
SRV - [2009/10/30 18:29:56 | 000,136,448 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/01/15 19:11:26 | 000,073,728 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe -- (NetFxUpdate_v1.1.4322)
SRV - [2006/08/25 14:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/06/03 03:28:34 | 000,372,809 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2005/06/03 03:25:56 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2005/06/03 03:25:20 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2005/06/01 00:51:36 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2003/04/29 16:29:54 | 000,139,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2009/10/30 17:18:01 | 000,146,952 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PSINAflt.sys -- (PSINAflt)
DRV - [2009/10/13 16:50:55 | 000,101,512 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PSINProc.sys -- (PSINProc)
DRV - [2009/10/13 16:50:54 | 000,114,312 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PSINKNC.sys -- (PSINKNC)
DRV - [2009/10/13 16:50:54 | 000,095,880 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PSINFile.sys -- (PSINFile)
DRV - [2008/12/05 18:42:02 | 000,580,992 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\GUCI_AVS.sys -- (GUCI_AVS)
DRV - [2008/08/29 16:29:44 | 000,256,512 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\VMUVC.sys -- (VMUVC)
DRV - [2008/07/01 12:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\vvftUVC.sys -- (vvftUVC)
DRV - [2008/04/13 21:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 21:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/18 07:06:36 | 000,260,608 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbvm323.sys -- (ZSMC326) Vimicro USB2.0 PC Camera(VC0323)
DRV - [2007/09/21 06:35:08 | 000,420,480 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\vmfilter323.sys -- (vmfilter323)
DRV - [2005/05/03 17:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 17:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 17:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/03 09:03:54 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\s24trans.sys -- (s24trans)
DRV - [2005/04/30 18:01:56 | 003,281,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\w29n51.sys -- (w29n51) Intel®
DRV - [2004/11/15 17:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/10/20 22:04:46 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys -- (ASCTRM)
DRV - [2004/08/12 10:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\iwca.sys -- (IWCA)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/06/17 18:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/15 03:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/03/15 03:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/03/15 03:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/03/15 03:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/03/15 03:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/03/15 03:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/03/15 03:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/03/15 03:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/03/15 03:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/02/27 04:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/02/13 13:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2004/02/13 05:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/01/14 21:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/01/14 21:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/01/13 04:41:46 | 002,482,176 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w70n51.sys -- (w70n51) Intel®
DRV - [2003/10/27 22:42:36 | 000,033,847 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wa301b.sys -- ({E2B953A7-195A-44F9-9BA3-3D5F4E32BB55})
DRV - [2003/10/27 22:42:36 | 000,033,847 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wa301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55})
DRV - [2003/08/29 07:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/08/21 21:25:52 | 000,094,600 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/05/01 16:26:34 | 000,005,220 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CVirtA.sys -- (CVirtA)
DRV - [2002/11/22 22:01:26 | 000,020,096 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\iqvw32.sys -- (NAL)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3057210460-89381336-1337293114-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-21-3057210460-89381336-1337293114-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3057210460-89381336-1337293114-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/20 01:36:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/20 02:12:00 | 000,000,000 | ---D | M]

