Author Topic: I'm really, really lost.... (Read 37418 times)

trekkie · « **on:** December 04, 2010, 01:57:35 PM »

Hi, I got referred here by Allan after telling him my problem on this topic:
http://www.computerhope.com/forum/index.php/topic,113295.0.html

Unfortunately, the post he directed me to just confused me. Do I start downloading things now or do I wait for a helper to reply?

Allan · « **Reply #1 on:** December 04, 2010, 01:59:33 PM »

You should follow the steps and post your logs, after which a malware specialist will step in.

trekkie · « **Reply #2 on:** December 05, 2010, 08:23:45 AM »

First of all, thank you again, Allan! You made things a lot clearer. Now, to the steps:

Step 1: I've noticed that a program called Registry Mechanic just appeared out of nowhere. There's an icon on the Desktop, too. It hasn't put up any annoying popups yet. Original problem is still there, though. I don't see anything else unfamiliar.

Step 2: Went without a hitch. 919 MB removed!

The things that accumulate on a computer.... Oh yeah! I nearly forgot - I stopped CCleaner from getting rid of the memory dumps, just in case we need them later (read the XP thread if you're confused as to why - link's on the first post). So, no heart attacks!

Step 3: Took an hour, but it did it. Nothing out of the ordinary happened. Here's the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/05/2010 at 01:34 PM

Application Version : 4.46.1000

Core Rules Database Version : 5954
Trace Rules Database Version: 3766

Scan type : Complete Scan
Total Scan Time : 01:07:02

Memory items scanned : 546
Memory threats detected : 0
Registry items scanned : 6425
Registry threats detected : 4
File items scanned : 68403
File threats detected : 3

Adware.Tracking Cookie
   C:\Documents and Settings\Anna McManus\Cookies\anna_mcmanus@tribalfusion[1].txt
   C:\Documents and Settings\Anna McManus\Cookies\anna_mcmanus@doubleclick[1].txt

Malware.Trace
   HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Disabled.SecurityCenterOption
   HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
   HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
   HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

Adware.Vundo/Variant-MSFake
   C:\PROGRAM FILES\1BY1 AUDIO PLAYER\WMAUDSDK.DLL

Step 4: It went really quickly. Didn't find anything, though. You'll want the log anyways, so here you go:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5248

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05/12/2010 14:40:26
mbam-log-2010-12-05 (14-40-26).txt

Scan type: Quick scan
Objects scanned: 148510
Time elapsed: 5 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Step 5: I have the latest Java version.

Step 6: Went OK. By the way, I've noticed that SAS, mbam and HJT have been looking around in critical files (system.ini, for example) and it's making my firewall (Outpost) a bit jumpy (i.e. warning me a lot about what they're doing). I'm assuming this is normal and OK? Anyways, here's the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:51:55, on 05/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\GM4IE\GM4IE.exe
C:\Documents and Settings\Anna McManus\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\sniper\Trend Micro\sniper\sniper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/webhp?rls=ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ie/
R3 - URLSearchHook: TV Bar 1.1 Toolbar - {a386d4b0-fddb-4e1c-ae61-4f014013cd9b} - C:\Program Files\TV_Bar_1.1\tbTV_1.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: AutoLogin - {598B818E-71F1-486E-A0BE-9952B5851367} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TV Bar 1.1 Toolbar - {a386d4b0-fddb-4e1c-ae61-4f014013cd9b} - C:\Program Files\TV_Bar_1.1\tbTV_1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AutoLogin - {598B818E-71F1-486E-A0BE-9952B5851367} - (no file)
O3 - Toolbar: TV Bar 1.1 Toolbar - {a386d4b0-fddb-4e1c-ae61-4f014013cd9b} - C:\Program Files\TV_Bar_1.1\tbTV_1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Anna McManus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GM4IE] C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\GM4IE\GM4IE.exe
O4 - HKCU\..\Run: [Steam] "C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AutoLogin - {6CE08A84-B3F9-422a-B133-60275F605AF4} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AutoLogin - {6CE08A84-B3F9-422a-B133-60275F605AF4} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {444785F1-DE89-4295-863A-D46C3A781394} (UnityWebPlayer Control) - http://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262022016343
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2094D3C8-9017-48C6-9813-BCFE09227041}: NameServer = 89.101.160.4,89.101.160.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{2094D3C8-9017-48C6-9813-BCFE09227041}: NameServer = 89.101.160.4,89.101.160.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{2094D3C8-9017-48C6-9813-BCFE09227041}: NameServer = 89.101.160.4,89.101.160.5
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1ca8fbae50c76ae) (gupdate1ca8fbae50c76ae) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11983 bytes

At log - I mean, at long last! I thought I'd never finish this! How you could possibly make sense of all that...!

One last thing (or this post will never end!) - my original problem hasn't bugged me for a while. Of course, that doesn't mean it's gone, but still... a ray of hope, eh?

And now, the potentially long wait..........................

SuperDave · « **Reply #3 on:** December 06, 2010, 01:05:48 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
******************************************
P2P - I see you have P2P software installed on your machine (uTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
**********************************************

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

***********************************************
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
Registry Mechanic
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
***********************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: AutoLogin - {598B818E-71F1-486E-A0BE-9952B5851367} - (no file)
O3 - Toolbar: AutoLogin - {598B818E-71F1-486E-A0BE-9952B5851367} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
***********************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

trekkie · « **Reply #4 on:** April 21, 2011, 04:38:48 AM »

Sorry I took so long to get back to you-it took ComboFix this long to wrap up. ....OK, I am joking, I just completely forgot about it. Anyways...

Security Check Log:

Results of screen317's Security Check version 0.99.10
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Outpost Security Suite 7.1.1
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 24
Adobe Flash Player    10.2.153.1
Mozilla Firefox (x86 en-GB..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

ComboFix Log:

ComboFix 11-04-20.03 - Anna McManus 21/04/2011 9:53:12.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.353.1033.18.1022.777 [GMT 1:00]
Running from: C:\Documents and Settings\Anna McManus\desktop\commy.exe
Command switches used :: /stepdel
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Outpost Security Suite Pro *Disabled/Updated* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FW: Outpost Security Suite Pro *Enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Anna McManus\Application Data\PriceGong
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\1.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\a.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\b.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\c.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\d.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\e.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\f.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\g.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\h.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\i.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\J.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\k.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\l.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\m.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\mru.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\n.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\o.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\p.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\q.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\r.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\s.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\t.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\u.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\v.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\w.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\x.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\y.xml
C:\Documents and Settings\Anna McManus\Application Data\PriceGong\Data\z.xml
C:\Documents and Settings\Anna McManus\Start Menu\Programs\Uninstall.lnk
C:\WINDOWS\jestertb.dll
C:\WINDOWS\system32\arp.exe
C:\WINDOWS\system32\SCardSvr.exe
C:\WINDOWS\system32\setup.exe

((((((((((((((((((((((((( Files Created from 2011-03-21 to 2011-04-21 )))))))))))))))))))))))))))))))

