Author Topic: I'm really, really lost.... (Read 37275 times)

trekkie · « **on:** December 04, 2010, 01:57:35 PM »

Hi, I got referred here by Allan after telling him my problem on this topic:
http://www.computerhope.com/forum/index.php/topic,113295.0.html

Unfortunately, the post he directed me to just confused me. Do I start downloading things now or do I wait for a helper to reply?

Allan · « **Reply #1 on:** December 04, 2010, 01:59:33 PM »

You should follow the steps and post your logs, after which a malware specialist will step in.

trekkie · « **Reply #2 on:** December 05, 2010, 08:23:45 AM »

First of all, thank you again, Allan! You made things a lot clearer. Now, to the steps:

Step 1: I've noticed that a program called Registry Mechanic just appeared out of nowhere. There's an icon on the Desktop, too. It hasn't put up any annoying popups yet. Original problem is still there, though. I don't see anything else unfamiliar.

Step 2: Went without a hitch. 919 MB removed!

The things that accumulate on a computer.... Oh yeah! I nearly forgot - I stopped CCleaner from getting rid of the memory dumps, just in case we need them later (read the XP thread if you're confused as to why - link's on the first post). So, no heart attacks!

Step 3: Took an hour, but it did it. Nothing out of the ordinary happened. Here's the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/05/2010 at 01:34 PM

Application Version : 4.46.1000

Core Rules Database Version : 5954
Trace Rules Database Version: 3766

Scan type : Complete Scan
Total Scan Time : 01:07:02

Memory items scanned : 546
Memory threats detected : 0
Registry items scanned : 6425
Registry threats detected : 4
File items scanned : 68403
File threats detected : 3

Adware.Tracking Cookie
   C:\Documents and Settings\Anna McManus\Cookies\anna_mcmanus@tribalfusion[1].txt
   C:\Documents and Settings\Anna McManus\Cookies\anna_mcmanus@doubleclick[1].txt

Malware.Trace
   HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Disabled.SecurityCenterOption
   HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
   HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
   HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

Adware.Vundo/Variant-MSFake
   C:\PROGRAM FILES\1BY1 AUDIO PLAYER\WMAUDSDK.DLL

Step 4: It went really quickly. Didn't find anything, though. You'll want the log anyways, so here you go:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5248

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05/12/2010 14:40:26
mbam-log-2010-12-05 (14-40-26).txt

Scan type: Quick scan
Objects scanned: 148510
Time elapsed: 5 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Step 5: I have the latest Java version.

Step 6: Went OK. By the way, I've noticed that SAS, mbam and HJT have been looking around in critical files (system.ini, for example) and it's making my firewall (Outpost) a bit jumpy (i.e. warning me a lot about what they're doing). I'm assuming this is normal and OK? Anyways, here's the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:51:55, on 05/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\GM4IE\GM4IE.exe
C:\Documents and Settings\Anna McManus\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\sniper\Trend Micro\sniper\sniper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/webhp?rls=ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ie/
R3 - URLSearchHook: TV Bar 1.1 Toolbar - {a386d4b0-fddb-4e1c-ae61-4f014013cd9b} - C:\Program Files\TV_Bar_1.1\tbTV_1.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: AutoLogin - {598B818E-71F1-486E-A0BE-9952B5851367} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TV Bar 1.1 Toolbar - {a386d4b0-fddb-4e1c-ae61-4f014013cd9b} - C:\Program Files\TV_Bar_1.1\tbTV_1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AutoLogin - {598B818E-71F1-486E-A0BE-9952B5851367} - (no file)
O3 - Toolbar: TV Bar 1.1 Toolbar - {a386d4b0-fddb-4e1c-ae61-4f014013cd9b} - C:\Program Files\TV_Bar_1.1\tbTV_1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Anna McManus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GM4IE] C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\GM4IE\GM4IE.exe
O4 - HKCU\..\Run: [Steam] "C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AutoLogin - {6CE08A84-B3F9-422a-B133-60275F605AF4} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AutoLogin - {6CE08A84-B3F9-422a-B133-60275F605AF4} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {444785F1-DE89-4295-863A-D46C3A781394} (UnityWebPlayer Control) - http://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262022016343
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2094D3C8-9017-48C6-9813-BCFE09227041}: NameServer = 89.101.160.4,89.101.160.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{2094D3C8-9017-48C6-9813-BCFE09227041}: NameServer = 89.101.160.4,89.101.160.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{2094D3C8-9017-48C6-9813-BCFE09227041}: NameServer = 89.101.160.4,89.101.160.5
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1ca8fbae50c76ae) (gupdate1ca8fbae50c76ae) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11983 bytes

At log - I mean, at long last! I thought I'd never finish this! How you could possibly make sense of all that...!

One last thing (or this post will never end!) - my original problem hasn't bugged me for a while. Of course, that doesn't mean it's gone, but still... a ray of hope, eh?

And now, the potentially long wait..........................

SuperDave · « **Reply #3 on:** December 06, 2010, 01:05:48 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
******************************************
P2P - I see you have P2P software installed on your machine (uTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
**********************************************

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

***********************************************
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
Registry Mechanic
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
***********************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: AutoLogin - {598B818E-71F1-486E-A0BE-9952B5851367} - (no file)
O3 - Toolbar: AutoLogin - {598B818E-71F1-486E-A0BE-9952B5851367} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
***********************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

trekkie · « **Reply #4 on:** April 21, 2011, 04:38:48 AM »

Sorry I took so long to get back to you-it took ComboFix this long to wrap up. ....OK, I am joking, I just completely forgot about it. Anyways...