[2010/06/20 01:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Mozilla\Extensions
[2010/06/21 01:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Mozilla\Firefox\Profiles\66tr7sng.default\extensions
[2010/06/20 03:06:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\STSTAdmin\Application Data\Mozilla\Firefox\Profiles\66tr7sng.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/21 01:59:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/20 02:12:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/20 02:11:15 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 19:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 19:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 19:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 19:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/19 23:50:13 | 000,408,427 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14125 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3057210460-89381336-1337293114-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [GUCI_AVS] C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PACTray] C:\WINDOWS\PixArt\PAP7501\PACTray.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe File not found
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3057210460-89381336-1337293114-1005..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3057210460-89381336-1337293114-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1247247311580 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1247247283740 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.3.1/jinstall-...indows-i586.cab (Java Plug-in 1.3.1)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.232.169.11 195.122.12.241
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\STSTAdmin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\STSTAdmin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/10/20 21:27:46 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/20 23:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\Desktop\Software
[2010/06/20 02:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\My Documents\Downloads
[2010/06/20 02:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/06/20 02:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/06/20 01:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\Local Settings\Application Data\Mozilla
[2010/06/20 01:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\Application Data\Mozilla
[2010/06/20 01:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/20 00:38:10 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/19 22:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/19 22:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/12 15:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\Application Data\Awem
[2010/06/12 15:05:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Romance of Rome
[2010/06/09 14:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\Application Data\Leadertech
[2010/06/09 14:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2010/06/08 18:39:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/06/08 17:36:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2010/06/06 13:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\TheJollyGangsSpookyAdventure
[2010/05/30 19:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\Application Data\SevenSails
[2010/05/29 12:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\Desktop\All Pics
[2010/05/13 03:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java(2)
[2010/05/13 03:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java(2)
[2010/05/06 22:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\My Documents\random
[2010/05/06 20:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AlabamaSmithInTheQuestOfFate
[2010/04/27 12:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\Celtx
[2010/04/27 00:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\Local Settings\Application Data\Yahoo
[2010/04/27 00:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/04/27 00:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\Application Data\Yahoo!
[2010/04/27 00:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/04/27 00:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/04/16 14:06:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2010/04/15 12:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\Application Data\Nevosoft
[2010/04/12 17:14:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/10 15:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\My Documents\Jojos Fashion Show 2
[2010/04/10 15:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\Application Data\Gamelab
[2010/04/04 18:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\cupcakecafe
[2010/04/01 02:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[12 C:\Documents and Settings\STSTAdmin\My Documents\*.tmp files -> C:\Documents and Settings\STSTAdmin\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/21 14:43:27 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{64FA5243-C6D3-40E3-B5A9-93015E13F887}.job
[2010/06/21 14:13:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/06/21 14:12:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/21 14:12:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/06/21 03:50:49 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\ntuser.dat
[2010/06/21 03:50:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\STSTAdmin\NTUSER.INI
[2010/06/21 03:46:14 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\made to order.doc
[2010/06/21 03:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/06/20 21:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/06/20 16:22:06 | 000,314,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/20 02:24:39 | 000,957,250 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\EN_BeeAtHome_v5.pdf
[2010/06/20 01:52:53 | 000,001,118 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/06/20 01:50:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/20 01:48:13 | 002,005,162 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/06/20 01:35:18 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/20 01:35:18 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/20 01:29:12 | 000,547,136 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/20 01:29:12 | 000,473,042 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/06/20 01:29:12 | 000,084,436 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/06/19 23:50:13 | 000,408,427 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/06/19 15:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/19 15:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/06/19 09:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/06/18 19:43:32 | 063,176,580 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\whenyoumarry00duvarich.pdf
[2010/06/13 21:30:58 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\annot.doc
[2010/06/12 14:25:36 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\~$de to order.doc
[2010/06/11 04:35:29 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\bad romance.doc
[2010/06/11 03:32:17 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\candy filk.doc
[2010/06/07 00:56:08 | 000,218,624 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\beauty and beast.doc
[2010/06/01 02:39:10 | 000,102,912 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\naughty dramione.doc
[2010/05/31 00:15:42 | 001,809,632 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\1Sweet_SlipperPDF.pdf
[2010/05/30 03:38:26 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\grandmas socks.doc
[2010/05/28 15:59:29 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\Uznemsanas_noteikumi_2010.doc
[2010/05/28 14:42:15 | 000,774,656 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\ProfBakVokal.doc
[2010/05/28 06:31:33 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\nostalgia.doc
[2010/05/26 06:22:04 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\Viktor and Hermione.doc
[2010/05/25 04:47:52 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\Charlie for sourpuss.doc
[2010/05/24 06:18:41 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\candy draco pov.doc
[2010/05/22 05:21:03 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/22 05:21:03 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/05/20 04:53:23 | 000,719,360 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\nanny dramione.doc
[2010/05/16 21:21:47 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\~$d romance.doc
[2010/05/15 01:19:32 | 000,253,595 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\Europe 2.pdf
[2010/05/13 05:11:48 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\amatu skaistums.doc
[2010/05/12 00:46:17 | 000,096,559 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\cwe-tamOShanter.pdf
[2010/05/11 03:01:15 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\karens bag.doc
[2010/05/11 00:43:43 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\~$rens bag.doc
[2010/05/09 19:42:51 | 000,048,125 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\great_great_grandma_s_round_potholder.pdf
[2010/05/07 01:38:51 | 000,342,016 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\nanny dramione extra.doc
[2010/05/02 23:54:30 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\I want a baby.doc
[2010/04/27 12:15:33 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\Application Data\Microsoft\Internet Explorer\Quick Launch\Celtx.lnk
[2010/04/27 01:16:36 | 000,043,937 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\P1000611.JPG
[2010/04/27 01:10:20 | 005,034,107 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\P1000358.JPG
[2010/04/27 01:04:13 | 004,502,744 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\P1000437.JPG
[2010/04/27 00:42:41 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/04/26 21:43:14 | 003,697,395 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\1382318_french_affair__sexy.mp3
[2010/04/22 16:15:22 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\iesniegums.doc
[2010/04/21 00:16:15 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\for your entertainment 1.doc
[2010/04/17 02:28:23 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\YA premise.doc
[2010/04/15 22:38:32 | 000,011,829 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\nanny.rtf
[2010/04/13 23:37:14 | 000,000,912 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\.recently-used.xbel
[2010/04/13 22:05:33 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\~$nny dramione.doc
[2010/04/07 23:06:40 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\april fools 5beta.doc
[2010/04/07 23:06:39 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\april_fools_chapter1.doc
[2010/04/07 19:36:58 | 000,185,205 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\halp.....zip
[2010/04/07 16:51:45 | 000,012,248 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\dramione 21 chapter.odt
[2010/04/07 01:09:57 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\april fools 5.doc
[2010/04/05 00:17:09 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\cenas_AP.xls
[2010/04/05 00:07:36 | 000,104,960 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\cenas_OC.xls
[2010/04/03 01:46:53 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\april fool chap 4.doc
[2010/03/30 21:40:42 | 000,025,438 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\Goyle-Bullestrode.odt
[2010/03/29 11:59:20 | 010,307,309 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\Dishcloths_Final.pdf
[2010/03/28 23:54:36 | 000,030,869 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\Halia.pdf
[2010/03/28 23:52:52 | 000,256,826 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\Halia_Chart.pdf
[2010/03/28 02:06:32 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\dramione duet submission.doc
[2010/03/26 22:43:20 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\Draco took a deep breath.doc
[2010/03/26 15:34:45 | 000,258,007 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\Meandering_Vines_Shawl.pdf
[2010/03/26 01:16:29 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\flufi's veela.doc
[2010/03/26 01:16:29 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\~$ufi's veela.doc
[2010/03/24 22:24:58 | 000,097,010 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\Lil_bunny.pdf
[2010/03/24 14:45:15 | 000,451,225 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\Amigurumi_Tiny_Hello_Hitty2.pdf
[2010/03/24 11:37:05 | 000,074,015 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\DSCN5620.JPG
[2010/03/23 18:25:32 | 000,041,578 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\DSCN5618.JPG
[12 C:\Documents and Settings\STSTAdmin\My Documents\*.tmp files -> C:\Documents and Settings\STSTAdmin\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/20 02:24:39 | 000,957,250 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\EN_BeeAtHome_v5.pdf
[2010/06/20 01:35:18 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/20 01:35:18 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/18 19:42:43 | 063,176,580 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\whenyoumarry00duvarich.pdf
[2010/06/13 21:30:58 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\annot.doc
[2010/06/12 14:25:34 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\~$de to order.doc
[2010/06/10 23:29:40 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\candy filk.doc
[2010/06/08 21:44:36 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\made to order.doc
[2010/05/31 00:15:28 | 001,809,632 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\1Sweet_SlipperPDF.pdf
[2010/05/28 15:59:27 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\Uznemsanas_noteikumi_2010.doc
[2010/05/28 14:42:05 | 000,774,656 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\ProfBakVokal.doc
[2010/05/27 09:00:19 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\nostalgia.doc
[2010/05/26 06:22:04 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\Viktor and Hermione.doc
[2010/05/25 04:11:11 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\Charlie for sourpuss.doc
[2010/05/24 06:18:41 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\candy draco pov.doc
[2010/05/23 01:54:46 | 000,218,624 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\beauty and beast.doc
[2010/05/22 05:21:03 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/05/22 05:21:03 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/05/21 02:56:25 | 000,102,912 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\naughty dramione.doc
[2010/05/21 01:31:56 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\grandmas socks.doc
[2010/05/16 21:21:47 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\~$d romance.doc
[2010/05/15 01:19:28 | 000,253,595 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\Europe 2.pdf
[2010/05/13 05:11:47 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\amatu skaistums.doc
[2010/05/12 00:46:16 | 000,096,559 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\cwe-tamOShanter.pdf
[2010/05/11 00:43:43 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\karens bag.doc
[2010/05/11 00:43:43 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\~$rens bag.doc
[2010/05/09 19:42:50 | 000,048,125 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\great_great_grandma_s_round_potholder.pdf
[2010/05/09 19:23:59 | 003,670,016 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\ntuser.dat
[2010/05/05 01:14:56 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\bad romance.doc
[2010/04/27 12:15:33 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\Application Data\Microsoft\Internet Explorer\Quick Launch\Celtx.lnk
[2010/04/27 01:16:33 | 000,043,937 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\P1000611.JPG
[2010/04/27 01:09:04 | 005,034,107 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\P1000358.JPG
[2010/04/27 01:03:07 | 004,502,744 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\P1000437.JPG
[2010/04/27 00:42:41 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/04/26 22:43:02 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\I want a baby.doc
[2010/04/26 21:42:57 | 003,697,395 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\1382318_french_affair__sexy.mp3
[2010/04/22 16:15:22 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\iesniegums.doc
[2010/04/20 00:29:42 | 000,342,016 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\nanny dramione extra.doc
[2010/04/17 02:28:23 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\YA premise.doc
[2010/04/15 22:38:32 | 000,011,829 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\nanny.rtf
[2010/04/13 23:37:14 | 000,000,912 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\.recently-used.xbel
[2010/04/13 22:05:33 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\~$nny dramione.doc
[2010/04/10 23:36:26 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\for your entertainment 1.doc
[2010/04/07 19:36:54 | 000,185,205 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\halp.....zip
[2010/04/07 19:12:38 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\april fools 5beta.doc
[2010/04/07 16:51:44 | 000,012,248 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\dramione 21 chapter.odt
[2010/04/05 00:17:05 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\cenas_AP.xls
[2010/04/05 00:07:34 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\cenas_OC.xls
[2010/04/03 12:00:12 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\april fools 5.doc
[2010/03/30 21:40:36 | 000,025,438 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\Goyle-Bullestrode.odt
[2010/03/29 11:59:16 | 010,307,309 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\Dishcloths_Final.pdf
[2010/03/29 02:45:51 | 000,719,360 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\nanny dramione.doc
[2010/03/28 23:54:33 | 000,030,869 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\Halia.pdf
[2010/03/28 23:52:47 | 000,256,826 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\Halia_Chart.pdf
[2010/03/26 22:52:31 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\april fool chap 4.doc
[2010/03/26 15:34:26 | 000,258,007 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\Meandering_Vines_Shawl.pdf
[2010/03/26 01:16:29 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\~$ufi's veela.doc
[2010/03/26 01:16:28 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\flufi's veela.doc
[2010/03/24 22:24:52 | 000,097,010 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\Lil_bunny.pdf
[2010/03/24 14:44:50 | 000,451,225 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\Amigurumi_Tiny_Hello_Hitty2.pdf
[2010/03/24 11:36:55 | 000,074,015 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\DSCN5620.JPG
[2010/03/23 18:24:57 | 000,041,578 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\DSCN5618.JPG
[2010/02/18 20:23:21 | 000,002,057 | ---- | C] () -- C:\WINDOWS\System32\GUCI_AVS.ini
[2009/11/19 03:19:02 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/11/19 03:19:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/11/19 03:19:01 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2009/11/19 03:19:01 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/09/28 20:27:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SelSet.INI
[2006/10/02 12:35:36 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2005/10/04 17:37:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2005/10/04 15:38:58 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2005/03/07 13:57:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pdmConf.INI
[2004/11/01 13:01:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/01 13:01:16 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2004/11/01 13:01:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2004/11/01 12:14:20 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/10/20 22:08:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/20 21:58:47 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/10/20 21:31:28 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/17 19:03:56 | 000,139,280 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2004/08/11 19:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 07:00:00 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/03/26 18:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/23 04:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 02:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2009/08/24 01:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7Wonders2
[2009/07/24 02:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Absolutist
[2010/06/06 13:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2009/07/30 20:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2009/08/02 18:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2009/10/13 21:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Becky Brogan
[2009/07/23 01:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2010/06/08 17:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2010/04/04 18:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cupcakecafe
[2009/07/20 19:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2009/08/09 14:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fashion Finder
[2010/02/03 01:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2009/09/19 00:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/01/29 15:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/10/14 19:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/01/04 04:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2009/10/27 18:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/09/16 22:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2009/10/01 22:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2009/10/29 23:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2009/07/19 01:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/10/15 17:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009/12/16 21:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/02/25 00:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2009/12/08 17:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/02/04 03:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/04/16 14:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2009/10/24 10:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2009/09/21 23:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2009/11/19 03:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/02/10 20:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2010/06/17 16:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/05 04:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2010/01/26 01:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Mirror Mysteries
[2010/01/04 20:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick
[2004/10/20 22:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/16 17:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Ancient Quest of Saqqarah__iwin
[2010/06/12 15:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Awem
[2009/08/29 22:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Azuaz Games
[2010/03/17 01:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Babylonia
[2009/07/23 01:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\blg
[2009/09/06 03:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\BloodTies
[2010/03/07 13:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Boomzap
[2010/01/22 18:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Camel101
[2009/07/19 07:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Cat's Eye Games
[2009/11/26 18:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\cerasus.media
[2009/10/14 14:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\CobiMobi
[2009/12/02 21:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Dekovir
[2010/03/28 14:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\ElementalsTheMagicKey
[2010/02/03 01:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\FileOpen
[2009/09/19 00:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Flood Light Games
[2009/07/30 15:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Friday's games
[2009/11/18 00:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\GameInvest
[2010/04/10 15:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Gamelab
[2010/01/04 04:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Gamers Digital
[2009/10/29 22:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\GamesCafe
[2009/09/16 22:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Gogii Games
[2010/04/13 23:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\gtk-2.0
[2009/12/15 00:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\iMaxGen
[2009/10/29 23:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\iWin
[2009/08/10 21:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Jetsetter
[2010/06/09 14:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Leadertech
[2009/10/11 18:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Magic Academy
[2009/08/08 18:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Meridian93
[2009/10/15 17:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Merscom
[2009/12/15 00:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\MysteryStudio
[2010/04/15 12:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Nevosoft
[2009/07/19 02:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\OpenOffice.org
[2009/12/08 18:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Panda Security
[2010/02/12 20:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Peace Craft
[2010/02/04 03:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\PlayFirst
[2009/10/24 10:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\PoBros
[2010/02/19 22:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Quirky Games
[2009/11/05 22:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\RobinsonCrusoeIW
[2009/08/28 21:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\SecretIslandEng
[2010/05/30 19:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\SevenSails
[2009/07/20 00:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\TMInc
[2010/01/04 20:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\UClick
[2010/06/19 15:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/06/20 21:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/06/21 03:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/06/19 09:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/06/19 15:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2004/11/01 12:10:48 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2010/06/21 14:43:27 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{64FA5243-C6D3-40E3-B5A9-93015E13F887}.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/11/10 15:31:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2008/11/10 15:31:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 21:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 21:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/11/10 15:31:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2008/11/10 15:31:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 03:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/14 03:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\I386\NETLOGON.DLL