2011-04-19 20:05:02 . 2011-04-19 20:05:02   63115   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-04-19 20:05:02 . 2011-04-19 20:05:02   4599   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-04-19 20:05:01 . 2011-04-19 20:05:01   9310   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-04-19 20:05:01 . 2011-04-19 20:05:01   8646   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-04-19 20:05:01 . 2011-04-19 20:05:01   6429   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-04-19 20:05:01 . 2011-04-19 20:05:01   5927   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-04-19 20:05:00 . 2011-04-19 20:05:00   8613   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-04-19 20:05:00 . 2011-04-19 20:05:00   1651   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-04-19 20:04:58 . 2011-04-19 20:04:58   6910   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-04-19 20:04:56 . 2011-04-19 20:04:56   8288   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-04-19 20:04:56 . 2011-04-19 20:04:56   6208   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-04-19 20:04:56 . 2011-04-19 20:04:56   18541   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-04-19 20:04:49 . 2011-04-19 20:04:50   51852   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-04-19 20:04:48 . 2011-04-19 20:04:48   20719   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-04-19 20:04:47 . 2011-04-19 20:04:48   23327   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-04-19 20:04:47 . 2011-04-19 20:04:47   8782   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-04-19 20:04:47 . 2011-04-19 20:04:47   7271   ----a-w-   C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-04-19 19:49:33 . 2011-02-02 16:04:22   242040   ----a-w-   C:\WINDOWS\system32\drivers\VBEngNT.sys
2011-04-19 19:49:32 . 2011-03-21 15:27:58   708760   ----a-w-   C:\WINDOWS\system32\drivers\SandBox.sys
2011-04-19 19:49:14 . 2010-09-27 14:40:28   267624   ----a-w-   C:\WINDOWS\system32\drivers\afwcore.sys
2011-04-19 19:48:20 . 2010-04-20 15:05:16   34280   ----a-w-   C:\WINDOWS\system32\drivers\afw.sys
2011-04-19 19:48:01 . 2011-04-20 09:00:25   --------   d-----w-   C:\WINDOWS\system32\Filt
2011-04-19 19:48:01 . 2011-04-19 19:48:01   --------   d-----w-   C:\Program Files\Agnitum
2011-04-19 19:48:01 . 2011-04-19 19:48:01   --------   d-----w-   C:\Documents and Settings\Anna McManus\Application Data\Agnitum
2011-04-16 19:21:54 . 2011-04-16 19:21:54   --------   d-----w-   C:\Documents and Settings\Anna McManus\Local Settings\Application Data\Opera
2011-04-15 15:52:13 . 2011-04-15 15:52:13   --------   d-----w-   C:\Documents and Settings\Anna McManus\Local Settings\Application Data\PCHealth
2011-03-23 15:17:20 . 2011-03-18 17:57:02   142296   ----a-w-   C:\Program Files\Mozilla Firefox\components\browsercomps.dll
2011-03-23 15:17:19 . 2011-03-18 17:57:02   781272   ----a-w-   C:\Program Files\Mozilla Firefox\mozsqlite3.dll
2011-03-23 15:17:19 . 2011-03-18 17:57:02   1874904   ----a-w-   C:\Program Files\Mozilla Firefox\mozjs.dll
2011-03-23 15:17:19 . 2011-03-18 17:57:02   15832   ----a-w-   C:\Program Files\Mozilla Firefox\mozalloc.dll
2011-03-23 15:17:18 . 2011-03-18 17:57:02   728024   ----a-w-   C:\Program Files\Mozilla Firefox\libGLESv2.dll
2011-03-23 15:17:18 . 2011-03-18 17:57:02   1975768   ----a-w-   C:\Program Files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-23 15:17:18 . 2011-03-18 17:57:02   1893336   ----a-w-   C:\Program Files\Mozilla Firefox\d3dx9_42.dll
2011-03-23 15:17:18 . 2011-03-18 17:57:02   142296   ----a-w-   C:\Program Files\Mozilla Firefox\libEGL.dll
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-03-16 11:30:20 . 2010-11-06 19:20:43   137656   ----a-w-   C:\WINDOWS\system32\drivers\avipbb.sys
2011-03-14 16:04:00 . 2011-03-14 16:04:00   0   ----a-w-   C:\WINDOWS\system32\ConduitEngine.tmp
2011-03-07 05:33:50 . 2009-12-15 10:35:32   692736   ----a-w-   C:\WINDOWS\system32\inetcomm.dll
2011-03-04 06:37:06 . 2008-04-14 04:42:10   420864   ----a-w-   C:\WINDOWS\system32\vbscript.dll
2011-03-03 13:21:11 . 2008-04-14 00:00:12   1857920   ----a-w-   C:\WINDOWS\system32\win32k.sys
2011-02-22 23:06:29 . 2008-04-14 04:42:42   1469440   ------w-   C:\WINDOWS\system32\inetcpl.cpl
2011-02-22 23:06:29 . 2008-04-14 04:42:10   916480   ----a-w-   C:\WINDOWS\system32\wininet.dll
2011-02-22 23:06:29 . 2008-04-14 04:41:58   43520   ----a-w-   C:\WINDOWS\system32\licmgr10.dll
2011-02-22 11:41:59 . 2008-04-13 23:07:10   385024   ----a-w-   C:\WINDOWS\system32\html.iec
2011-02-17 13:18:24 . 2008-04-13 23:47:02   455936   ----a-w-   C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-02-17 13:18:03 . 2008-04-13 23:45:12   357888   ----a-w-   C:\WINDOWS\system32\drivers\srv.sys
2011-02-17 12:32:12 . 2009-12-15 15:41:07   5120   ----a-w-   C:\WINDOWS\system32\xpsp4res.dll
2011-02-15 12:56:39 . 2008-04-14 04:39:02   290432   ----a-w-   C:\WINDOWS\system32\atmfd.dll
2011-02-09 13:53:52 . 2008-04-14 04:42:06   270848   ----a-w-   C:\WINDOWS\system32\sbe.dll
2011-02-09 13:53:52 . 2008-04-14 04:41:54   186880   ----a-w-   C:\WINDOWS\system32\encdec.dll
2011-02-08 13:33:55 . 2008-04-14 04:41:58   978944   ----a-w-   C:\WINDOWS\system32\mfc42.dll
2011-02-08 13:33:55 . 2007-04-03 07:44:48   974848   ----a-w-   C:\WINDOWS\system32\mfc42u.dll
2011-02-02 21:40:23 . 2010-04-23 14:45:59   472808   ----a-w-   C:\WINDOWS\system32\deployJava1.dll
2011-02-02 19:19:39 . 2010-04-09 15:30:30   73728   ----a-w-   C:\WINDOWS\system32\javacpl.cpl
2011-02-02 07:58:35 . 2009-12-15 10:33:54   2067456   ----a-w-   C:\WINDOWS\system32\mstscax.dll
2011-01-27 11:57:06 . 2009-12-15 10:33:54   677888   ----a-w-   C:\WINDOWS\system32\mstsc.exe
2011-01-21 14:44:37 . 2008-04-14 04:42:06   439296   ----a-w-   C:\WINDOWS\system32\shimgvw.dll
2011-03-18 17:57:02 . 2011-03-23 15:17:20   142296   ----a-w-   C:\Program Files\mozilla firefox\components\browsercomps.dll
2006-05-03 11:06:54   163328   --sha-r-   C:\WINDOWS\system32\flvDX.dll
2007-02-21 12:47:16   31232   --sha-r-   C:\WINDOWS\system32\msfDX.dll
2008-03-16 14:30:52   216064   --sha-r-   C:\WINDOWS\system32\nbDX.dll

------- Sigcheck -------

Cryptography Services Error !!

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}"= "C:\Program Files\TV_Bar_1.1\prxtbTV_2.dll" [2011-01-17 14:54:02 175912]

[HKEY_CLASSES_ROOT\clsid\{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54:02   175912   ----a-w-   C:\Program Files\ConduitEngine\prxConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}]
2011-01-17 14:54:02   175912   ----a-w-   C:\Program Files\TV_Bar_1.1\prxtbTV_2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}"= "C:\Program Files\TV_Bar_1.1\prxtbTV_2.dll" [2011-01-17 14:54:02 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 14:54:02 175912]

[HKEY_CLASSES_ROOT\clsid\{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A386D4B0-FDDB-4E1C-AE61-4F014013CD9B}"= "C:\Program Files\TV_Bar_1.1\prxtbTV_2.dll" [2011-01-17 14:54:02 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 14:54:02 175912]