Security Check Log:

Results of screen317's Security Check version 0.99.10
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Outpost Security Suite 7.1.1
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 24
Adobe Flash Player    10.2.153.1
Mozilla Firefox (x86 en-GB..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

ComboFix Log:

ComboFix 11-04-20.03 - Anna McManus 21/04/2011 9:53:12.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.353.1033.18.1022.777 [GMT 1:00]
Running from: C:\Documents and Settings\Anna McManus\desktop\commy.exe
Command switches used :: /stepdel
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Outpost Security Suite Pro *Disabled/Updated* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FW: Outpost Security Suite Pro *Enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Anna McManus\Application Data\PriceGong
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\1.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\a.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\b.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\c.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\d.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\e.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\f.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\g.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\h.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\i.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\J.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\k.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\l.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\m.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\mru.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\n.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\o.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\p.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\q.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\r.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\s.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\t.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\u.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\v.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\w.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\x.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\y.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\z.xml
C:\Documents and Settings\Anna McManus\Start Menu\Programs\Uninstall.lnk
C:\WINDOWS\jestertb.dll
C:\WINDOWS\system32\arp.exe
C:\WINDOWS\system32\SCardSvr.exe
C:\WINDOWS\system32\setup.exe

((((((((((((((((((((((((( Files Created from 2011-03-21 to 2011-04-21 )))))))))))))))))))))))))))))))

2011-04-19 20:05:02 . 2011-04-19 20:05:02   63115   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-04-19 20:05:02 . 2011-04-19 20:05:02   4599   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-04-19 20:05:01 . 2011-04-19 20:05:01   9310   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-04-19 20:05:01 . 2011-04-19 20:05:01   8646   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-04-19 20:05:01 . 2011-04-19 20:05:01   6429   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-04-19 20:05:01 . 2011-04-19 20:05:01   5927   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-04-19 20:05:00 . 2011-04-19 20:05:00   8613   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-04-19 20:05:00 . 2011-04-19 20:05:00   1651   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-04-19 20:04:58 . 2011-04-19 20:04:58   6910   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-04-19 20:04:56 . 2011-04-19 20:04:56   8288   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-04-19 20:04:56 . 2011-04-19 20:04:56   6208   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-04-19 20:04:56 . 2011-04-19 20:04:56   18541   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-04-19 20:04:49 . 2011-04-19 20:04:50   51852   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-04-19 20:04:48 . 2011-04-19 20:04:48   20719   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-04-19 20:04:47 . 2011-04-19 20:04:48   23327   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-04-19 20:04:47 . 2011-04-19 20:04:47   8782   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-04-19 20:04:47 . 2011-04-19 20:04:47   7271   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-04-19 19:49:33 . 2011-02-02 16:04:22   242040   ----a-w-   C:\WINDOWS\system32\drivers\VBEngNT.sys
2011-04-19 19:49:32 . 2011-03-21 15:27:58   708760   ----a-w-   C:\WINDOWS\system32\drivers\SandBox.sys
2011-04-19 19:49:14 . 2010-09-27 14:40:28   267624   ----a-w-   C:\WINDOWS\system32\drivers\afwcore.sys
2011-04-19 19:48:20 . 2010-04-20 15:05:16   34280   ----a-w-   C:\WINDOWS\system32\drivers\afw.sys
2011-04-19 19:48:01 . 2011-04-20 09:00:25   --------   d-----w-   C:\WINDOWS\system32\Filt
2011-04-19 19:48:01 . 2011-04-19 19:48:01   --------   d-----w-   C:\Program Files\Agnitum
2011-04-19 19:48:01 . 2011-04-19 19:48:01   --------   d-----w-   C:\Documents and Settings\Anna McManus\Application Data\Agnitum
2011-04-16 19:21:54 . 2011-04-16 19:21:54   --------   d-----w-   C:\Documents and Settings\Anna McManus\Local Settings\Application Data\Opera
2011-04-15 15:52:13 . 2011-04-15 15:52:13   --------   d-----w-   C:\Documents and Settings\Anna McManus\Local Settings\Application Data\PCHealth
2011-03-23 15:17:20 . 2011-03-18 17:57:02   142296   ----a-w-   C:\Program Files\Mozilla Firefox\components\browsercomps.dll
2011-03-23 15:17:19 . 2011-03-18 17:57:02   781272   ----a-w-   C:\Program Files\Mozilla Firefox\mozsqlite3.dll
2011-03-23 15:17:19 . 2011-03-18 17:57:02   1874904   ----a-w-   C:\Program Files\Mozilla Firefox\mozjs.dll
2011-03-23 15:17:19 . 2011-03-18 17:57:02   15832   ----a-w-   C:\Program Files\Mozilla Firefox\mozalloc.dll
2011-03-23 15:17:18 . 2011-03-18 17:57:02   728024   ----a-w-   C:\Program Files\Mozilla Firefox\libGLESv2.dll
2011-03-23 15:17:18 . 2011-03-18 17:57:02   1975768   ----a-w-   C:\Program Files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-23 15:17:18 . 2011-03-18 17:57:02   1893336   ----a-w-   C:\Program Files\Mozilla Firefox\d3dx9_42.dll
2011-03-23 15:17:18 . 2011-03-18 17:57:02   142296   ----a-w-   C:\Program Files\Mozilla Firefox\libEGL.dll
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-03-16 11:30:20 . 2010-11-06 19:20:43   137656   ----a-w-   C:\WINDOWS\system32\drivers\avipbb.sys
2011-03-14 16:04:00 . 2011-03-14 16:04:00   0   ----a-w-   C:\WINDOWS\system32\ConduitEngine.tmp
2011-03-07 05:33:50 . 2009-12-15 10:35:32   692736   ----a-w-   C:\WINDOWS\system32\inetcomm.dll
2011-03-04 06:37:06 . 2008-04-14 04:42:10   420864   ----a-w-   C:\WINDOWS\system32\vbscript.dll
2011-03-03 13:21:11 . 2008-04-14 00:00:12   1857920   ----a-w-   C:\WINDOWS\system32\win32k.sys
2011-02-22 23:06:29 . 2008-04-14 04:42:42   1469440   ------w-   C:\WINDOWS\system32\inetcpl.cpl
2011-02-22 23:06:29 . 2008-04-14 04:42:10   916480   ----a-w-   C:\WINDOWS\system32\wininet.dll
2011-02-22 23:06:29 . 2008-04-14 04:41:58   43520   ----a-w-   C:\WINDOWS\system32\licmgr10.dll
2011-02-22 11:41:59 . 2008-04-13 23:07:10   385024   ----a-w-   C:\WINDOWS\system32\html.iec
2011-02-17 13:18:24 . 2008-04-13 23:47:02   455936   ----a-w-   C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-02-17 13:18:03 . 2008-04-13 23:45:12   357888   ----a-w-   C:\WINDOWS\system32\drivers\srv.sys
2011-02-17 12:32:12 . 2009-12-15 15:41:07   5120   ----a-w-   C:\WINDOWS\system32\xpsp4res.dll
2011-02-15 12:56:39 . 2008-04-14 04:39:02   290432   ----a-w-   C:\WINDOWS\system32\atmfd.dll
2011-02-09 13:53:52 . 2008-04-14 04:42:06   270848   ----a-w-   C:\WINDOWS\system32\sbe.dll
2011-02-09 13:53:52 . 2008-04-14 04:41:54   186880   ----a-w-   C:\WINDOWS\system32\encdec.dll
2011-02-08 13:33:55 . 2008-04-14 04:41:58   978944   ----a-w-   C:\WINDOWS\system32\mfc42.dll
2011-02-08 13:33:55 . 2007-04-03 07:44:48   974848   ----a-w-   C:\WINDOWS\system32\mfc42u.dll
2011-02-02 21:40:23 . 2010-04-23 14:45:59   472808   ----a-w-   C:\WINDOWS\system32\deployJava1.dll
2011-02-02 19:19:39 . 2010-04-09 15:30:30   73728   ----a-w-   C:\WINDOWS\system32\javacpl.cpl
2011-02-02 07:58:35 . 2009-12-15 10:33:54   2067456   ----a-w-   C:\WINDOWS\system32\mstscax.dll
2011-01-27 11:57:06 . 2009-12-15 10:33:54   677888   ----a-w-   C:\WINDOWS\system32\mstsc.exe
2011-01-21 14:44:37 . 2008-04-14 04:42:06   439296   ----a-w-   C:\WINDOWS\system32\shimgvw.dll
2011-03-18 17:57:02 . 2011-03-23 15:17:20   142296   ----a-w-   C:\Program Files\mozilla firefox\components\browsercomps.dll
2006-05-03 11:06:54   163328   --sha-r-   C:\WINDOWS\system32\flvDX.dll
2007-02-21 12:47:16   31232   --sha-r-   C:\WINDOWS\system32\msfDX.dll
2008-03-16 14:30:52   216064   --sha-r-   C:\WINDOWS\system32\nbDX.dll