< MD5 for: SCECLI.DLL >
[2008/04/14 03:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\I386\SCECLI.DLL

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4ADE0CD0
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31D032DE
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AE39AFC
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F26FB2D
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDBC3765
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7E2DE81
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DBE30A1
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5D81BA1
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F10C2DA8
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEDA49F4
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33D788AB
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E3035E2
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0467BDF
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72739815
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22152041
@Alternate Data Stream - 142 bytes -> C:\WINDOWS\SYSTEM32:,|ö§pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\WINDOWS\SYSTEM32:,|ö«pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEB4D048
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F24AD862
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DCCD617
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AEB42F1
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:250A84D5
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E0E9645
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B76AB863
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D0C4F47
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:252B7D28
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C2A22D4
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA911BA0
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F71E822
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A27E0C5
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E6E20D4
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:127BB39D
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D97A9919
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDC1B76E
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1BFD26C
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0803A95E
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2337193
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3CB23B4
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD5AB506
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31614B4F
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E93E0ED
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3A1351B
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC94F18F
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB2BB17F
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:898109B4
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7DF1EF45
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A9CF5CA
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EA715B9
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35815A26
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE498D0C
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A014A28C
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F222B60
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D493D85
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26E44341
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF69206B
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E10BB58A
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D92981EA
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81AA7C39
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B2D6B94
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38D7EDFD
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:367F03D2
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17927369
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBFD4E6F
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94F0FAE0
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09B77012
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9D9AD33
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A477045F
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:290A724C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB7C85A7
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA23AD9A
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C0CEDAF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B215686
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B6FAF9
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFAF71E0
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A72132CC
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A61A6FCC
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DA18708
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5795E8B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAF6860A
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94260FE6
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36EEEDAC
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F662888F
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78B923B2
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25BA2318
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5F91AE1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61EAC7DA
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FC57F99
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDF6588A
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6522EC1
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14224589
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF4CC666
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9700C55E
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:472EB08A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08390D61
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4BE48F5
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE150BCA
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D371AB2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6611AB82
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E53D1D0
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4B0D5C7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:755BD5CD
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A6BF249
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE73AC4
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CEC0A38
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BAE765B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0BE2307D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA2A4FE5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2DCEE0D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F3F179
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A18FA397
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:748520A2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E98B604F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:990A1A4B
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E426A1F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15606AA7
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B210DD3
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE53E4F7
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EE5C3ED
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30AF8E0D
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27B25A27
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23806346
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E1DD4C5
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:172EB9B5
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5070F1A6
< End of report >

And the Extras.txt
OTL Extras logfile created on: 21/06/2010 14:51:01 - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\STSTAdmin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