[HKEY_CLASSES_ROOT\clsid\{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2011-03-30 18:01:56   468128   ----a-w-   C:\Program Files\Agnitum\Outpost Security Suite Free\op_shell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GM4IE"="C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\GM4IE\GM4IE.exe" [2006-07-23 08:32:16 61440]
"Steam"="C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\Steam\Steam.exe" [2010-12-03 20:50:46 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 07:07:00 8491008]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 23:28:52 47904]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 16:09:56 281768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-11-29 17:38:18 421888]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 14:49:28 249064]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-03-07 15:33:40 421160]
"OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [2011-04-04 09:57:36 3107736]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe" [2011-03-30 18:01:48 517056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 04:42:30 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 22:41:34 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21:41   548352   ----a-w-   C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"C:\\Documents and Settings\\Anna McManus\\My Documents\\Conor's Folder\\Steam\\Steam.exe"=
"C:\\Documents and Settings\\Anna McManus\\My Documents\\Conor's Folder\\Steam\\steamapps\\gen100\\gtr evolution - demo\\GtrEvo_Demo_Steam.exe"=
"C:\\Documents and Settings\\Anna McManus\\My Documents\\Conor's Folder\\Steam\\steamapps\\gen100\\gtr evolution - demo\\Config.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\drivers\afw.sys [19/04/2011 20:48:20 34280]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;C:\WINDOWS\system32\drivers\wg111v3.sys [23/04/2007 15:11:54 341504]
S1 SandBox;SandBox;C:\WINDOWS\system32\drivers\SandBox.sys [19/04/2011 20:49:32 708760]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25:48 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41:30 67656]
S2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [19/04/2011 20:48:12 2072592]
S2 Akamai;Akamai NetSession Interface;C:\WINDOWS\System32\svchost.exe -k Akamai [14/04/2008 05:42:38 14336]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [06/11/2010 20:20:48 135336]
S2 gupdate1ca8fbae50c76ae;Google Update Service (gupdate1ca8fbae50c76ae);C:\Program Files\Google\Update\GoogleUpdate.exe [07/01/2010 18:00:19 133104]
S3 afwcore;afwcore;C:\WINDOWS\system32\drivers\afwcore.sys [19/04/2011 20:49:14 267624]
S3 ASWFilt;ASWFilt;C:\WINDOWS\system32\Filt\ASWFilt.dll [19/04/2011 20:49:35 70160]
S3 VBEngNT;VBEngNT;C:\WINDOWS\system32\drivers\VBEngNT.sys [19/04/2011 20:49:33 242040]
S3 VBFilt;VBFilt;C:\WINDOWS\system32\Filt\VBFilt.dll [19/04/2011 20:49:34 34096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ     Akamai

Contents of the 'Scheduled Tasks' folder

2011-04-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34:12 . 2008-07-30 12:34:12]

2011-04-20 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07 17:00:19 . 2010-01-07 17:00:16]

2011-04-20 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07 17:00:19 . 2010-01-07 17:00:16]

2011-04-19 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1177238915-1417001333-1003Core.job
- C:\Documents and Settings\Anna McManus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-18 11:18:06 . 2010-03-18 20:23:17]

2011-04-20 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1177238915-1417001333-1003UA.job
- C:\Documents and Settings\Anna McManus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-18 11:18:06 . 2010-03-18 20:23:17]

2011-04-19 C:\WINDOWS\Tasks\OGALogon.job
- C:\WINDOWS\system32\OGAEXEC.exe [2009-08-03 15:07:42 . 2009-08-03 15:07:42]

2010-08-31 C:\WINDOWS\Tasks\pixillionShakeIcon.job
- C:\Program Files\NCH Software\Pixillion\pixillion.exe [2010-08-23 18:34:37 . 2010-08-23 18:34:38]

2011-04-20 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1177238915-1417001333-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33:50 . 2010-11-05 11:33:50]

2011-04-20 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-1177238915-1417001333-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33:50 . 2010-11-05 11:33:50]

2011-04-20 C:\WINDOWS\Tasks\User_Feed_Synchronization-{9AEC4122-30F7-425A-AEE8-66CD5650F4FC}.job
- C:\WINDOWS\system32\msfeedssync.exe [2009-03-08 04:31:54 . 2009-03-08 04:31:54]

------- Supplementary Scan -------

uStart Page = hxxp://www.google.ie/webhp?rls=ig
uInternet Connection Wizard,ShellNext = hxxp://www.google.ie/
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
TCP: {2094D3C8-9017-48C6-9813-BCFE09227041} = 89.101.160.4,89.101.160.5,208.67.222.222
DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab
FF - ProfilePath - C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=10588&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: AlertStopper: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Check All: [email protected] - %profile%\extensions\[email protected]
FF - Ext: CheckFox: {BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87} - %profile%\extensions\{BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87}
FF - Ext: Copy Link Text: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Crash Report Helper: {078fac48-925f-4524-7cfe-85d44b8f4f98} - %profile%\extensions\{078fac48-925f-4524-7cfe-85d44b8f4f98}
FF - Ext: EAVE: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Expiry Canary: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Flash Killer: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Ghostery: [email protected] - %profile%\extensions\[email protected]
FF - Ext: GoogleEnhancer: {21e48e29-f574-4619-b65d-0f00eea92e5b} - %profile%\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
FF - Ext: Keyboard Shortcuts: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Kongregate Sidebar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Link Alert: [email protected] - %profile%\extensions\[email protected]
FF - Ext: LinkAndForminfo: {B71ACFF2-E436-4cc7-B5E3-0C8E2CC981BA} - %profile%\extensions\{B71ACFF2-E436-4cc7-B5E3-0C8E2CC981BA}
FF - Ext: Override Mozilla Firefox Guidance: omfg@olive - %profile%\extensions\omfg@olive
FF - Ext: PingMe: pingme@arcticfire - %profile%\extensions\pingme@arcticfire
FF - Ext: Privacy Plus: [email protected] - %profile%\extensions\[email protected]
FF - Ext: RightToClick: {cd617375-6743-4ee8-bac4-fbf10f35729e} - %profile%\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
FF - Ext: SimilarWeb: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Simple Links Counter: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Site Information Tool: siteinfo@wmtips - %profile%\extensions\siteinfo@wmtips
FF - Ext: Tab Progress Bar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Test Extension: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Trustpilot Guard: {736048c1-a1ec-4a70-b12b-1e399e79024e} - %profile%\extensions\{736048c1-a1ec-4a70-b12b-1e399e79024e}
FF - Ext: Verify Redirect: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Wappalyzer: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Personas Rotator: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351} - %profile%\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
FF - Ext: Sidebar Companion for Google Sidewiki: {62f82eb5-4d65-4224-983b-a09ff8b172a6} - %profile%\extensions\{62f82eb5-4d65-4224-983b-a09ff8b172a6}
FF - Ext: Google Redesigned: {cc85cd4e-5a5b-4eda-a25c-bdaffa93b406} - %profile%\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
FF - Ext: Google Minimalist: {64312dc5-3fc3-40d1-b183-0e4060fc52ac} - %profile%\extensions\{64312dc5-3fc3-40d1-b183-0e4060fc52ac}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Java Quick Starter: [email protected] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

SuperDave · « **Reply #5 on:** April 21, 2011, 01:22:29 PM »

The log shows that you appear to be running two AV's at once; AntiVir Desktop and Outpost Security Suite Pro. Please make sure that only one AV is enabled or it will cause some problems.

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

trekkie · « **Reply #6 on:** April 22, 2011, 09:47:46 AM »

A new problem:

If I boot into Windows normally, my CPU usage is at 100%. All the time. I can get nothing done there. I can boot into Safe Mode w/Networking, and that's where I'm posting from now, but as you know, not everything loads up in that mode. Here's a screenshot of Process Explorer showing the extent of the problem (might have to zoom in/look closely):

In any case, I've got you your log:

RootRepeal Log:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2011/04/22 15:45
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF6CFB000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79BB000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF62AB000   Size: 49152   File Visible: No   Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\windows\ntbtlog.txt
Status: Size mismatch (API: 1054902, Raw: 1054778)

Path: c:\windows\temp\perflib_perfdata_34c.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Stealth Objects
-------------------
Object: Hidden Code [Driver: prohlp02, IRP_MJ_CREATE]
Process: System   Address: 0xe1019920   Size: 994

Object: Hidden Code [Driver: prohlp02, IRP_MJ_CLOSE]
Process: System   Address: 0xe1019920   Size: 994

Object: Hidden Code [Driver: prohlp02, IRP_MJ_DEVICE_CONTROL]
Process: System   Address: 0xe1019920   Size: 994

==EOF==

SuperDave · « **Reply #7 on:** April 22, 2011, 09:54:38 AM »

You do have a lot of programs running but some of them may be running unnecessarily. Please try this tool to lighten your start-up load.

StartupLite

Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
***********************************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

trekkie · « **Reply #8 on:** April 22, 2011, 11:09:06 AM »

While I wait on the ESET scan:

On the CPU 100% issue, StartUpLite had no practical effect, but I have an OS disc. Do you think using it to repair/reinstall my OS would be a good idea?

I'll post the ESET log as soon as it's ready.

trekkie · « **Reply #9 on:** April 22, 2011, 02:33:29 PM »

(in best Italian accent) Itsa ready!

ESET Log:

D:\Documents and Settings\Aidan McManus\Local Settings\Temporary Internet Files\Content.IE5\QSN6YIWP\MyFunCardsInitialSetup1.0.1.1[1].exe

Win32/AdInstaller application

cleaned by deleting - quarantined

SuperDave · « **Reply #10 on:** April 22, 2011, 05:42:00 PM »

Quote

On the CPU 100% issue, StartUpLite had no practical effect, but I have an OS disc. Do you think using it to repair/reinstall my OS would be a good idea?