------- Sigcheck -------

Cryptography Services Error !!

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}"= "C:\Program Files\TV_Bar_1.1\prxtbTV_2.dll" [2011-01-17 14:54:02 175912]

[HKEY_CLASSES_ROOT\clsid\{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54:02   175912   ----a-w-   C:\Program Files\ConduitEngine\prxConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}]
2011-01-17 14:54:02   175912   ----a-w-   C:\Program Files\TV_Bar_1.1\prxtbTV_2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}"= "C:\Program Files\TV_Bar_1.1\prxtbTV_2.dll" [2011-01-17 14:54:02 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 14:54:02 175912]

[HKEY_CLASSES_ROOT\clsid\{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A386D4B0-FDDB-4E1C-AE61-4F014013CD9B}"= "C:\Program Files\TV_Bar_1.1\prxtbTV_2.dll" [2011-01-17 14:54:02 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 14:54:02 175912]

[HKEY_CLASSES_ROOT\clsid\{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2011-03-30 18:01:56   468128   ----a-w-   C:\Program Files\Agnitum\Outpost Security Suite Free\op_shell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GM4IE"="C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\GM4IE\GM4IE.exe" [2006-07-23 08:32:16 61440]
"Steam"="C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\Steam\Steam.exe" [2010-12-03 20:50:46 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 07:07:00 8491008]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 23:28:52 47904]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 16:09:56 281768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-11-29 17:38:18 421888]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 14:49:28 249064]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-03-07 15:33:40 421160]
"OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [2011-04-04 09:57:36 3107736]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe" [2011-03-30 18:01:48 517056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 04:42:30 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 22:41:34 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21:41   548352   ----a-w-   C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"C:\\Documents and Settings\\Anna McManus\\My Documents\\Conor's Folder\\Steam\\Steam.exe"=
"C:\\Documents and Settings\\Anna McManus\\My Documents\\Conor's Folder\\Steam\\steamapps\\gen100\\gtr evolution - demo\\GtrEvo_Demo_Steam.exe"=
"C:\\Documents and Settings\\Anna McManus\\My Documents\\Conor's Folder\\Steam\\steamapps\\gen100\\gtr evolution - demo\\Config.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\drivers\afw.sys [19/04/2011 20:48:20 34280]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;C:\WINDOWS\system32\drivers\wg111v3.sys [23/04/2007 15:11:54 341504]
S1 SandBox;SandBox;C:\WINDOWS\system32\drivers\SandBox.sys [19/04/2011 20:49:32 708760]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25:48 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41:30 67656]
S2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [19/04/2011 20:48:12 2072592]
S2 Akamai;Akamai NetSession Interface;C:\WINDOWS\System32\svchost.exe -k Akamai [14/04/2008 05:42:38 14336]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [06/11/2010 20:20:48 135336]
S2 gupdate1ca8fbae50c76ae;Google Update Service (gupdate1ca8fbae50c76ae);C:\Program Files\Google\Update\GoogleUpdate.exe [07/01/2010 18:00:19 133104]
S3 afwcore;afwcore;C:\WINDOWS\system32\drivers\afwcore.sys [19/04/2011 20:49:14 267624]
S3 ASWFilt;ASWFilt;C:\WINDOWS\system32\Filt\ASWFilt.dll [19/04/2011 20:49:35 70160]
S3 VBEngNT;VBEngNT;C:\WINDOWS\system32\drivers\VBEngNT.sys [19/04/2011 20:49:33 242040]
S3 VBFilt;VBFilt;C:\WINDOWS\system32\Filt\VBFilt.dll [19/04/2011 20:49:34 34096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ     Akamai

Contents of the 'Scheduled Tasks' folder

2011-04-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34:12 . 2008-07-30 12:34:12]

2011-04-20 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07 17:00:19 . 2010-01-07 17:00:16]

2011-04-20 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07 17:00:19 . 2010-01-07 17:00:16]

2011-04-19 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1177238915-1417001333-1003Core.job
- C:\Documents and Settings\Anna McManus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-18 11:18:06 . 2010-03-18 20:23:17]

2011-04-20 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1177238915-1417001333-1003UA.job
- C:\Documents and Settings\Anna McManus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-18 11:18:06 . 2010-03-18 20:23:17]

2011-04-19 C:\WINDOWS\Tasks\OGALogon.job
- C:\WINDOWS\system32\OGAEXEC.exe [2009-08-03 15:07:42 . 2009-08-03 15:07:42]

2010-08-31 C:\WINDOWS\Tasks\pixillionShakeIcon.job
- C:\Program Files\NCH Software\Pixillion\pixillion.exe [2010-08-23 18:34:37 . 2010-08-23 18:34:38]

2011-04-20 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1177238915-1417001333-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33:50 . 2010-11-05 11:33:50]