510.00 Mb Total Physical Memory | 62.00 Mb Available Physical Memory | 12.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 50.45 Gb Free Space | 67.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D9LJ2B1J
Current User Name: STSTAdmin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3057210460-89381336-1337293114-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5900:TCP" = 5900:TCP:*:Enabled:VNC
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CA\Unicenter\Service Desk\bin\pdm_ver.exe" = C:\Program Files\CA\Unicenter\Service Desk\bin\pdm_ver.exe:*:Enabled:pdm_ver -- File not found
"C:\Program Files\X-Lite\X-Lite.exe" = C:\Program Files\X-Lite\X-Lite.exe:*:Enabled:X-Lite -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1B9B7BA2-0C7A-4759-BACD-FADADE9E6694}" = Vimicro USB2.0 PC Camera(VC0323)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2C351DB8-E088-41A2-9BF0-113727FBB697}" = Intel® PROSet
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CDB180B-FF76-4371-9090-FCE5B9029677}" = FileOpen Plug-in for Adobe Acrobat® and Acrobat Reader®
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4876620D-206A-49CD-932B-9BFBED83D55D}" = Latvian (Apostrofs v0.3; komats)
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53E074FF-BA98-4839-8233-73BF868FE613}" = Latvian (Apostrofs v0.3; punkts tilde)
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{71A51A91-E7D3-11DB-A386-005056C00008}" = Canyon USB2.0 PC Camera
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CD7A451-7224-49C8-95EF-9A1859C66607}" = mZConfig
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6A0FD8A-F107-44CA-AA1B-49341936F76A}" = Canyon USB2.0 PC Camera
"{C98BBC25-490C-4F3F-81D8-5D12C11732DF}" = Panda Cloud Antivirus
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adventures of Robinson Crusoe" = Adventures of Robinson Crusoe (remove only)
"Alabama Smith in the Quest of Fate" = Alabama Smith in the Quest of Fate (remove only)
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"Arctic Quest 2" = Arctic Quest 2 (remove only)
"Around the World in 80 Days" = Around the World in 80 Days (remove only)
"Babylonia" = Babylonia (remove only)
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Belles Beauty Boutique" = Belles Beauty Boutique (remove only)
"Blood Ties" = Blood Ties (remove only)
"BookSmart® 2.5.1 2.5.1" = BookSmart® 2.5.1 2.5.1
"Burger Shop" = Burger Shop (remove only)
"Celtx (2.7)" = Celtx (2.7)
"Chocolatier" = Chocolatier (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
"Cooking Academy 2" = Cooking Academy 2 (remove only)
"Cradle Of Persia" = Cradle Of Persia (remove only)
"Cradle Of Rome" = Cradle Of Rome (remove only)
"Digital Editions" = Adobe Digital Editions
"Diner Dash: Flo on the Go" = Diner Dash: Flo on the Go (remove only)
"Dream Chronicles" = Dream Chronicles (remove only)
"Escape The Museum" = Escape The Museum (remove only)
"Fairy Godmother Tycoon" = Fairy Godmother Tycoon (remove only)
"Fashion Fits" = Fashion Fits (remove only)
"Fashionallia" = Fashionallia (remove only)
"Fitness Dash" = Fitness Dash (remove only)
"HijackThis" = HijackThis 2.0.2
"Hospital Hustle" = Hospital Hustle (remove only)
"iCare by Wild Ginger Software, Inc." = iCare by Wild Ginger Software, Inc.
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"iWinArcade" = iWin Games (remove only)
"Jessica's Cupcake Cafe" = Jessica's Cupcake Cafe (remove only)
"Jojo's Fashion Show 2: Las Cruces" = Jojo's Fashion Show 2: Las Cruces (remove only)
"JRE 1.3.1" = Java 2 Runtime Environment Standard Edition v1.3.1
"Little Shop: Memories" = Little Shop: Memories (remove only)
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Lost Fortunes" = Lost Fortunes (remove only)
"Lost Realms: Legacy of the Sun Princess" = Lost Realms: Legacy of the Sun Princess (remove only)
"Luxor 2" = Luxor 2 (remove only)
"Magic Academy" = Magic Academy (remove only)
"Magic Encyclopedia First Story" = Magic Encyclopedia First Story (remove only)
"Magician's Handbook 2: Blacklore" = Magician's Handbook 2: Blacklore (remove only)
"Mah Jong Quest" = Mah Jong Quest (remove only)
"Mah Jong Quest III" = Mah Jong Quest III (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Margrave Manor 2" = Margrave Manor 2 (remove only)
"Masters of Mystery: Blood of Betrayal" = Masters of Mystery: Blood of Betrayal (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Kingdom for the Princess" = My Kingdom for the Princess (remove only)
"Mysterious City: Vegas" = Mysterious City: Vegas (remove only)
"Mystery Legends: Sleepy Hollow" = Mystery Legends: Sleepy Hollow (remove only)
"Mystery Stories Island of Hope" = Mystery Stories Island of Hope (remove only)
"Mystery Stories: Berlin Nights" = Mystery Stories: Berlin Nights (remove only)
"National Geographic Presents Herod's Lost Tomb" = National Geographic Presents Herod's Lost Tomb (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pageant Princess" = Pageant Princess (remove only)
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"Pattern Master Boutique 4 Demo" = Pattern Master Boutique 4 Demo
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"Rise Of Atlantis" = Rise Of Atlantis (remove only)
"Saqqarah" = Saqqarah (remove only)
"Sponge Bob Diner Dash 2" = Sponge Bob Diner Dash 2 (remove only)
"StorYBook" = StorYBook
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Supermarket Management" = Supermarket Management (remove only)
"The Hidden Prophecies of Nostradamus" = The Hidden Prophecies of Nostradamus (remove only)
"The Nightshift Code" = The Nightshift Code (remove only)
"Treasures of Mystery Island" = Treasures of Mystery Island (remove only)
"Vampireville" = Vampireville (remove only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Vogue Tales" = Vogue Tales (remove only)
"Wedding Dash" = Wedding Dash (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Winemaker Extraordinaire" = Winemaker Extraordinaire (remove only)
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 18/06/2010 20:06:54 | Computer Name = D9LJ2B1J | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 18/06/2010 20:08:02 | Computer Name = D9LJ2B1J | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 18/06/2010 20:19:13 | Computer Name = D9LJ2B1J | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 SP1 Security Update for Windows
2000 and Windows XP (KB979906).

Error - 18/06/2010 20:53:19 | Computer Name = D9LJ2B1J | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 SP1 Security Update for Windows
2000 and Windows XP (KB979906).

Error - 19/06/2010 04:42:42 | Computer Name = D9LJ2B1J | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 SP1 Security Update for Windows
2000 and Windows XP (KB979906).

Error - 19/06/2010 16:56:21 | Computer Name = D9LJ2B1J | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 SP1 Security Update for Windows
2000 and Windows XP (KB979906).

Error - 19/06/2010 17:46:33 | Computer Name = D9LJ2B1J | Source = Service Control Manager | ID = 7024
Description = The Java Quick Starter service terminated with service-specific error
1 (0x1).

Error - 19/06/2010 17:46:40 | Computer Name = D9LJ2B1J | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 20/06/2010 09:22:41 | Computer Name = D9LJ2B1J | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 21/06/2010 07:13:49 | Computer Name = D9LJ2B1J | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >

I shall post the Malwarebytes scan in another post once it is done.

Thank you for your help.


#6 fluffybunney

fluffybunney
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 21 June 2010 - 08:15 AM

Here's the Malwarebytes log, it did find some things...


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4220

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/06/2010 16:12:52
mbam-log-2010-06-21 (16-12-52).txt

Scan type: Quick scan
Objects scanned: 157111
Time elapsed: 31 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41072-b2b1-21c1-b5c1-0305f4155515} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{9b71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{9d71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\.net clr (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:38 PM

Posted 21 June 2010 - 05:25 PM

Hello, fluffybunney.

I didn't mean to sound like I didn't believe you had malware, I just wanted to set the expectation that when you are clean you will still have multiple svchost.exe and iexplore.exe processes running. Sorry for the confusion! smile.gif







Viewpoint (foistware) Warning"

I see Viewpoint is installed on your machine. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to the Control Panel, then Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.







Step 1
  1. Please open Notepad.
  2. Copy and paste the text in the box below into Notepad, excluding the word code.
    CODE
    @echo off
    sc config wuauserv start= auto
    sc config bits start= auto
    sc config DcomLaunch start= auto
    net stop wuauserv
    net start wuauserv
    net stop bits
    net start bits
    net start DcomLaunch
    del %0

    This fix is custom made for this user's computer.
  3. Select File-->Save As
  4. Select File as Type: All Types (*.*)
  5. Save it to your desktop as fixme.bat
  6. Double-click fixme.bat on your desktop to run the fix.
  7. A window will briefly pop up then close.
Step 2


Try the update now for .NET...did it go through?