I would like to find out what using up all your memory first. How much RAM do you have? Please do this. Open Task Manager, processes and click twice on Mem Usage until all the largest users are at the top and do a screen print and send it to me.

trekkie · « **Reply #11 on:** April 23, 2011, 02:31:16 AM »

Total RAM is in my computer specs (on the left of all my posts). I prefer Process Explorer over Task Manager-it gives more detail.

Screenie (you're looking for Working Set for RAM):

I'm confused-is CPU usage and RAM usage related?

SuperDave · « **Reply #12 on:** April 23, 2011, 12:39:08 PM »

Are these screenshots taken in Normal Mode?
Did you do anything about the two AV programs?
I can't see anything that would cause this abnormal CPU usage. Let's try one more scan.

Download OTL to your desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Check the boxes beside LOP Check and Purity Check.
* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy and pate the contents of these files, one at a time, into your next reply.

Note: You may need two or more posts to fit them all in.

trekkie · « **Reply #13 on:** April 24, 2011, 10:05:12 AM »

Quote from: SuperDave on April 23, 2011, 12:39:08 PM

Did you do anything about the two AV programs?

Mmm-hmm, I uninstalled Avira AntiVir. It didn't affect the CPU usage, though.

Quote

Are these screenshots taken in Normal Mode?

Yep, with difficulty...

These OTL logs, on the other hand, are from Safe Mode. I had no choice-the computer froze when I tried to start OTL, much less run a scan. Sorry.

OTL.txt:

OTL logfile created on: 24/04/2011 16:52:29 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Anna McManus\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 684.00 Mb Available Physical Memory | 67.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.99 Gb Total Space | 6.09 Gb Free Space | 20.31% Space Free | Partition Type: NTFS
Drive D: | 107.07 Gb Total Space | 90.45 Gb Free Space | 84.48% Space Free | Partition Type: NTFS
Drive E: | 37.23 Gb Total Space | 10.37 Gb Free Space | 27.86% Space Free | Partition Type: NTFS
Drive H: | 6.00 Gb Total Space | 1.54 Gb Free Space | 25.74% Space Free | Partition Type: NTFS

Computer Name: DIMENSION-E520E | User Name: Anna McManus | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Anna McManus\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Anna McManus\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\Agnitum\Outpost Security Suite Free\wl_hook.dll (Agnitum Ltd.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
MOD - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Win32 Services (SafeList) ==========

SRV - (acssrv) -- C:\Program Files\Agnitum\Outpost Security Suite Free\acs.exe (Agnitum Ltd.)
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (SandBox) -- C:\WINDOWS\system32\drivers\SandBox.sys (Agnitum Ltd.)
DRV - (VBFilt) -- C:\WINDOWS\system32\Filt\VBFilt.dll (Agnitum Ltd.)
DRV - (ASWFilt) -- C:\WINDOWS\system32\Filt\ASWFilt.dll (Agnitum Ltd.)
DRV - (VBEngNT) -- C:\WINDOWS\system32\drivers\VBEngNT.sys (VirusBuster Kft.)
DRV - (afwcore) -- C:\WINDOWS\system32\drivers\afwcore.sys (Agnitum Ltd.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (afw) -- C:\WINDOWS\system32\drivers\afw.sys (Agnitum Ltd.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\wg111v3.sys (Realtek Semiconductor Corporation )
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/webhp?rls=ig
IE - HKCU\..\URLSearchHook: {a386d4b0-fddb-4e1c-ae61-4f014013cd9b} - C:\Program Files\TV_Bar_1.1\prxtbTV_2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginen ame: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://www.google.ie/"
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.0.1
FF - prefs.js..extensions.enabledItems: {c07d1a49-9894-49ff-a594-38960ede8fb9}:3.1.3beta1
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:200.000
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.3
FF - prefs.js..extensions.enabledItems: {BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87}:0.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.0
FF - prefs.js..extensions.enabledItems: {078fac48-925f-4524-7cfe-85d44b8f4f98}:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.2
FF - prefs.js..extensions.enabledItems: gmailwatcher@sonthakit:1.31
FF - prefs.js..extensions.enabledItems: [email protected]:0.1.3.1
FF - prefs.js..extensions.enabledItems: {21e48e29-f574-4619-b65d-0f00eea92e5b}:1.86
FF - prefs.js..extensions.enabledItems: [email protected]:0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - prefs.js..extensions.enabledItems: {B71ACFF2-E436-4cc7-B5E3-0C8E2CC981BA}:1.0.7
FF - prefs.js..extensions.enabledItems: {cf47767d-5f3a-4e32-9fce-5d79565c9702}:1.1.1
FF - prefs.js..extensions.enabledItems: omfg@olive:0.6.080510
FF - prefs.js..extensions.enabledItems: pingme@arcticfire:2.7.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1
FF - prefs.js..extensions.enabledItems: {cd617375-6743-4ee8-bac4-fbf10f35729e}:2.8.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.06
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: siteinfo@wmtips:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {736048c1-a1ec-4a70-b12b-1e399e79024e}:2.1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.13.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351}:1.1
FF - prefs.js..extensions.enabledItems: {62f82eb5-4d65-4224-983b-a09ff8b172a6}:0.7
FF - prefs.js..extensions.enabledItems: {cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}:0.6
FF - prefs.js..extensions.enabledItems: {64312dc5-3fc3-40d1-b183-0e4060fc52ac}:0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=10588&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/23 10:38:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 16:17:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 16:17:16 | 000,000,000 | ---D | M]