2011-04-20 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-1177238915-1417001333-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33:50 . 2010-11-05 11:33:50]

2011-04-20 C:\WINDOWS\Tasks\User_Feed_Synchronization-{9AEC4122-30F7-425A-AEE8-66CD5650F4FC}.job
- C:\WINDOWS\system32\msfeedssync.exe [2009-03-08 04:31:54 . 2009-03-08 04:31:54]

------- Supplementary Scan -------

uStart Page = hxxp://www.google.ie/webhp?rls=ig
uInternet Connection Wizard,ShellNext = hxxp://www.google.ie/
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
TCP: {2094D3C8-9017-48C6-9813-BCFE09227041} = 89.101.160.4,89.101.160.5,208.67.222.222
DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab
FF - ProfilePath - C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=10588&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: AlertStopper: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Check All: [email protected] - %profile%\extensions\[email protected]
FF - Ext: CheckFox: {BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87} - %profile%\extensions\{BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87}
FF - Ext: Copy Link Text: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Crash Report Helper: {078fac48-925f-4524-7cfe-85d44b8f4f98} - %profile%\extensions\{078fac48-925f-4524-7cfe-85d44b8f4f98}
FF - Ext: EAVE: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Expiry Canary: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Flash Killer: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Ghostery: [email protected] - %profile%\extensions\[email protected]
FF - Ext: GoogleEnhancer: {21e48e29-f574-4619-b65d-0f00eea92e5b} - %profile%\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
FF - Ext: Keyboard Shortcuts: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Kongregate Sidebar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Link Alert: [email protected] - %profile%\extensions\[email protected]
FF - Ext: LinkAndForminfo: {B71ACFF2-E436-4cc7-B5E3-0C8E2CC981BA} - %profile%\extensions\{B71ACFF2-E436-4cc7-B5E3-0C8E2CC981BA}
FF - Ext: Override Mozilla Firefox Guidance: omfg@olive - %profile%\extensions\omfg@olive
FF - Ext: PingMe: pingme@arcticfire - %profile%\extensions\pingme@arcticfire
FF - Ext: Privacy Plus: [email protected] - %profile%\extensions\[email protected]
FF - Ext: RightToClick: {cd617375-6743-4ee8-bac4-fbf10f35729e} - %profile%\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
FF - Ext: SimilarWeb: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Simple Links Counter: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Site Information Tool: siteinfo@wmtips - %profile%\extensions\siteinfo@wmtips
FF - Ext: Tab Progress Bar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Test Extension: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Trustpilot Guard: {736048c1-a1ec-4a70-b12b-1e399e79024e} - %profile%\extensions\{736048c1-a1ec-4a70-b12b-1e399e79024e}
FF - Ext: Verify Redirect: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Wappalyzer: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Personas Rotator: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351} - %profile%\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
FF - Ext: Sidebar Companion for Google Sidewiki: {62f82eb5-4d65-4224-983b-a09ff8b172a6} - %profile%\extensions\{62f82eb5-4d65-4224-983b-a09ff8b172a6}
FF - Ext: Google Redesigned: {cc85cd4e-5a5b-4eda-a25c-bdaffa93b406} - %profile%\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
FF - Ext: Google Minimalist: {64312dc5-3fc3-40d1-b183-0e4060fc52ac} - %profile%\extensions\{64312dc5-3fc3-40d1-b183-0e4060fc52ac}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Java Quick Starter: [email protected] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

SuperDave · « **Reply #5 on:** April 21, 2011, 01:22:29 PM »

The log shows that you appear to be running two AV's at once; AntiVir Desktop and Outpost Security Suite Pro. Please make sure that only one AV is enabled or it will cause some problems.

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

trekkie · « **Reply #6 on:** April 22, 2011, 09:47:46 AM »

A new problem:

If I boot into Windows normally, my CPU usage is at 100%. All the time. I can get nothing done there. I can boot into Safe Mode w/Networking, and that's where I'm posting from now, but as you know, not everything loads up in that mode. Here's a screenshot of Process Explorer showing the extent of the problem (might have to zoom in/look closely):

In any case, I've got you your log:

RootRepeal Log:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2011/04/22 15:45
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF6CFB000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79BB000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF62AB000   Size: 49152   File Visible: No   Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\windows\ntbtlog.txt
Status: Size mismatch (API: 1054902, Raw: 1054778)

Path: c:\windows\temp\perflib_perfdata_34c.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Stealth Objects
-------------------
Object: Hidden Code [Driver: prohlp02, IRP_MJ_CREATE]
Process: System   Address: 0xe1019920   Size: 994

Object: Hidden Code [Driver: prohlp02, IRP_MJ_CLOSE]
Process: System   Address: 0xe1019920   Size: 994

Object: Hidden Code [Driver: prohlp02, IRP_MJ_DEVICE_CONTROL]
Process: System   Address: 0xe1019920   Size: 994

==EOF==

SuperDave · « **Reply #7 on:** April 22, 2011, 09:54:38 AM »

You do have a lot of programs running but some of them may be running unnecessarily. Please try this tool to lighten your start-up load.

StartupLite

Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
***********************************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

trekkie · « **Reply #8 on:** April 22, 2011, 11:09:06 AM »

While I wait on the ESET scan:

On the CPU 100% issue, StartUpLite had no practical effect, but I have an OS disc. Do you think using it to repair/reinstall my OS would be a good idea?

I'll post the ESET log as soon as it's ready.

trekkie · « **Reply #9 on:** April 22, 2011, 02:33:29 PM »

(in best Italian accent) Itsa ready!

ESET Log:

D:\Documents and Settings\Aidan McManus\Local Settings\Temporary Internet Files\Content.IE5\QSN6YIWP\MyFunCardsInitialSetup1.0.1.1[1].exe

Win32/AdInstaller application

cleaned by deleting - quarantined

SuperDave · « **Reply #10 on:** April 22, 2011, 05:42:00 PM »

Quote

On the CPU 100% issue, StartUpLite had no practical effect, but I have an OS disc. Do you think using it to repair/reinstall my OS would be a good idea?

I would like to find out what using up all your memory first. How much RAM do you have? Please do this. Open Task Manager, processes and click twice on Mem Usage until all the largest users are at the top and do a screen print and send it to me.

trekkie · « **Reply #11 on:** April 23, 2011, 02:31:16 AM »

Total RAM is in my computer specs (on the left of all my posts). I prefer Process Explorer over Task Manager-it gives more detail.