Step 3

Before we do this, please pull anything out of the recycle bin you want to save. This will clear temp files, including the recycle bin.

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (iWinTrusted)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O3 - HKU\S-1-5-21-3057210460-89381336-1337293114-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4ADE0CD0
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31D032DE
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AE39AFC
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F26FB2D
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDBC3765
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7E2DE81
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DBE30A1
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5D81BA1
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F10C2DA8
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEDA49F4
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33D788AB
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E3035E2
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0467BDF
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72739815
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22152041
    @Alternate Data Stream - 142 bytes -> C:\WINDOWS\SYSTEM32:,|ö§pctlsp.log
    @Alternate Data Stream - 142 bytes -> C:\WINDOWS\SYSTEM32:,|ö«pctlsp.log
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEB4D048
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F24AD862
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DCCD617
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AEB42F1
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:250A84D5
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E0E9645
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B76AB863
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D0C4F47
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:252B7D28
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C2A22D4
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA911BA0
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F71E822
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A27E0C5
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E6E20D4
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:127BB39D
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D97A9919
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDC1B76E
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1BFD26C
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0803A95E
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2337193
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3CB23B4
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD5AB506
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31614B4F
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E93E0ED
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3A1351B
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC94F18F
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB2BB17F
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:898109B4
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7DF1EF45
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A9CF5CA
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EA715B9
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35815A26
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE498D0C
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A014A28C
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F222B60
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D493D85
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26E44341
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF69206B
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E10BB58A
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D92981EA
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81AA7C39
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B2D6B94
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38D7EDFD
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:367F03D2
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17927369
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBFD4E6F
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94F0FAE0
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09B77012
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9D9AD33
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A477045F
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:290A724C
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB7C85A7
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA23AD9A
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C0CEDAF
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B215686
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B6FAF9
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFAF71E0
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A72132CC
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A61A6FCC
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DA18708
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5795E8B2
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAF6860A
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94260FE6
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36EEEDAC
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F662888F
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78B923B2
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25BA2318
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5F91AE1
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61EAC7DA
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FC57F99
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDF6588A
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6522EC1
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14224589
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF4CC666
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9700C55E
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:472EB08A
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08390D61
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4BE48F5
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE150BCA
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D371AB2
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6611AB82
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E53D1D0
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4B0D5C7
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:755BD5CD
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A6BF249
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE73AC4
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CEC0A38
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BAE765B
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0BE2307D
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA2A4FE5
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2DCEE0D
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F3F179
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A18FA397
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:748520A2
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E98B604F
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:990A1A4B
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E426A1F
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15606AA7
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B210DD3
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE53E4F7
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EE5C3ED
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30AF8E0D
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27B25A27
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23806346
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E1DD4C5
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:172EB9B5
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5070F1A6
    :Commands
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.
etavares

Edited by etavares, 21 June 2010 - 05:25 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 fluffybunney

fluffybunney
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 21 June 2010 - 09:04 PM

Hello,

I know that many svchost.exe priocesses run at the same time, it was just when I noticed unusually many iexplore and the incredible slowness of the internet that I began to worry about it, as it was not normal to me to have to wait for a mainly text based forum page like this, for example, to take ages(at least 2 minutes) to open.

As I am a poor student and this is my only computer and I have no funds to buy a new machine, I got really worried when I couldn't find what was wrong and the local computer techs quoted sums up to the tune of 100-300$ for a 'reformat' as there was 'nothing else that could be done'. But I had heard that there are way to remove the malware so I luckily found this forum.
After the 1st fix the windows update seemed fine..didn't show any 'not installed' warnings.

Here's the log of the OTL fix run, after reboot. I noticed that it has deleted iwin truste, it must be associated with iwin games. I always thought these were safe to run... is it not so? I don't play many games myself and I installed the iWin thing mainly because my younger brother loves to play some games when he comes to visit me so I thought it'd do no harm and would be safer than him getting downloads from more suspicious places.

Anyways, here's the log, sorry for the rambling

All processes killed
========== OTL ==========
Service iWinTrusted stopped successfully!
Service iWinTrusted deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_USERS\S-1-5-21-3057210460-89381336-1337293114-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4ADE0CD0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:31D032DE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2AE39AFC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1F26FB2D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BDBC3765 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B7E2DE81 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3DBE30A1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F5D81BA1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F10C2DA8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CEDA49F4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:33D788AB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1E3035E2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D0467BDF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:72739815 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:22152041 deleted successfully.
ADS C:\WINDOWS\SYSTEM32:,|ö§pctlsp.log deleted successfully.
ADS C:\WINDOWS\SYSTEM32:,|ö«pctlsp.log deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FEB4D048 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F24AD862 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2DCCD617 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2AEB42F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:250A84D5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0E0E9645 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B76AB863 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3D0C4F47 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:252B7D28 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0C2A22D4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FA911BA0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6F71E822 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2A27E0C5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1E6E20D4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:127BB39D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D97A9919 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CDC1B76E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B1BFD26C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0803A95E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F2337193 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C3CB23B4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AD5AB506 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:31614B4F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1E93E0ED deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C3A1351B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EC94F18F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DB2BB17F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:898109B4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7DF1EF45 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6A9CF5CA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3EA715B9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:35815A26 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AE498D0C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A014A28C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9F222B60 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0D493D85 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:26E44341 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EF69206B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E10BB58A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D92981EA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:81AA7C39 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4B2D6B94 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:38D7EDFD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:367F03D2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:17927369 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EBFD4E6F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:94F0FAE0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:09B77012 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C9D9AD33 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A477045F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:290A724C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FB7C85A7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DA23AD9A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9C0CEDAF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4B215686 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E7B6FAF9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BFAF71E0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A72132CC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A61A6FCC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6DA18708 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5795E8B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FAF6860A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:94260FE6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:36EEEDAC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F662888F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:78B923B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:25BA2318 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F5F91AE1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:61EAC7DA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0FC57F99 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EDF6588A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E6522EC1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:14224589 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AF4CC666 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9700C55E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:472EB08A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:08390D61 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D4BE48F5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AE150BCA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7D371AB2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6611AB82 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1E53D1D0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F4B0D5C7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:755BD5CD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2A6BF249 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8CE73AC4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4CEC0A38 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3BAE765B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0BE2307D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AA2A4FE5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D2DCEE0D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C7F3F179 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A18FA397 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:748520A2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E98B604F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:990A1A4B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2E426A1F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:15606AA7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B210DD3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FE53E4F7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6EE5C3ED deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:30AF8E0D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:27B25A27 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:23806346 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0E1DD4C5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:172EB9B5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5070F1A6 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33597 bytes

User: NetworkService
->Temp folder emptied: 315932 bytes
->Temporary Internet Files folder emptied: 33172 bytes

User: STSTAdmin
->Temp folder emptied: 749434232 bytes
->Temporary Internet Files folder emptied: 513877157 bytes
->Java cache emptied: 73060886 bytes
->FireFox cache emptied: 92650715 bytes
->Flash cache emptied: 235255 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53134511 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10482178 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 49032 bytes
RecycleBin emptied: 203 bytes

Total Files Cleaned = 1,424.00 mb


OTL by OldTimer - Version 3.2.6.1 log created on 06222010_040642

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Here's the second OTL log

OTL logfile created on: 22/06/2010 04:45:13 - Run 2
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\STSTAdmin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