[2009/12/15 19:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Extensions
[2011/04/07 20:34:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions
[2010/02/20 22:13:27 | 000,000,000 | ---D | M] (Crash Report Helper) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{078fac48-925f-4524-7cfe-85d44b8f4f98}
[2011/03/23 16:07:43 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/08/03 18:26:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/23 16:08:15 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2010/02/20 22:13:16 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2010/11/19 17:52:35 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2010/04/21 14:24:32 | 000,000,000 | ---D | M] (Personas Windows Classic Statusbar) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{580ef9b7-8492-4844-a4f4-76bc7208fda1}
[2011/03/23 16:09:47 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/03/23 16:09:08 | 000,000,000 | ---D | M] (Sidebar Companion for Google Sidewiki) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{62f82eb5-4d65-4224-983b-a09ff8b172a6}
[2011/03/23 16:09:40 | 000,000,000 | ---D | M] (Google Minimalist) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{64312dc5-3fc3-40d1-b183-0e4060fc52ac}
[2011/03/23 16:07:41 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2011/04/07 20:27:53 | 000,000,000 | ---D | M] (Personas Rotator) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
[2010/03/20 18:27:54 | 000,000,000 | ---D | M] ("Trustpilot Guard") -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{736048c1-a1ec-4a70-b12b-1e399e79024e}
[2010/08/16 17:06:36 | 000,000,000 | ---D | M] (Read Later) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{9783dcc8-2250-4d3b-8beb-7c2007cf5651}
[2011/03/23 16:07:55 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/02/20 22:13:27 | 000,000,000 | ---D | M] (Currency Converter) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{af5514fc-7603-4cec-9894-f07f3d8672a5}
[2011/03/23 16:08:26 | 000,000,000 | ---D | M] (LinkAndForminfo) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{B71ACFF2-E436-4cc7-B5E3-0C8E2CC981BA}
[2010/03/19 20:39:15 | 000,000,000 | ---D | M] (CheckFox) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87}
[2011/03/23 16:07:44 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011/03/23 16:09:31 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2011/03/23 16:08:27 | 000,000,000 | ---D | M] ("RightToClick") -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
[2011/03/23 16:07:51 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/03/23 16:10:07 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/03/23 16:07:56 | 000,000,000 | ---D | M] ("AlertStopper") -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:26 | 000,000,000 | ---D | M] (Expiry Canary) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2011/03/23 16:08:22 | 000,000,000 | ---D | M] (InvisibleHand) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:27 | 000,000,000 | ---D | M] (Check All) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:27 | 000,000,000 | ---D | M] (Click Info) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2011/03/23 16:08:00 | 000,000,000 | ---D | M] ("Copy Link Text") -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:27 | 000,000,000 | ---D | M] ("EAVE") -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/12/16 00:03:09 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2011/03/23 16:08:08 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2011/03/23 16:08:29 | 000,000,000 | ---D | M] (SimilarWeb) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2011/03/23 16:08:03 | 000,000,000 | ---D | M] (Flash Killer) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:26 | 000,000,000 | ---D | M] (Gmail Popup) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:25 | 000,000,000 | ---D | M] (Keyboard Shortcuts) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:25 | 000,000,000 | ---D | M] (Google Date) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2011/03/23 16:08:24 | 000,000,000 | ---D | M] (Kongregate Sidebar) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2011/03/23 16:08:25 | 000,000,000 | ---D | M] ("Link Alert") -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:25 | 000,000,000 | ---D | M] ("Override Mozilla Firefox Guidance") -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\omfg@olive
[2011/03/23 16:09:01 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:24 | 000,000,000 | ---D | M] (PingMe) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\pingme@arcticfire
[2010/02/20 22:13:24 | 000,000,000 | ---D | M] (Privacy Plus) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:23 | 000,000,000 | ---D | M] (Simple Links Counter) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:23 | 000,000,000 | ---D | M] (Site Information Tool) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\siteinfo@wmtips
[2011/04/07 20:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\staged
[2010/02/20 22:13:23 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:22 | 000,000,000 | ---D | M] (Test Extension) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:22 | 000,000,000 | ---D | M] (TimeStamp Converter) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:20 | 000,000,000 | ---D | M] (Verify Redirect) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2011/03/23 16:08:52 | 000,000,000 | ---D | M] (Wappalyzer) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]
[2010/02/20 22:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]\chrome
[2010/02/20 22:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]\defaults
[2010/02/20 22:13:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]\chrome
[2010/02/20 22:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]\chrome
[2010/02/20 22:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\extensions\[email protected]\defaults
[2011/03/23 16:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/04 13:45:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/23 15:46:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/02 14:26:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 18:16:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/28 11:54:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/05 11:14:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2010/11/23 10:38:52 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ANNA MCMANUS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WZLAVWZF.DEFAULT\EXTENSIONS\{C07D1A49-9894-49FF-A594-38960EDE8FB9}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ANNA MCMANUS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WZLAVWZF.DEFAULT\EXTENSIONS\{C36177C0-224A-11DA-8CD6-0800200C9A91}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ANNA MCMANUS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WZLAVWZF.DEFAULT\EXTENSIONS\{CF47767D-5F3A-4E32-9FCE-5D79565C9702}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ANNA MCMANUS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WZLAVWZF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ANNA MCMANUS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WZLAVWZF.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ANNA MCMANUS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WZLAVWZF.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ANNA MCMANUS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WZLAVWZF.DEFAULT\EXTENSIONS\[email protected]
[2010/04/09 16:30:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 18:57:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/16 00:02:57 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/21 10:04:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AutoLogin) - {598B818E-71F1-486E-A0BE-9952B5851367} - Reg Error: Value error. File not found
O2 - BHO: (TV Bar 1.1 Toolbar) - {a386d4b0-fddb-4e1c-ae61-4f014013cd9b} - C:\Program Files\TV_Bar_1.1\prxtbTV_2.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AutoLogin) - {598B818E-71F1-486E-A0BE-9952B5851367} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (TV Bar 1.1 Toolbar) - {a386d4b0-fddb-4e1c-ae61-4f014013cd9b} - C:\Program Files\TV_Bar_1.1\prxtbTV_2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (TV Bar 1.1 Toolbar) - {A386D4B0-FDDB-4E1C-AE61-4F014013CD9B} - C:\Program Files\TV_Bar_1.1\prxtbTV_2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Security Suite Free\op_mon.exe (Agnitum Ltd.)
O4 - HKCU..\Run: [GM4IE] File not found
O4 - HKCU..\Run: [Steam] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: AutoLogin - {6CE08A84-B3F9-422a-B133-60275F605AF4} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : AutoLogin - {6CE08A84-B3F9-422a-B133-60275F605AF4} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {444785F1-DE89-4295-863A-D46C3A781394} http://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262022016343 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.67.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Security Suite Free\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Anna McManus\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Anna McManus\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/15 11:37:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9607228d-e9a1-11de-97f0-001676dffbe0}\Shell - "" = AutoRun
O33 - MountPoints2\{9607228d-e9a1-11de-97f0-001676dffbe0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9607228d-e9a1-11de-97f0-001676dffbe0}\Shell\AutoRun\command - "" = X:\SETUP.EXE /AUTORUN
O33 - MountPoints2\{9607228d-e9a1-11de-97f0-001676dffbe0}\Shell\configure\command - "" = X:\SETUP.EXE
O33 - MountPoints2\{9607228d-e9a1-11de-97f0-001676dffbe0}\Shell\install\command - "" = X:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/23 20:42:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Anna McManus\Desktop\OTL.exe
[2011/04/22 17:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/22 17:28:13 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\Anna McManus\Desktop\StartUpLite.exe
[2011/04/22 15:41:37 | 000,000,000 | ---D | C] -- C:\RootRepeal
[2011/04/21 19:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna McManus\Desktop\bluescreenview
[2011/04/21 17:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna McManus\Application Data\PriceGong
[2011/04/21 17:57:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/21 16:53:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/04/21 09:58:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/21 09:48:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/21 09:48:31 | 000,000,000 | ---D | C] -- C:\commy
[2011/04/21 09:22:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/19 20:49:33 | 000,242,040 | ---- | C] (VirusBuster Kft.) -- C:\WINDOWS\System32\drivers\VBEngNT.sys
[2011/04/19 20:49:32 | 000,708,760 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\SandBox.sys
[2011/04/19 20:49:14 | 000,267,624 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys
[2011/04/19 20:48:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Agnitum
[2011/04/19 20:48:20 | 000,034,280 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afw.sys
[2011/04/19 20:48:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Filt
[2011/04/19 20:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2011/04/19 20:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna McManus\Application Data\Agnitum
[2011/04/16 20:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna McManus\Local Settings\Application Data\Opera
[2011/04/16 20:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna McManus\Application Data\Opera
[2011/04/15 16:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna McManus\Local Settings\Application Data\PCHealth
[2011/04/12 11:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/24 16:33:16 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/24 15:58:07 | 000,000,147 | ---- | M] () -- C:\Documents and Settings\Anna McManus\Desktop\Netopia Router.url
[2011/04/24 15:50:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/24 15:28:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/23 20:43:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anna McManus\Desktop\OTL.exe
[2011/04/23 09:16:01 | 000,259,156 | ---- | M] () -- C:\Documents and Settings\Anna McManus\Desktop\screenshot3.jpg
[2011/04/23 09:15:06 | 000,262,177 | ---- | M] () -- C:\Documents and Settings\Anna McManus\Desktop\screenshot2.jpg
[2011/04/22 17:28:19 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\Anna McManus\Desktop\StartUpLite.exe
[2011/04/22 15:41:02 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\Anna McManus\Desktop\RootRepeal.zip
[2011/04/21 20:46:10 | 000,000,312 | -HS- | M] () -- C:\boot.ini
[2011/04/21 20:03:29 | 000,602,259 | ---- | M] () -- C:\Documents and Settings\Anna McManus\Desktop\screenshot1.jpg
[2011/04/21 19:22:22 | 000,059,456 | ---- | M] () -- C:\Documents and Settings\Anna McManus\Desktop\bluescreenview.zip
[2011/04/21 18:14:03 | 1071,599,616 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/04/21 10:04:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/21 09:27:57 | 000,927,494 | ---- | M] () -- C:\Documents and Settings\Anna McManus\Desktop\A guide and tutorial on using ComboFix.mht
[2011/04/20 16:54:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1177238915-1417001333-1003.job
[2011/04/20 16:53:59 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-1177238915-1417001333-1003.job
[2011/04/20 16:35:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1177238915-1417001333-1003UA.job
[2011/04/20 16:34:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/20 14:34:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/20 14:28:58 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9AEC4122-30F7-425A-AEE8-66CD5650F4FC}.job
[2011/04/19 21:06:16 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/04/19 20:35:01 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1177238915-1417001333-1003Core.job
[2011/04/16 13:59:50 | 000,214,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 22:04:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/15 22:03:23 | 000,465,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 22:03:23 | 000,078,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/11 17:24:01 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/23 09:16:00 | 000,259,156 | ---- | C] () -- C:\Documents and Settings\Anna McManus\Desktop\screenshot3.jpg
[2011/04/23 09:15:05 | 000,262,177 | ---- | C] () -- C:\Documents and Settings\Anna McManus\Desktop\screenshot2.jpg
[2011/04/22 15:41:00 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\Anna McManus\Desktop\RootRepeal.zip
[2011/04/21 20:03:26 | 000,602,259 | ---- | C] () -- C:\Documents and Settings\Anna McManus\Desktop\screenshot1.jpg
[2011/04/21 19:22:21 | 000,059,456 | ---- | C] () -- C:\Documents and Settings\Anna McManus\Desktop\bluescreenview.zip
[2011/04/21 09:27:54 | 000,927,494 | ---- | C] () -- C:\Documents and Settings\Anna McManus\Desktop\A guide and tutorial on using ComboFix.mht
[2011/04/19 20:48:35 | 000,000,049 | ---- | C] () -- C:\WINDOWS\transp.gif
[2011/03/04 14:16:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/02/06 18:40:31 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Anna McManus\Local Settings\Application Data\fusioncache.dat
[2010/12/21 19:04:51 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/10/11 20:36:00 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/07/30 10:58:05 | 000,000,059 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/07/15 20:30:11 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/14 15:36:27 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\FA057BB6C4.dll
[2010/05/06 18:03:54 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2010/04/17 21:18:04 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/04/07 17:14:45 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Anna McManus\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/15 19:24:58 | 000,000,772 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2010/01/12 23:04:54 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/01/12 23:00:42 | 000,117,671 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2009/12/25 12:32:31 | 000,041,616 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/15 19:36:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/15 19:09:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/15 18:45:51 | 000,087,808 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/12/15 11:40:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/15 11:34:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/15 11:22:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/15 11:21:30 | 000,214,472 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/01/15 05:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/05/05 11:25:27 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2005/03/21 19:48:04 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 19:48:04 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:59:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:59:59 | 000,465,072 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:59:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:59:59 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:59:59 | 000,078,958 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:59:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:59:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:59:59 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/04/19 20:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2010/05/14 15:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2010/04/10 12:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2010/06/13 19:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau
[2010/11/12 16:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/12/03 12:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/21 18:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Official Driver Theory Test
[2010/04/09 10:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/25 10:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/04/19 20:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\Agnitum
[2010/10/10 18:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\AnvSoft
[2010/12/16 18:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\BabylonToolbar
[2010/10/26 18:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\Bioshock
[2010/07/11 21:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\GetRightToGo
[2010/08/23 19:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\gtk-2.0
[2010/10/04 21:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\ieSpell
[2010/05/06 18:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\Image Zone Express
[2009/12/15 18:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\ImgBurn
[2009/12/15 22:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\InfraRecorder
[2010/08/23 19:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\InspireSoft
[2010/12/01 17:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\OLYMPUS
[2011/04/16 20:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\Opera
[2011/04/21 17:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\PriceGong
[2010/09/14 18:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\Sony Online Entertainment
[2010/06/07 19:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\Transcend
[2010/06/11 09:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\Uniblue
[2010/06/04 22:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\Unity
[2011/04/21 20:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\uTorrent
[2009/12/28 21:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\Windows Desktop Search
[2010/01/19 18:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\Windows Search
[2009/12/15 19:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\XnView
[2010/10/25 17:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna McManus\Application Data\ZombieDriver
[2011/04/19 21:06:16 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010/08/31 17:50:13 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job
[2011/04/20 14:28:58 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9AEC4122-30F7-425A-AEE8-66CD5650F4FC}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