Screenie (you're looking for Working Set for RAM):

I'm confused-is CPU usage and RAM usage related?

SuperDave · « **Reply #12 on:** April 23, 2011, 12:39:08 PM »

Are these screenshots taken in Normal Mode?
Did you do anything about the two AV programs?
I can't see anything that would cause this abnormal CPU usage. Let's try one more scan.

Download OTL to your desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Check the boxes beside LOP Check and Purity Check.
* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy and pate the contents of these files, one at a time, into your next reply.

Note: You may need two or more posts to fit them all in.

trekkie · « **Reply #13 on:** April 24, 2011, 10:05:12 AM »

Quote from: SuperDave on April 23, 2011, 12:39:08 PM

Did you do anything about the two AV programs?

Mmm-hmm, I uninstalled Avira AntiVir. It didn't affect the CPU usage, though.

Quote

Are these screenshots taken in Normal Mode?

Yep, with difficulty...

These OTL logs, on the other hand, are from Safe Mode. I had no choice-the computer froze when I tried to start OTL, much less run a scan. Sorry.

OTL.txt:

OTL logfile created on: 24/04/2011 16:52:29 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Anna McManus\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 684.00 Mb Available Physical Memory | 67.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.99 Gb Total Space | 6.09 Gb Free Space | 20.31% Space Free | Partition Type: NTFS
Drive D: | 107.07 Gb Total Space | 90.45 Gb Free Space | 84.48% Space Free | Partition Type: NTFS
Drive E: | 37.23 Gb Total Space | 10.37 Gb Free Space | 27.86% Space Free | Partition Type: NTFS
Drive H: | 6.00 Gb Total Space | 1.54 Gb Free Space | 25.74% Space Free | Partition Type: NTFS

Computer Name: DIMENSION-E520E | User Name: Anna McManus | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Anna McManus\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Anna McManus\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\Agnitum\Outpost Security Suite Free\wl_hook.dll (Agnitum Ltd.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
MOD - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Win32 Services (SafeList) ==========

SRV - (acssrv) -- C:\Program Files\Agnitum\Outpost Security Suite Free\acs.exe (Agnitum Ltd.)
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (SandBox) -- C:\WINDOWS\system32\drivers\SandBox.sys (Agnitum Ltd.)
DRV - (VBFilt) -- C:\WINDOWS\system32\Filt\VBFilt.dll (Agnitum Ltd.)
DRV - (ASWFilt) -- C:\WINDOWS\system32\Filt\ASWFilt.dll (Agnitum Ltd.)
DRV - (VBEngNT) -- C:\WINDOWS\system32\drivers\VBEngNT.sys (VirusBuster Kft.)
DRV - (afwcore) -- C:\WINDOWS\system32\drivers\afwcore.sys (Agnitum Ltd.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (afw) -- C:\WINDOWS\system32\drivers\afw.sys (Agnitum Ltd.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\wg111v3.sys (Realtek Semiconductor Corporation )
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/webhp?rls=ig
IE - HKCU\..\URLSearchHook: {a386d4b0-fddb-4e1c-ae61-4f014013cd9b} - C:\Program Files\TV_Bar_1.1\prxtbTV_2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginen ame: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://www.google.ie/"
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.0.1
FF - prefs.js..extensions.enabledItems: {c07d1a49-9894-49ff-a594-38960ede8fb9}:3.1.3beta1
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:200.000
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.3
FF - prefs.js..extensions.enabledItems: {BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87}:0.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.0
FF - prefs.js..extensions.enabledItems: {078fac48-925f-4524-7cfe-85d44b8f4f98}:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.2
FF - prefs.js..extensions.enabledItems: gmailwatcher@sonthakit:1.31
FF - prefs.js..extensions.enabledItems: [email protected]:0.1.3.1
FF - prefs.js..extensions.enabledItems: {21e48e29-f574-4619-b65d-0f00eea92e5b}:1.86
FF - prefs.js..extensions.enabledItems: [email protected]:0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - prefs.js..extensions.enabledItems: {B71ACFF2-E436-4cc7-B5E3-0C8E2CC981BA}:1.0.7
FF - prefs.js..extensions.enabledItems: {cf47767d-5f3a-4e32-9fce-5d79565c9702}:1.1.1
FF - prefs.js..extensions.enabledItems: omfg@olive:0.6.080510
FF - prefs.js..extensions.enabledItems: pingme@arcticfire:2.7.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1
FF - prefs.js..extensions.enabledItems: {cd617375-6743-4ee8-bac4-fbf10f35729e}:2.8.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.06
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: siteinfo@wmtips:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {736048c1-a1ec-4a70-b12b-1e399e79024e}:2.1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.13.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351}:1.1
FF - prefs.js..extensions.enabledItems: {62f82eb5-4d65-4224-983b-a09ff8b172a6}:0.7
FF - prefs.js..extensions.enabledItems: {cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}:0.6
FF - prefs.js..extensions.enabledItems: {64312dc5-3fc3-40d1-b183-0e4060fc52ac}:0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=10588&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/23 10:38:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 16:17:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 16:17:16 | 000,000,000 | ---D | M]