510.00 Mb Total Physical Memory | 99.00 Mb Available Physical Memory | 19.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 52.12 Gb Free Space | 69.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D9LJ2B1J
Current User Name: STSTAdmin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/21 14:49:58 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\STSTAdmin\My Documents\Downloads\OTL.exe
PRC - [2010/04/01 21:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/30 18:29:56 | 000,136,448 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2009/10/30 18:29:01 | 000,361,728 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2009/02/06 19:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/11/14 15:50:46 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAP7501\PACTray.exe
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/29 18:27:30 | 000,143,360 | ---- | M] (Vimicro Corporation) -- C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
PRC - [2008/04/14 03:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
PRC - [2007/01/15 19:11:26 | 000,073,728 | ---- | M] (Microsoft) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
PRC - [2005/06/03 03:31:50 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/06/03 03:28:34 | 000,372,809 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/06/03 03:26:58 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2005/06/03 03:25:56 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/06/03 03:25:20 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/06/01 00:51:36 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2005/06/01 00:46:16 | 000,401,408 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/10/20 22:04:44 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2004/05/16 22:18:26 | 000,528,384 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2004/02/02 17:32:16 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2003/10/29 04:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/05/28 19:32:40 | 000,086,016 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
PRC - [2003/02/26 13:08:42 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe


========== Modules (SafeList) ==========

MOD - [2010/06/21 14:49:58 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\STSTAdmin\My Documents\Downloads\OTL.exe
MOD - [2008/04/14 03:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/10/30 18:29:56 | 000,136,448 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/01/15 19:11:26 | 000,073,728 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe -- (NetFxUpdate_v1.1.4322)
SRV - [2006/08/25 14:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/06/03 03:28:34 | 000,372,809 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2005/06/03 03:25:56 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2005/06/03 03:25:20 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2005/06/01 00:51:36 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2003/04/29 16:29:54 | 000,139,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2009/10/30 17:18:01 | 000,146,952 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PSINAflt.sys -- (PSINAflt)
DRV - [2009/10/13 16:50:55 | 000,101,512 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PSINProc.sys -- (PSINProc)
DRV - [2009/10/13 16:50:54 | 000,114,312 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PSINKNC.sys -- (PSINKNC)
DRV - [2009/10/13 16:50:54 | 000,095,880 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PSINFile.sys -- (PSINFile)
DRV - [2008/12/05 18:42:02 | 000,580,992 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\GUCI_AVS.sys -- (GUCI_AVS)
DRV - [2008/08/29 16:29:44 | 000,256,512 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\VMUVC.sys -- (VMUVC)
DRV - [2008/07/01 12:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\vvftUVC.sys -- (vvftUVC)
DRV - [2008/04/13 21:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 21:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/18 07:06:36 | 000,260,608 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbvm323.sys -- (ZSMC326) Vimicro USB2.0 PC Camera(VC0323)
DRV - [2007/09/21 06:35:08 | 000,420,480 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\vmfilter323.sys -- (vmfilter323)
DRV - [2005/05/03 17:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 17:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 17:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/03 09:03:54 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\s24trans.sys -- (s24trans)
DRV - [2005/04/30 18:01:56 | 003,281,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\w29n51.sys -- (w29n51) Intel®
DRV - [2004/11/15 17:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/10/20 22:04:46 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys -- (ASCTRM)
DRV - [2004/08/12 10:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\iwca.sys -- (IWCA)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/06/17 18:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/15 03:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/03/15 03:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/03/15 03:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/03/15 03:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/03/15 03:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/03/15 03:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/03/15 03:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/03/15 03:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/03/15 03:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/02/27 04:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/02/13 13:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2004/02/13 05:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/01/14 21:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/01/14 21:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/01/13 04:41:46 | 002,482,176 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w70n51.sys -- (w70n51) Intel®
DRV - [2003/10/27 22:42:36 | 000,033,847 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wa301b.sys -- ({E2B953A7-195A-44F9-9BA3-3D5F4E32BB55})
DRV - [2003/10/27 22:42:36 | 000,033,847 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wa301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55})
DRV - [2003/08/29 07:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/08/21 21:25:52 | 000,094,600 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/05/01 16:26:34 | 000,005,220 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CVirtA.sys -- (CVirtA)
DRV - [2002/11/22 22:01:26 | 000,020,096 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\iqvw32.sys -- (NAL)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3057210460-89381336-1337293114-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-21-3057210460-89381336-1337293114-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3057210460-89381336-1337293114-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/20 01:36:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/20 02:12:00 | 000,000,000 | ---D | M]

[2010/06/20 01:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Mozilla\Extensions
[2010/06/22 02:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STSTAdmin\Application Data\Mozilla\Firefox\Profiles\66tr7sng.default\extensions
[2010/06/20 03:06:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\STSTAdmin\Application Data\Mozilla\Firefox\Profiles\66tr7sng.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/22 02:15:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/20 02:12:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/20 02:11:15 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 19:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 19:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 19:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 19:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/19 23:50:13 | 000,408,427 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14125 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [GUCI_AVS] C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [PACTray] C:\WINDOWS\PixArt\PAP7501\PACTray.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe File not found
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3057210460-89381336-1337293114-1005..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3057210460-89381336-1337293114-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1247247311580 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1247247283740 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.3.1/jinstall-...indows-i586.cab (Java Plug-in 1.3.1)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.232.169.11 195.122.12.241
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\STSTAdmin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\STSTAdmin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/22 04:06:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/20 23:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\Desktop\Software
[2010/06/20 02:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\My Documents\Downloads
[2010/06/20 02:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/06/20 02:12:00 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/20 02:12:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/20 02:12:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/20 02:12:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/20 02:12:00 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/20 02:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/06/20 01:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\Local Settings\Application Data\Mozilla
[2010/06/20 01:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\Application Data\Mozilla
[2010/06/20 01:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/20 01:05:34 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/20 00:38:10 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/19 22:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/19 22:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/12 15:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\Application Data\Awem
[2010/06/12 15:05:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Romance of Rome
[2010/06/09 14:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\Application Data\Leadertech
[2010/06/09 14:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2010/06/08 18:39:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/06/08 17:36:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2010/06/06 13:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\TheJollyGangsSpookyAdventure
[2010/05/30 19:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\Application Data\SevenSails
[2010/05/29 12:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STSTAdmin\Desktop\All Pics
[12 C:\Documents and Settings\STSTAdmin\My Documents\*.tmp files -> C:\Documents and Settings\STSTAdmin\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/22 04:49:25 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{64FA5243-C6D3-40E3-B5A9-93015E13F887}.job
[2010/06/22 04:28:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/06/22 04:28:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/22 04:28:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/06/22 04:26:36 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\ntuser.dat
[2010/06/22 04:26:20 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\STSTAdmin\NTUSER.INI
[2010/06/22 03:52:32 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\made to order.doc
[2010/06/22 03:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/06/21 21:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/06/21 15:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/06/20 16:22:06 | 000,314,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/20 02:24:39 | 000,957,250 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\EN_BeeAtHome_v5.pdf
[2010/06/20 02:11:14 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/20 02:11:14 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/20 02:11:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/20 02:11:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/20 02:11:14 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/20 01:52:53 | 000,001,118 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/06/20 01:50:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/20 01:48:13 | 002,005,162 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/06/20 01:35:18 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/20 01:35:18 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/20 01:29:12 | 000,547,136 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/20 01:29:12 | 000,473,042 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/06/20 01:29:12 | 000,084,436 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/06/19 23:50:13 | 000,408,427 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/06/19 15:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/19 09:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/06/18 19:43:32 | 063,176,580 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\whenyoumarry00duvarich.pdf
[2010/06/13 21:30:58 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\annot.doc
[2010/06/12 14:25:36 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\~$de to order.doc
[2010/06/11 04:35:29 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\bad romance.doc
[2010/06/11 03:32:17 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\candy filk.doc
[2010/06/07 00:56:08 | 000,218,624 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\beauty and beast.doc
[2010/06/01 02:39:10 | 000,102,912 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\naughty dramione.doc
[2010/05/31 00:15:42 | 001,809,632 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\1Sweet_SlipperPDF.pdf
[2010/05/30 03:38:26 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\grandmas socks.doc
[2010/05/28 15:59:29 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\Uznemsanas_noteikumi_2010.doc
[2010/05/28 14:42:15 | 000,774,656 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\ProfBakVokal.doc
[2010/05/28 06:31:33 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\nostalgia.doc
[2010/05/26 06:22:04 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\Viktor and Hermione.doc
[2010/05/25 04:47:52 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\Charlie for sourpuss.doc
[2010/05/24 06:18:41 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\STSTAdmin\My Documents\candy draco pov.doc
[12 C:\Documents and Settings\STSTAdmin\My Documents\*.tmp files -> C:\Documents and Settings\STSTAdmin\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/20 02:24:39 | 000,957,250 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\EN_BeeAtHome_v5.pdf
[2010/06/20 01:35:18 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/20 01:35:18 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/18 19:42:43 | 063,176,580 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\whenyoumarry00duvarich.pdf
[2010/06/13 21:30:58 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\annot.doc
[2010/06/12 14:25:34 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\~$de to order.doc
[2010/06/10 23:29:40 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\candy filk.doc
[2010/06/08 21:44:36 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\made to order.doc
[2010/05/31 00:15:28 | 001,809,632 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\1Sweet_SlipperPDF.pdf
[2010/05/28 15:59:27 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\Uznemsanas_noteikumi_2010.doc
[2010/05/28 14:42:05 | 000,774,656 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\ProfBakVokal.doc
[2010/05/27 09:00:19 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\nostalgia.doc
[2010/05/26 06:22:04 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\Viktor and Hermione.doc
[2010/05/25 04:11:11 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\Charlie for sourpuss.doc
[2010/05/24 06:18:41 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\STSTAdmin\My Documents\candy draco pov.doc
[2010/02/18 20:23:21 | 000,002,057 | ---- | C] () -- C:\WINDOWS\System32\GUCI_AVS.ini
[2009/11/19 03:19:02 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/11/19 03:19:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/11/19 03:19:01 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2009/11/19 03:19:01 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/09/28 20:27:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SelSet.INI
[2006/10/02 12:35:36 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2005/10/04 17:37:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2005/10/04 15:38:58 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2005/03/07 13:57:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pdmConf.INI
[2004/11/01 13:01:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/01 13:01:16 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2004/11/01 13:01:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2004/11/01 12:14:20 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/10/20 22:08:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/20 21:58:47 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/10/20 21:31:28 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/17 19:03:56 | 000,139,280 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2004/08/11 19:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 07:00:00 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/03/26 18:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/23 04:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 02:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
< End of report >