trekkie · « **Reply #14 on:** April 24, 2011, 10:12:52 AM »

Quote from: trekkie on April 23, 2011, 02:31:16 AM

I'm confused-is CPU usage and RAM usage related?

RSVP.

OTL Extras.txt:

OTL Extras logfile created on: 24/04/2011 16:52:29 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Anna McManus\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 684.00 Mb Available Physical Memory | 67.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.99 Gb Total Space | 6.09 Gb Free Space | 20.31% Space Free | Partition Type: NTFS
Drive D: | 107.07 Gb Total Space | 90.45 Gb Free Space | 84.48% Space Free | Partition Type: NTFS
Drive E: | 37.23 Gb Total Space | 10.37 Gb Free Space | 27.86% Space Free | Partition Type: NTFS
Drive H: | 6.00 Gb Total Space | 1.54 Gb Free Space | 25.74% Space Free | Partition Type: NTFS

Computer Name: DIMENSION-E520E | User Name: Anna McManus | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1054:TCP" = 1054:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\Steam\Steam.exe" = C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\Steam\Steam.exe:*:Enabled:Steam
"C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\Steam\steamapps\gen100\gtr evolution - demo\GtrEvo_Demo_Steam.exe" = C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\Steam\steamapps\gen100\gtr evolution - demo\GtrEvo_Demo_Steam.exe:*:Enabled:GTR Evolution Demo
"C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\Steam\steamapps\gen100\gtr evolution - demo\Config.exe" = C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\Steam\steamapps\gen100\gtr evolution - demo\Config.exe:*:Enabled:GTR Evolution Demo
"C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\opera.exe" = C:\Documents and Settings\Anna McManus\My Documents\Conor's Folder\opera.exe:*:Enabled:Opera Internet Browser

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
".sol Editor" = .sol Editor 1.1.0.1
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{67880EA3-63C2-4143-88F4-51A21B516CBE}" = e-Sword
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.46
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"7-Zip" = 7-Zip 4.65
"AbiWord2" = AbiWord 2.6.8
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agnitum Outpost Security Suite Free_is1" = Outpost Security Suite 7.1.1
"Akamai" = Akamai NetSession Interface
"CCleaner" = CCleaner
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"conduitEngine" = Conduit Engine
"CutePDF Writer Installation" = CutePDF Writer 2.7
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader" = Foxit Reader
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"JAIELangPack" = Japanese Language Support
"JPEG Lossless Rotator_is1" = JPEG Lossless Rotator 6.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 en-GB)" = Mozilla Firefox 4.0 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Pixillion" = Pixillion Image Converter
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.88
"Total Uninstall 5_is1" = Total Uninstall 5.6.1
"TV_Bar_1.1 Toolbar" = TV Bar 1.1 Toolbar
"Tweak UI 2.10" = Tweak UI
"Universal Extractor_is1" = Universal Extractor 1.6
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Free Realms Installer" = Free Realms Installer
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/04/2011 03:20:18 | Computer Name = DIMENSION-E520E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 34652422

Error - 20/04/2011 03:20:18 | Computer Name = DIMENSION-E520E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 34652422

Error - 20/04/2011 03:20:33 | Computer Name = DIMENSION-E520E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 20/04/2011 03:20:33 | Computer Name = DIMENSION-E520E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 34670047

Error - 20/04/2011 03:20:33 | Computer Name = DIMENSION-E520E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 34670047

Error - 20/04/2011 17:23:00 | Computer Name = DIMENSION-E520E | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007043c: InitEventCollector fail

Error - 20/04/2011 17:23:15 | Computer Name = DIMENSION-E520E | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007043c: InitEventCollector fail

Error - 22/04/2011 16:53:15 | Computer Name = DIMENSION-E520E | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x8007043c.

Error - 22/04/2011 16:53:15 | Computer Name = DIMENSION-E520E | Source = VSS | ID = 5012
Description = Volume Shadow Copy Service error: Shadow Copy shim called routine
CoCreateInstance( CLSID_VSSCoordinator, IID_IVssShim) which failed with status 0x8007043c
(converted to 0x8000ffff).

Error - 22/04/2011 16:53:15 | Computer Name = DIMENSION-E520E | Source = NTBackup | ID = 8019
Description = End Operation: Warnings or errors were encountered. Consult the backup
report for more details.

[ System Events ]
Error - 24/04/2011 11:33:15 | Computer Name = DIMENSION-E520E | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and
Last Error was The referenced assembly is not installed on your system.

Error - 24/04/2011 11:33:15 | Computer Name = DIMENSION-E520E | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference
error message: The referenced assembly is not installed on your system. .

Error - 24/04/2011 11:33:15 | Computer Name = DIMENSION-E520E | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll.
Reference
error message: The operation completed successfully. .