[2009/12/15 19:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Extensions
[2011/04/07 20:34:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions
[2010/02/20 22:13:27 | 000,000,000 | ---D | M] (Crash Report Helper) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{078fac48-925f-4524-7cfe-85d44b8f4f98}
[2011/03/23 16:07:43 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/08/03 18:26:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/23 16:08:15 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2010/02/20 22:13:16 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2010/11/19 17:52:35 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2010/04/21 14:24:32 | 000,000,000 | ---D | M] (Personas Windows Classic Statusbar) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{580ef9b7-8492-4844-a4f4-76bc7208fda1}
[2011/03/23 16:09:47 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/03/23 16:09:08 | 000,000,000 | ---D | M] (Sidebar Companion for Google Sidewiki) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{62f82eb5-4d65-4224-983b-a09ff8b172a6}
[2011/03/23 16:09:40 | 000,000,000 | ---D | M] (Google Minimalist) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{64312dc5-3fc3-40d1-b183-0e4060fc52ac}
[2011/03/23 16:07:41 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2011/04/07 20:27:53 | 000,000,000 | ---D | M] (Personas Rotator) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
[2010/03/20 18:27:54 | 000,000,000 | ---D | M] ("Trustpilot Guard") -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{736048c1-a1ec-4a70-b12b-1e399e79024e}
[2010/08/16 17:06:36 | 000,000,000 | ---D | M] (Read Later) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{9783dcc8-2250-4d3b-8beb-7c2007cf5651}
[2011/03/23 16:07:55 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/02/20 22:13:27 | 000,000,000 | ---D | M] (Currency Converter) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{af5514fc-7603-4cec-9894-f07f3d8672a5}
[2011/03/23 16:08:26 | 000,000,000 | ---D | M] (LinkAndForminfo) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{B71ACFF2-E436-4cc7-B5E3-0C8E2CC981BA}
[2010/03/19 20:39:15 | 000,000,000 | ---D | M] (CheckFox) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87}
[2011/03/23 16:07:44 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011/03/23 16:09:31 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2011/03/23 16:08:27 | 000,000,000 | ---D | M] ("RightToClick") -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
[2011/03/23 16:07:51 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/03/23 16:10:07 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/03/23 16:07:56 | 000,000,000 | ---D | M] ("AlertStopper") -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:26 | 000,000,000 | ---D | M] (Expiry Canary) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2011/03/23 16:08:22 | 000,000,000 | ---D | M] (InvisibleHand) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:27 | 000,000,000 | ---D | M] (Check All) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:27 | 000,000,000 | ---D | M] (Click Info) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2011/03/23 16:08:00 | 000,000,000 | ---D | M] ("Copy Link Text") -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:27 | 000,000,000 | ---D | M] ("EAVE") -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/12/16 00:03:09 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2011/03/23 16:08:08 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2011/03/23 16:08:29 | 000,000,000 | ---D | M] (SimilarWeb) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2011/03/23 16:08:03 | 000,000,000 | ---D | M] (Flash Killer) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:26 | 000,000,000 | ---D | M] (Gmail Popup) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:25 | 000,000,000 | ---D | M] (Keyboard Shortcuts) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:25 | 000,000,000 | ---D | M] (Google Date) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2011/03/23 16:08:24 | 000,000,000 | ---D | M] (Kongregate Sidebar) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2011/03/23 16:08:25 | 000,000,000 | ---D | M] ("Link Alert") -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:25 | 000,000,000 | ---D | M] ("Override Mozilla Firefox Guidance") -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\omfg@olive
[2011/03/23 16:09:01 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:24 | 000,000,000 | ---D | M] (PingMe) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\pingme@arcticfire
[2010/02/20 22:13:24 | 000,000,000 | ---D | M] (Privacy Plus) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:23 | 000,000,000 | ---D | M] (Simple Links Counter) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:23 | 000,000,000 | ---D | M] (Site Information Tool) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\siteinfo@wmtips
[2011/04/07 20:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\staged
[2010/02/20 22:13:23 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:22 | 000,000,000 | ---D | M] (Test Extension) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:22 | 000,000,000 | ---D | M] (TimeStamp Converter) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:20 | 000,000,000 | ---D | M] (Verify Redirect) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2011/03/23 16:08:52 | 000,000,000 | ---D | M] (Wappalyzer) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]\chrome
[2010/02/20 22:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]\defaults
[2010/02/20 22:13:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]\chrome
[2010/02/20 22:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]\chrome
[2010/02/20 22:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]\defaults
[2011/03/23 16:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/04 13:45:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/23 15:46:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/02 14:26:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 18:16:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/28 11:54:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/05 11:14:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2010/11/23 10:38:52 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ANNA MCMANUS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WZLAVWZF.DEFAULT\EXTENSIONS\{C07D1A49-9894-49FF-A594-38960EDE8FB9}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ANNA MCMANUS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WZLAVWZF.DEFAULT\EXTENSIONS\{C36177C0-224A-11DA-8CD6-0800200C9A91}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ANNA MCMANUS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WZLAVWZF.DEFAULT\EXTENSIONS\{CF47767D-5F3A-4E32-9FCE-5D79565C9702}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ANNA MCMANUS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WZLAVWZF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ANNA MCMANUS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WZLAVWZF.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ANNA MCMANUS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WZLAVWZF.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ANNA MCMANUS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WZLAVWZF.DEFAULT\EXTENSIONS\[email protected]
[2010/04/09 16:30:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 18:57:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/16 00:02:57 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/21 10:04:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AutoLogin) - {598B818E-71F1-486E-A0BE-9952B5851367} - Reg Error: Value error. File not found
O2 - BHO: (TV Bar 1.1 Toolbar) - {a386d4b0-fddb-4e1c-ae61-4f014013cd9b} - C:\Program Files\TV_Bar_1.1\prxtbTV_2.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AutoLogin) - {598B818E-71F1-486E-A0BE-9952B5851367} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (TV Bar 1.1 Toolbar) - {a386d4b0-fddb-4e1c-ae61-4f014013cd9b} - C:\Program Files\TV_Bar_1.1\prxtbTV_2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (TV Bar 1.1 Toolbar) - {A386D4B0-FDDB-4E1C-AE61-4F014013CD9B} - C:\Program Files\TV_Bar_1.1\prxtbTV_2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Security Suite Free\op_mon.exe (Agnitum Ltd.)
O4 - HKCU..\Run: [GM4IE] File not found
O4 - HKCU..\Run: [Steam] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: AutoLogin - {6CE08A84-B3F9-422a-B133-60275F605AF4} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : AutoLogin - {6CE08A84-B3F9-422a-B133-60275F605AF4} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {444785F1-DE89-4295-863A-D46C3A781394} http://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262022016343 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.67.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Security Suite Free\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Anna McManus\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Anna McManus\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/15 11:37:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9607228d-e9a1-11de-97f0-001676dffbe0}\Shell - "" = AutoRun
O33 - MountPoints2\{9607228d-e9a1-11de-97f0-001676dffbe0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9607228d-e9a1-11de-97f0-001676dffbe0}\Shell\AutoRun\command - "" = X:\SETUP.EXE /AUTORUN
O33 - MountPoints2\{9607228d-e9a1-11de-97f0-001676dffbe0}\Shell\configure\command - "" = X:\SETUP.EXE
O33 - MountPoints2\{9607228d-e9a1-11de-97f0-001676dffbe0}\Shell\install\command - "" = X:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/23 20:42:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Anna McManus\Desktop\OTL.exe
[2011/04/22 17:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/22 17:28:13 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\Anna McManus\Desktop\StartUpLite.exe
[2011/04/22 15:41:37 | 000,000,000 | ---D | C] -- C:\RootRepeal
[2011/04/21 19:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna McManus\Desktop\bluescreenview