I have a few questions:
1)Why do Ad-aware processes show up in the reports? I uninstalled said software long ago as it slowed down my computer so much that it was intolerable and it seemed before that all traces of that are gone.

2)I have had Malwarebytes Antimalware installed before today, and I think I got the same results as today in a scan on the 9th June this year as today here's the 9th june result
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41072-b2b1-21c1-b5c1-0305f4155515} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{9b71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{9d71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\.net clr (Malware.Trace) -> Quarantined and deleted successfully.

Yesterday's result, as taken from log posted above

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41072-b2b1-21c1-b5c1-0305f4155515} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{9b71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{9d71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\.net clr (Malware.Trace) -> Quarantined and deleted successfully.

That's why I worry whether they will return again, even after these fixes? and it seems that the infected registry value has/had something to do with svchost in a way, could it have cause the mass of extra svchost.exes going?

Thank you for your help, etavares!

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:38 PM

Posted 23 June 2010 - 05:44 PM

Hello, fluffybunney.

The iWin games are adware. Nothing too malicious that I'm aware of, although most scanners will detect and remove it. The games likely show ads? I only removed an orphaned component, not the file, but a leftover entry..potentially from an incomplete install/uninstall. Your games should still play.

Here's a link showing how it's detected and why by a common security software program.
http://threatinfo.trendmicro.com/vinfo/gra...me=ADW_FUNWEB.B


Let's bring out a more powerful program. This may remove iWin, though, so you may need to reinstall when we are done.


Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as fluffybunneyCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on fluffybunneyCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 fluffybunney

fluffybunney
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 24 June 2010 - 07:46 PM

Hello. I ran the Combofix as instructed and here is the log. I don't know how to interpret the log, but the computer seems to be running just fine.
The iwin games work, yes they have like ad breaks, with ads usually for stuff like classmates com etc but they disappear after 20 seconds. I just thought it would be a safer alternative than letting my brother download games from unknown/unsafe origin, as iwin wants to sell the games, so they might not be as dangerous...





ComboFix 10-06-23.05 - STSTAdmin 24/06/2010 20:47:17.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.510.297 [GMT 3:00]
Running from: c:\documents and settings\STSTAdmin\Desktop\fluffybunneyCF.exe
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\iWin Games\iWinGamesHookIE.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_.NET_CLR


((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))
.

2010-06-22 01:06 . 2010-06-22 01:06 -------- d-----w- C:\_OTL
2010-06-19 23:12 . 2010-06-19 23:12 -------- d-----w- c:\program files\Common Files\Java
2010-06-19 23:12 . 2010-06-19 23:12 503808 ----a-w- c:\documents and settings\STSTAdmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-58d6e268-n\msvcp71.dll
2010-06-19 23:12 . 2010-06-19 23:12 499712 ----a-w- c:\documents and settings\STSTAdmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-58d6e268-n\jmc.dll
2010-06-19 23:12 . 2010-06-19 23:12 348160 ----a-w- c:\documents and settings\STSTAdmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-58d6e268-n\msvcr71.dll
2010-06-19 23:12 . 2010-06-19 23:12 61440 ----a-w- c:\documents and settings\STSTAdmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5d17be05-n\decora-sse.dll
2010-06-19 23:12 . 2010-06-19 23:12 12800 ----a-w- c:\documents and settings\STSTAdmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5d17be05-n\decora-d3d.dll
2010-06-19 23:12 . 2010-06-19 23:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-19 23:11 . 2010-06-19 23:11 -------- d-----w- c:\program files\Java
2010-06-19 22:36 . 2010-06-19 22:36 -------- d-----w- c:\documents and settings\STSTAdmin\Local Settings\Application Data\Mozilla
2010-06-19 22:05 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-19 21:44 . 2010-06-19 21:44 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-19 19:34 . 2010-06-19 21:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-19 19:34 . 2010-06-19 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-12 12:05 . 2010-06-12 12:05 -------- d-----w- c:\documents and settings\STSTAdmin\Application Data\Awem
2010-06-09 11:28 . 2010-06-09 11:28 -------- d-----w- c:\documents and settings\STSTAdmin\Application Data\Leadertech
2010-06-09 11:13 . 2010-06-19 21:37 -------- d-----w- c:\program files\Cobian Backup 10
2010-06-08 15:39 . 2010-06-19 21:41 -------- d-----w- c:\windows\BDOSCAN8
2010-06-08 14:36 . 2010-06-08 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Cateia Games
2010-05-30 16:14 . 2010-05-30 16:14 -------- d-----w- c:\documents and settings\STSTAdmin\Application Data\SevenSails