[2011/04/21 17:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna McManus\Application Data\PriceGong
[2011/04/21 17:57:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/21 16:53:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/04/21 09:58:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/21 09:48:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/21 09:48:31 | 000,000,000 | ---D | C] -- C:\commy
[2011/04/21 09:22:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/19 20:49:33 | 000,242,040 | ---- | C] (VirusBuster Kft.) -- C:\WINDOWS\System32\drivers\VBEngNT.sys
[2011/04/19 20:49:32 | 000,708,760 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\SandBox.sys
[2011/04/19 20:49:14 | 000,267,624 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys
[2011/04/19 20:48:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Agnitum
[2011/04/19 20:48:20 | 000,034,280 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afw.sys
[2011/04/19 20:48:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Filt
[2011/04/19 20:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2011/04/19 20:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna McManus\Application Data\Agnitum
[2011/04/16 20:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna McManus\Local Settings\Application Data\Opera
[2011/04/16 20:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna McManus\Application Data\Opera
[2011/04/15 16:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna McManus\Local Settings\Application Data\PCHealth
[2011/04/12 11:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/24 16:33:16 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/24 15:58:07 | 000,000,147 | ---- | M] () -- C:\Documents and Settings\Anna McManus\Desktop\Netopia Router.url
[2011/04/24 15:50:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/24 15:28:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/23 20:43:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anna McManus\Desktop\OTL.exe
[2011/04/23 09:16:01 | 000,259,156 | ---- | M] () -- C:\Documents and Settings\Anna McManus\Desktop\screenshot3.jpg
[2011/04/23 09:15:06 | 000,262,177 | ---- | M] () -- C:\Documents and Settings\Anna McManus\Desktop\screenshot2.jpg
[2011/04/22 17:28:19 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\Anna McManus\Desktop\StartUpLite.exe
[2011/04/22 15:41:02 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\Anna McManus\Desktop\RootRepeal.zip
[2011/04/21 20:46:10 | 000,000,312 | -HS- | M] () -- C:\boot.ini
[2011/04/21 20:03:29 | 000,602,259 | ---- | M] () -- C:\Documents and Settings\Anna McManus\Desktop\screenshot1.jpg
[2011/04/21 19:22:22 | 000,059,456 | ---- | M] () -- C:\Documents and Settings\Anna McManus\Desktop\bluescreenview.zip
[2011/04/21 18:14:03 | 1071,599,616 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/04/21 10:04:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/21 09:27:57 | 000,927,494 | ---- | M] () -- C:\Documents and Settings\Anna McManus\Desktop\A guide and tutorial on using ComboFix.mht
[2011/04/20 16:54:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1177238915-1417001333-1003.job
[2011/04/20 16:53:59 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-1177238915-1417001333-1003.job
[2011/04/20 16:35:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1177238915-1417001333-1003UA.job
[2011/04/20 16:34:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/20 14:34:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/20 14:28:58 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9AEC4122-30F7-425A-AEE8-66CD5650F4FC}.job
[2011/04/19 21:06:16 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/04/19 20:35:01 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1177238915-1417001333-1003Core.job
[2011/04/16 13:59:50 | 000,214,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 22:04:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/15 22:03:23 | 000,465,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 22:03:23 | 000,078,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/11 17:24:01 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/23 09:16:00 | 000,259,156 | ---- | C] () -- C:\Documents and Settings\Anna McManus\Desktop\screenshot3.jpg
[2011/04/23 09:15:05 | 000,262,177 | ---- | C] () -- C:\Documents and Settings\Anna McManus\Desktop\screenshot2.jpg
[2011/04/22 15:41:00 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\Anna McManus\Desktop\RootRepeal.zip
[2011/04/21 20:03:26 | 000,602,259 | ---- | C] () -- C:\Documents and Settings\Anna McManus\Desktop\screenshot1.jpg
[2011/04/21 19:22:21 | 000,059,456 | ---- | C] () -- C:\Documents and Settings\Anna McManus\Desktop\bluescreenview.zip
[2011/04/21 09:27:54 | 000,927,494 | ---- | C] () -- C:\Documents and Settings\Anna McManus\Desktop\A guide and tutorial on using ComboFix.mht
[2011/04/19 20:48:35 | 000,000,049 | ---- | C] () -- C:\WINDOWS\transp.gif
[2011/03/04 14:16:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/02/06 18:40:31 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Anna McManus\Local Settings\Application Data\fusioncache.dat
[2010/12/21 19:04:51 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/10/11 20:36:00 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/07/30 10:58:05 | 000,000,059 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/07/15 20:30:11 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/14 15:36:27 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\FA057BB6C4.dll
[2010/05/06 18:03:54 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2010/04/17 21:18:04 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/04/07 17:14:45 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Anna McManus\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/15 19:24:58 | 000,000,772 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2010/01/12 23:04:54 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/01/12 23:00:42 | 000,117,671 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2009/12/25 12:32:31 | 000,041,616 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/15 19:36:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/15 19:09:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/15 18:45:51 | 000,087,808 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/12/15 11:40:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/15 11:34:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/15 11:22:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/15 11:21:30 | 000,214,472 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/01/15 05:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/05/05 11:25:27 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2005/03/21 19:48:04 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 19:48:04 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:59:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:59:59 | 000,465,072 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:59:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:59:59 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:59:59 | 000,078,958 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:59:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:59:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:59:59 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/04/19 20:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2010/05/14 15:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2010/04/10 12:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2010/06/13 19:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau
[2010/11/12 16:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/12/03 12:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/21 18:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Official Driver Theory Test
[2010/04/09 10:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/25 10:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/04/19 20:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\Agnitum
[2010/10/10 18:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\AnvSoft
[2010/12/16 18:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\BabylonToolbar
[2010/10/26 18:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\Bioshock
[2010/07/11 21:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\GetRightToGo
[2010/08/23 19:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\gtk-2.0
[2010/10/04 21:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\ieSpell
[2010/05/06 18:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\Image Zone Express
[2009/12/15 18:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\ImgBurn
[2009/12/15 22:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\InfraRecorder
[2010/08/23 19:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\InspireSoft
[2010/12/01 17:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\OLYMPUS
[2011/04/16 20:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\Opera
[2011/04/21 17:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\PriceGong
[2010/09/14 18:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\Sony Online Entertainment
[2010/06/07 19:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\Transcend
[2010/06/11 09:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\Uniblue
[2010/06/04 22:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\Unity
[2011/04/21 20:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\uTorrent
[2009/12/28 21:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\Windows Desktop Search
[2010/01/19 18:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\Windows Search
[2009/12/15 19:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\XnView
[2010/10/25 17:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\ZombieDriver
[2011/04/19 21:06:16 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010/08/31 17:50:13 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job
[2011/04/20 14:28:58 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9AEC4122-30F7-425A-AEE8-66CD5650F4FC}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

trekkie · « **Reply #14 on:** April 24, 2011, 10:12:52 AM »

Quote from: trekkie on April 23, 2011, 02:31:16 AM

I'm confused-is CPU usage and RAM usage related?

RSVP.

OTL Extras.txt:

OTL Extras logfile created on: 24/04/2011 16:52:29 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Anna McManus\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 684.00 Mb Available Physical Memory | 67.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.99 Gb Total Space | 6.09 Gb Free Space | 20.31% Space Free | Partition Type: NTFS
Drive D: | 107.07 Gb Total Space | 90.45 Gb Free Space | 84.48% Space Free | Partition Type: NTFS
Drive E: | 37.23 Gb Total Space | 10.37 Gb Free Space | 27.86% Space Free | Partition Type: NTFS
Drive H: | 6.00 Gb Total Space | 1.54 Gb Free Space | 25.74% Space Free | Partition Type: NTFS

Computer Name: DIMENSION-E520E | User Name: Anna McManus | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1054:TCP" = 1054:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\Steam\Steam.exe" = C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\Steam\Steam.exe:*:Enabled:Steam
"C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\Steam\steamapps\gen100\gtr evolution - demo\GtrEvo_Demo_Steam.exe" = C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\Steam\steamapps\gen100\gtr evolution - demo\GtrEvo_Demo_Steam.exe:*:Enabled:GTR Evolution Demo
"C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\Steam\steamapps\gen100\gtr evolution - demo\Config.exe" = C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\Steam\steamapps\gen100\gtr evolution - demo\Config.exe:*:Enabled:GTR Evolution Demo
"C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\opera.exe" = C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\opera.exe:*:Enabled:Opera Internet Browser

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
".sol Editor" = .sol Editor 1.1.0.1
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{67880EA3-63C2-4143-88F4-51A21B516CBE}" = e-Sword
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.46
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"7-Zip" = 7-Zip 4.65
"AbiWord2" = AbiWord 2.6.8
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agnitum Outpost Security Suite Free_is1" = Outpost Security Suite 7.1.1
"Akamai" = Akamai NetSession Interface
"CCleaner" = CCleaner
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"conduitEngine" = Conduit Engine
"CutePDF Writer Installation" = CutePDF Writer 2.7
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader" = Foxit Reader
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"JAIELangPack" = Japanese Language Support
"JPEG Lossless Rotator_is1" = JPEG Lossless Rotator 6.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 en-GB)" = Mozilla Firefox 4.0 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Pixillion" = Pixillion Image Converter
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.88
"Total Uninstall 5_is1" = Total Uninstall 5.6.1
"TV_Bar_1.1 Toolbar" = TV Bar 1.1 Toolbar
"Tweak UI 2.10" = Tweak UI
"Universal Extractor_is1" = Universal Extractor 1.6
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Free Realms Installer" = Free Realms Installer
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/04/2011 03:20:18 | Computer Name = DIMENSION-E520E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 34652422

Error - 20/04/2011 03:20:18 | Computer Name = DIMENSION-E520E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 34652422

Error - 20/04/2011 03:20:33 | Computer Name = DIMENSION-E520E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 20/04/2011 03:20:33 | Computer Name = DIMENSION-E520E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 34670047

Error - 20/04/2011 03:20:33 | Computer Name = DIMENSION-E520E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 34670047

Error - 20/04/2011 17:23:00 | Computer Name = DIMENSION-E520E | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007043c: InitEventCollector fail

Error - 20/04/2011 17:23:15 | Computer Name = DIMENSION-E520E | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007043c: InitEventCollector fail

Error - 22/04/2011 16:53:15 | Computer Name = DIMENSION-E520E | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x8007043c.

Error - 22/04/2011 16:53:15 | Computer Name = DIMENSION-E520E | Source = VSS | ID = 5012
Description = Volume Shadow Copy Service error: Shadow Copy shim called routine
CoCreateInstance( CLSID_VSSCoordinator, IID_IVssShim) which failed with status 0x8007043c
(converted to 0x8000ffff).

Error - 22/04/2011 16:53:15 | Computer Name = DIMENSION-E520E | Source = NTBackup | ID = 8019
Description = End Operation: Warnings or errors were encountered. Consult the backup
report for more details.

[ System Events ]
Error - 24/04/2011 11:33:15 | Computer Name = DIMENSION-E520E | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and
Last Error was The referenced assembly is not installed on your system.

Error - 24/04/2011 11:33:15 | Computer Name = DIMENSION-E520E | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference
error message: The referenced assembly is not installed on your system. .

Error - 24/04/2011 11:33:15 | Computer Name = DIMENSION-E520E | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll.
Reference
error message: The operation completed successfully. .

Error - 24/04/2011 11:34:03 | Computer Name = DIMENSION-E520E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 24/04/2011 11:44:41 | Computer Name = DIMENSION-E520E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 24/04/2011 11:48:36 | Computer Name = DIMENSION-E520E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 24/04/2011 11:49:46 | Computer Name = DIMENSION-E520E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 24/04/2011 11:50:25 | Computer Name = DIMENSION-E520E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 24/04/2011 11:51:27 | Computer Name = DIMENSION-E520E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 24/04/2011 11:52:16 | Computer Name = DIMENSION-E520E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

< End of report >

Computer Hope Forum

News:

Author Topic: I'm really, really lost.... (Read 37275 times)

trekkie

I'm really, really lost....

Allan

Re: I'm really, really lost....

trekkie

Re: I'm really, really lost....

SuperDave

Re: I'm really, really lost....

trekkie

Re: I'm really, really lost....

SuperDave

Re: I'm really, really lost....

trekkie

Re: I'm really, really lost....

SuperDave

Re: I'm really, really lost....

trekkie

Re: I'm really, really lost....

trekkie

Re: I'm really, really lost....

SuperDave

Re: I'm really, really lost....

trekkie

Re: I'm really, really lost....

SuperDave

Re: I'm really, really lost....

trekkie

Re: I'm really, really lost....

trekkie

Re: I'm really, really lost....