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 17:53 . 2009-07-18 22:33 -------- d-----w- c:\program files\iWin Games
2010-06-23 15:03 . 2009-07-19 00:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-22 01:02 . 2009-07-18 22:52 -------- d-----w- c:\program files\iWin.com
2010-06-22 00:58 . 2009-11-11 12:38 -------- d-----w- c:\program files\Vimicro Corporation
2010-06-22 00:58 . 2004-10-20 18:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-21 12:39 . 2009-11-19 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-19 22:39 . 2010-04-26 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-06-19 21:43 . 2010-05-13 00:51 -------- d-----w- c:\program files\Java(2)
2010-06-19 21:43 . 2010-05-13 00:52 -------- d-----w- c:\program files\Common Files\Java(2)
2010-06-19 21:37 . 2004-11-01 09:11 -------- d-----w- c:\documents and settings\STSTAdmin\Application Data\Sonic
2010-06-06 10:38 . 2009-07-19 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze
2010-05-06 23:46 . 2009-07-18 23:39 1 ----a-w- c:\documents and settings\STSTAdmin\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-06 10:41 . 2004-08-04 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 04:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 12:20 . 2009-07-26 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-29 12:39 . 2009-11-19 17:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 12:39 . 2009-11-19 17:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 09:15 . 2010-04-27 09:15 -------- d-----w- c:\program files\Celtx
2010-04-26 21:46 . 2010-04-26 21:44 -------- d-----w- c:\documents and settings\STSTAdmin\Application Data\Yahoo!
2010-04-26 21:44 . 2010-04-26 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-04-26 21:44 . 2010-04-26 21:25 -------- d-----w- c:\program files\Yahoo!
2010-04-20 05:30 . 2004-08-04 04:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30 . 2004-08-04 04:00 285696 ----a-w- c:\windows\system32\atmfd(2).dll
2010-03-30 21:16 . 2010-03-30 21:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-30 21:10 . 2010-03-30 21:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2009-11-02 07:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Pending Delete Icon]
@="{0847B599-9191-4A27-BD61-DE11598D3B1B}"
[HKEY_CLASSES_ROOT\CLSID\{0847B599-9191-4A27-BD61-DE11598D3B1B}]
2009-11-02 07:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2009-11-02 07:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-02-02 155648]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-05-16 528384]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-10-20 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-10-20 98304]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 401408]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 385024]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2009-10-30 361728]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-08-29 143360]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 323584]
"PACTray"="c:\windows\PixArt\PAP7501\PACTray.exe" [2008-11-14 319488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-10-20 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-05-31 21:46 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:VNC

R1 PSINKNC;PSINKNC;c:\windows\SYSTEM32\DRIVERS\PSINKNC.sys [13/10/2009 16:50 114312]
R2 NanoServiceMain;NanoServiceMain;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [30/10/2009 18:29 136448]
R2 PSINAflt;PSINAflt;c:\windows\SYSTEM32\DRIVERS\PSINAflt.sys [30/10/2009 17:18 146952]
R2 PSINFile;PSINFile;c:\windows\SYSTEM32\DRIVERS\PSINFile.sys [13/10/2009 16:50 95880]
R2 PSINProc;PSINProc;c:\windows\SYSTEM32\DRIVERS\PSINProc.sys [13/10/2009 16:50 101512]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;c:\windows\SYSTEM32\DRIVERS\wa301b.sys [01/01/1980 02:00 33847]
S3 GUCI_AVS;Canyon USB2.0 PC Camera;c:\windows\SYSTEM32\DRIVERS\GUCI_AVS.sys [18/02/2010 20:23 580992]
S3 vmfilter323;323 filter service, Normal;c:\windows\SYSTEM32\DRIVERS\vmfilter323.sys [21/09/2007 06:35 420480]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\SYSTEM32\DRIVERS\VMUVC.sys [16/11/2009 15:27 256512]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\SYSTEM32\DRIVERS\vvftUVC.sys [16/11/2009 15:27 398720]
S3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);c:\windows\SYSTEM32\DRIVERS\usbvm323.sys [18/02/2008 07:06 260608]
.
Contents of the 'Scheduled Tasks' folder

2004-11-01 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-04 00:12]

2010-06-24 c:\windows\Tasks\User_Feed_Synchronization-{64FA5243-C6D3-40E3-B5A9-93015E13F887}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\documents and settings\STSTAdmin\Application Data\Mozilla\Firefox\Profiles\66tr7sng.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCMService - c:\program files\Dell\Media Experience\PCMService.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-24 20:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1212)
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(2268)
c:\windows\system32\WININET.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\BCMSMMSG.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\Apntex.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
.
**************************************************************************
.
Completion time: 2010-06-24 21:04:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-24 18:04

Pre-Run: 55,481,737,216 bytes free
Post-Run: 55,394,353,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4FE388F7BA2DFAF6A601A20676C2DC00


Again, thank you for your help.


#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:38 PM

Posted 26 June 2010 - 06:19 AM

Hello, fluffybunney.

The iWin games aren't bad. Security companies classify them as adware since they deliver ads to your computer. You can keep using them, but any tools we use will likely remove them and you may need to reinstall when we're done. I wouldn't call them dangerous at all. Combofix also caught a leftover entry related to what MBAM picked up. Are you still getting detections with MBAM?




Step 1

Update your definitions and run MBAM and post the resulting log here.



Step 2

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:38 PM

Posted 29 June 2010 - 09:09 PM

Hello there. smile.gif

I'm Extremeboy (or EB for short) and I will continue to help your log here.

Etavares as mentioned in his Signature that he will be away from the 1st of July to the 11th and so I will help him take over for the time being.

--
Please follow instructions as mentioned in his last post and follow me up with any updates etc... and we will continue from there. If you have any questions etc... feel free to ask.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 fluffybunney

fluffybunney
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 29 June 2010 - 10:14 PM

Hello, EB

I did the ESETonline scan and it didn't find anything and idn't offer to export a log. Is it normal for it to not produce a log?

I've also done an MBAM scan and it also came out clear. I will do another MBAM scan tomorrow.

Is there anything else I can do?



#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:38 PM

Posted 01 July 2010 - 09:32 AM

Hello.

That should be good. Let's just take another look at your system to make sure everything is clear.

Take a new DDS run and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 fluffybunney

fluffybunney
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 07 July 2010 - 05:59 AM

Hello.

Sorry for the delay, I was away to a family function and didn't take my computer with me.

I did the DDS scan here it is

DDS (Ver_10-03-17.01) - NTFSx86
Run by STSTAdmin at 13:42:32.82 on 07/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.510.134 [GMT 3:00]

AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
C:\WINDOWS\PixArt\PAP7501\PACTray.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\STSTAdmin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IntelZeroConfig] c:\program files\intel\wireless\bin\ZCfgSvc.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [GUCI_AVS] c:\windows\pixart\pap7501\GUCI_AVS.exe
mRun: [PACTray] c:\windows\pixart\pap7501\PACTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247247311580
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247247283740
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.3.1/jinstall-1_3_1-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ststad~1\applic~1\mozilla\firefox\profiles\66tr7sng.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-5-4 129928]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-4-30 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-4-30 97032]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-4-30 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-5-12 110920]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;c:\windows\system32\drivers\wa301b.sys [1980-1-1 33847]
S3 GUCI_AVS;Canyon USB2.0 PC Camera;c:\windows\system32\drivers\GUCI_AVS.sys [2010-2-18 580992]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2007-9-21 420480]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2009-11-16 256512]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2009-11-16 398720]
S3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\usbvm323.sys [2008-2-18 260608]

=============== Created Last 30 ================

2010-07-05 01:00:16 0 d-----w- C:\WGWildThings
2010-06-26 13:17:08 0 d-----w- c:\program files\ESET
2010-06-26 06:37:05 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2010-06-26 06:35:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Panda Security
2010-06-24 17:43:19 0 d-sha-r- C:\cmdcons
2010-06-24 17:39:37 98816 ----a-w- c:\windows\sed.exe
2010-06-24 17:39:37 77312 ----a-w- c:\windows\MBR.exe
2010-06-24 17:39:37 256512 ----a-w- c:\windows\PEV.exe
2010-06-24 17:39:37 161792 ----a-w- c:\windows\SWREG.exe
2010-06-22 01:06:42 0 d-----w- C:\_OTL
2010-06-19 23:12:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-19 23:12:00 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-19 22:05:34 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-19 21:44:17 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-19 19:34:00 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-19 19:34:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-12 12:05:49 0 d-----w- c:\docume~1\ststad~1\applic~1\Awem
2010-06-09 11:13:40 0 d-----w- c:\program files\Cobian Backup 10
2010-06-08 14:36:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Cateia Games

==================== Find3M ====================

2010-05-27 15:39:32 141384 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2010-05-12 07:58:12 110920 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd(2).dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2008-11-10 13:43:00 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111020081111\index.dat

============= FINISH: 13:43:26.46 ===============
Also I have attached the attach log. I've switched from Internet explorer to Firefox as it seems to be less harsh on the CPU load. Is there anything else I can do? Thank you for your help. It's really appreciated.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users