Error - 24/04/2011 11:34:03 | Computer Name = DIMENSION-E520E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 24/04/2011 11:44:41 | Computer Name = DIMENSION-E520E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 24/04/2011 11:48:36 | Computer Name = DIMENSION-E520E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 24/04/2011 11:49:46 | Computer Name = DIMENSION-E520E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 24/04/2011 11:50:25 | Computer Name = DIMENSION-E520E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 24/04/2011 11:51:27 | Computer Name = DIMENSION-E520E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 24/04/2011 11:52:16 | Computer Name = DIMENSION-E520E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

< End of report >

SuperDave · « **Reply #15 on:** April 25, 2011, 05:32:07 PM »

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
O2 - BHO: (AutoLogin) - {598B818E-71F1-486E-A0BE-9952B5851367} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (AutoLogin) - {598B818E-71F1-486E-A0BE-9952B5851367} - Reg Error: Value error. File not found
O4 - HKCU..\Run: [GM4IE]  File not found
O4 - HKCU..\Run: [Steam]  File not found
O9 - Extra Button: AutoLogin - {6CE08A84-B3F9-422a-B133-60275F605AF4} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : AutoLogin - {6CE08A84-B3F9-422a-B133-60275F605AF4} - Reg Error: Value error. File not found

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
***********************************************************
Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

C:\WINDOWS\jestertb.dll
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
*****************************************************

Quote

I'm confused-is CPU usage and RAM usage related?

You can find more info about CPU and RAM here.

I really can't find the cause as to why your computer is always at 100%. I'd like to run one more scan.

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

trekkie · « **Reply #16 on:** April 28, 2011, 05:24:14 AM »

Remember, everything here was taken in SAFE MODE.

OTL Log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{598B818E-71F1-486E-A0BE-9952B5851367}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598B818E-71F1-486E-A0BE-9952B5851367}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{598B818E-71F1-486E-A0BE-9952B5851367} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598B818E-71F1-486E-A0BE-9952B5851367}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GM4IE deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Steam deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6CE08A84-B3F9-422a-B133-60275F605AF4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CE08A84-B3F9-422a-B133-60275F605AF4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6CE08A84-B3F9-422a-B133-60275F605AF4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CE08A84-B3F9-422a-B133-60275F605AF4}\ not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Anna McManus
->Temp folder emptied: 1558237 bytes
->Temporary Internet Files folder emptied: 15228232 bytes
->Java cache emptied: 42750257 bytes
->FireFox cache emptied: 77754192 bytes
->Google Chrome cache emptied: 6230746 bytes
->Apple Safari cache emptied: 5004288 bytes
->Flash cache emptied: 5985849 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2434942 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82403 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 142942 bytes

Total Files Cleaned = 150.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04282011_114553

Files\Folders moved on Reboot...
C:\Documents and Settings\Anna McManus\Local Settings\Temporary Internet Files\Content.IE5\E4O1JF08\topic,113324.msg786471[1].html moved successfully.
File move failed. C:\Documents and Settings\Anna McManus\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Anna McManus\Local Settings\Temporary Internet Files\SuggestedSites.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Jotti link: http://virusscan.jotti.org/en/scanresult/05654cf4bf54e3f0d69c9b5df2995a54a6fd0d85

Had some trouble with this site. Ctrl+V=FAIL.

But seriously, I had to browse my way to the file. Then, when I submitted the file, it said that the file had already been scanned. I hit the "Scan Again" button on the top anyways, so the link above is to the scan of MY file.

DDS.txt:

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Anna McManus at 12:01:16.93 on 28/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.353.1033.18.1022.751 [GMT 1:00]
.
AV: Outpost Security Suite Pro *Disabled/Updated* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FW: Outpost Security Suite Pro *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Anna McManus\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ie/webhp?rls=ig
uInternet Connection Wizard,ShellNext = hxxp://www.google.ie/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: TV Bar 1.1 Toolbar: {a386d4b0-fddb-4e1c-ae61-4f014013cd9b} - c:\program files\tv_bar_1.1\prxtbTV_2.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: TV Bar 1.1 Toolbar: {a386d4b0-fddb-4e1c-ae61-4f014013cd9b} - c:\program files\tv_bar_1.1\prxtbTV_2.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: TV Bar 1.1 Toolbar: {a386d4b0-fddb-4e1c-ae61-4f014013cd9b} - c:\program files\tv_bar_1.1\prxtbTV_2.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "c:\documents and settings\anna mcmanus\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [OutpostMonitor] "c:\progra~1\agnitum\outpos~1\op_mon.exe" /tray /noservice
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost security suite free\feedback.exe" /dump:os_startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262022016343
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.67.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {2094D3C8-9017-48C6-9813-BCFE09227041} = 89.101.160.4,89.101.160.5,208.67.222.222
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\annamc~1\applic~1\mozilla\firefox\profiles\wzlavwzf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=10588&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: AlertStopper: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Check All: [email protected] - %profile%\extensions\[email protected]
FF - Ext: CheckFox: {BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87} - %profile%\extensions\{BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87}
FF - Ext: Copy Link Text: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Crash Report Helper: {078fac48-925f-4524-7cfe-85d44b8f4f98} - %profile%\extensions\{078fac48-925f-4524-7cfe-85d44b8f4f98}
FF - Ext: EAVE: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Expiry Canary: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Flash Killer: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Ghostery: [email protected] - %profile%\extensions\[email protected]
FF - Ext: GoogleEnhancer: {21e48e29-f574-4619-b65d-0f00eea92e5b} - %profile%\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
FF - Ext: Keyboard Shortcuts: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Kongregate Sidebar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Link Alert: [email protected] - %profile%\extensions\[email protected]
FF - Ext: LinkAndForminfo: {B71ACFF2-E436-4cc7-B5E3-0C8E2CC981BA} - %profile%\extensions\{B71ACFF2-E436-4cc7-B5E3-0C8E2CC981BA}
FF - Ext: Override Mozilla Firefox Guidance: omfg@olive - %profile%\extensions\omfg@olive
FF - Ext: PingMe: pingme@arcticfire - %profile%\extensions\pingme@arcticfire
FF - Ext: Privacy Plus: [email protected] - %profile%\extensions\[email protected]
FF - Ext: RightToClick: {cd617375-6743-4ee8-bac4-fbf10f35729e} - %profile%\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
FF - Ext: SimilarWeb: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Simple Links Counter: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Site Information Tool: siteinfo@wmtips - %profile%\extensions\siteinfo@wmtips
FF - Ext: Tab Progress Bar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Test Extension: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Trustpilot Guard: {736048c1-a1ec-4a70-b12b-1e399e79024e} - %profile%\extensions\{736048c1-a1ec-4a70-b12b-1e399e79024e}
FF - Ext: Verify Redirect: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Wappalyzer: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Personas Rotator: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351} - %profile%\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
FF - Ext: Sidebar Companion for Google Sidewiki: {62f82eb5-4d65-4224-983b-a09ff8b172a6} - %profile%\extensions\{62f82eb5-4d65-4224-983b-a09ff8b172a6}
FF - Ext: Google Redesigned: {cc85cd4e-5a5b-4eda-a25c-bdaffa93b406} - %profile%\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
FF - Ext: Google Minimalist: {64312dc5-3fc3-40d1-b183-0e4060fc52ac} - %profile%\extensions\{64312dc5-3fc3-40d1-b183-0e4060fc52ac}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2011-4-19 34280]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-4-23 341504]
S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2011-4-19 708760]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2011-4-19 2072592]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
S2 gupdate1ca8fbae50c76ae;Google Update Service (gupdate1ca8fbae50c76ae);c:\program files\google\update\GoogleUpdate.exe [2010-1-7 133104]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2011-4-19 267624]
S3 ASWFilt;ASWFilt;c:\windows\system32\filt\ASWFilt.dll [2011-4-19 70160]
S3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [2011-4-19 242040]
S3 VBFilt;VBFilt;c:\windows\system32\filt\VBFilt.dll [2011-4-19 34096]
.
=============== Created Last 30 ================
.
2011-04-28 10:45:53   --------   d-----w-   C:\_OTL
2011-04-22 16:52:13   --------   d-----w-   c:\program files\ESET
2011-04-22 14:41:37   --------   d-----w-   C:\RootRepeal
2011-04-21 16:58:03   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2011-04-21 16:58:03   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-04-21 16:57:35   --------   d-----w-   c:\docume~1\annamc~1\applic~1\PriceGong
2011-04-21 15:53:07   --------   d-----w-   c:\windows\pss
2011-04-21 08:48:31   --------   d-----w-   C:\commy
2011-04-19 19:49:33   242040   ----a-w-   c:\windows\system32\drivers\VBEngNT.sys
2011-04-19 19:49:32   708760   ----a-w-   c:\windows\system32\drivers\SandBox.sys
2011-04-19 19:49:14   267624   ----a-w-   c:\windows\system32\drivers\afwcore.sys
2011-04-19 19:48:20   34280   ----a-w-   c:\windows\system32\drivers\afw.sys
2011-04-19 19:48:01   --------   d-----w-   c:\windows\system32\Filt
2011-04-19 19:48:01   --------   d-----w-   c:\program files\Agnitum
2011-04-19 19:48:01   --------   d-----w-   c:\docume~1\annamc~1\applic~1\Agnitum
2011-04-16 19:21:54   --------   d-----w-   c:\docume~1\annamc~1\locals~1\applic~1\Opera
2011-04-15 15:52:13   --------   d-----w-   c:\docume~1\annamc~1\locals~1\applic~1\PCHealth
.
==================== Find3M ====================
.
2011-03-07 05:33:50   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21:11   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-22 23:06:29   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-02-22 23:06:29   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59   385024   ----a-w-   c:\windows\system32\html.iec
2011-02-17 12:32:12   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39   290432   ----a-w-   c:\windows\system32\atmfd.dll
2011-02-09 13:53:52   270848   ----a-w-   c:\windows\system32\sbe.dll
2011-02-09 13:53:52   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-02-08 13:33:55   978944   ----a-w-   c:\windows\system32\mfc42.dll
2011-02-08 13:33:55   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2011-02-02 21:40:23   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-02-02 19:19:39   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35   2067456   ----a-w-   c:\windows\system32\mstscax.dll
2006-05-03 11:06:54   163328   --sha-r-   c:\windows\system32\flvDX.dll
2007-02-21 12:47:16   31232   --sha-r-   c:\windows\system32\msfDX.dll
2008-03-16 14:30:52   216064   --sha-r-   c:\windows\system32\nbDX.dll
.
============= FINISH: 12:02:17.04 ===============

Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 15/12/2009 10:40:18
System Uptime: 28/04/2011 11:47:23 (1 hours ago)
.
Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 30 GiB total, 6.228 GiB free.
D: is FIXED (NTFS) - 107 GiB total, 90.447 GiB free.
E: is FIXED (NTFS) - 37 GiB total, 10.372 GiB free.
H: is FIXED (NTFS) - 6 GiB total, 1.546 GiB free.
R: is Removable
S: is Removable
T: is Removable
U: is Removable
V: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP242: 19/04/2011 19:36:51 - Agnitum Outpost Security Suite Free Restore Point: install
RP243: 19/04/2011 20:40:23 - Agnitum Outpost Security Suite Free Restore Point: uninstall
RP244: 19/04/2011 20:48:12 - Agnitum Outpost Security Suite Free Restore Point: install
RP245: 19/04/2011 21:09:17 - Software Distribution Service 3.0
RP246: 21/04/2011 17:57:21 - Restore Operation
.
==== Installed Programs ======================
.
.sol Editor 1.1.0.1
7-Zip 4.65
AbiWord 2.6.8
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
AiO_Scan_CDA
AiOSoftwareNPI
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
Bonjour
BufferChm
CCleaner
Cheat Engine 5.6.1
CmdHere Powertoy For Windows XP
Compatibility Pack for the 2007 Office system
Conduit Engine
Conexant D850 56K V.9x DFVc Modem
CutePDF Writer 2.7
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
e-Sword
ESET Online Scanner v3
F300
F300_Help
Fax_CDA
Foxit Reader
Free Realms Installer
GIMP 2.6.10
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Driver Diagnostics
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HPPhotoSmartExpress
ieSpell
Image Resizer Powertoy for Windows XP
ImageMixer VCD/DVD2 for OLYMPUS
ImgBurn
InfraRecorder
InstantShareDevicesMFC
Intel(R) PRO Network Connections Drivers
iTunes
Japanese Language Support
Java Auto Updater
Java(TM) 6 Update 24
JPEG Lossless Rotator 6.4
Junk Mail filter update
Malwarebytes' Anti-Malware
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
Mozilla Firefox 4.0 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR WG111v3 wireless USB 2.0 adapter
NewCopy_CDA
NVIDIA Drivers
NVIDIA PhysX
OCR Software by I.R.I.S 7.0
OGA Notifier 2.0.0048.0
OLYMPUS Master
OpenAL
Outpost Security Suite 7.1.1
Pixillion Image Converter
ProductContextNPI
QuickTime
Readme
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Recuva
Revo Uninstaller 1.88
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SigmaTel Audio
Skype Toolbars
Skype™ 5.1
Status
Steam
SUPERAntiSpyware
Toolbox
Total Uninstall 5.6.1
TrayApp
TV Bar 1.1 Toolbar
Tweak UI
Unity Web Player
Universal Extractor 1.6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
v2011.build.46
VirtualCloneDrive
VoiceOver Kit
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Search 4.0
Zune Desktop Theme
.
==== Event Viewer Messages From Past Week ========
.
25/04/2011 14:56:52, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service iPod Service with arguments "" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}
25/04/2011 14:56:05, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
24/04/2011 16:33:15, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
24/04/2011 16:33:15, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
24/04/2011 16:33:15, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
24/04/2011 15:30:43, error: Tcpip [4198] - The system detected an address conflict for IP address 192.168.1.4 with the system having network hardware address 7C:ED:8D:2C:15:CB. The local interface has been disabled.
23/04/2011 13:44:19, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
22/04/2011 21:53:15, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
22/04/2011 21:34:32, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
22/04/2011 15:38:35, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ElbyCDIO Fips intelppm prodrv06 SandBox SASDIFSV SASKUTIL
21/04/2011 20:17:28, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
21/04/2011 20:16:01, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb ElbyCDIO Fips intelppm prodrv06 SandBox SASDIFSV SASKUTIL ssmdrv
21/04/2011 19:39:36, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
21/04/2011 19:11:57, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
21/04/2011 18:59:13, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
.
==== End Of File ===========================

SuperDave · « **Reply #17 on:** April 28, 2011, 11:49:13 AM »

Quote

Remember, everything here was taken in SAFE MODE.

Are you still having problems running Normal Mode?

Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
Once inside the interface, do not fix anything. Click on the Report tab.
Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

Note: You may get this warning while running Rootkit Unhooker. It is OK so just ignore it:

Code: [Select]

"Rootkit Unhooker has detected a parasite inside itself!

Code: [Select]

It is recommended to remove parasite, okay?"

trekkie · « **Reply #18 on:** April 28, 2011, 02:28:59 PM »

Quote from: SuperDave on April 28, 2011, 11:49:13 AM

Are you still having problems running Normal Mode?

Yup, CPU usage still maxing itself out in Normal Mode.

Quote

Note: You may get this warning while running Rootkit Unhooker. It is OK so just ignore it:
"Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"

...Uh, what? Well, this is more important, you can explain that later:

While trying to run the randomly-named file, I got a "Error loading/opening driver" message. Any ideas?

SuperDave · « **Reply #19 on:** April 29, 2011, 12:59:31 PM »

Ok. Let's try this:

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

trekkie · « **Reply #20 on:** April 29, 2011, 03:38:43 PM »

I assume you wanted me to post the log, but you just forgot to say. I also added some spacing for you in the log (curse text wrap!)

GMER Log:

GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-04-29 22:30:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340014AS rev.8.12
Running: gmer.exe; Driver: C:\DOCUME~1\ANNAMC~1\LOCALS~1\Temp\awtyquoc.sys

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\ctfmon.exe[456] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\ctfmon.exe[456] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\ctfmon.exe[456] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\ctfmon.exe[456] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\DOCUME~1\ANNAMC~1\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[900] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\DOCUME~1\ANNAMC~1\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[900] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\DOCUME~1\ANNAMC~1\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[900] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\DOCUME~1\ANNAMC~1\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[900] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\Explorer.EXE[1264] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\Explorer.EXE[1264] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\Explorer.EXE[1264] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\Explorer.EXE[1264] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\winlogon.exe[1460] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\winlogon.exe[1460] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\winlogon.exe[1460] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\winlogon.exe[1460] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\services.exe[1504] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\services.exe[1504] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\services.exe[1504] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\services.exe[1504] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\lsass.exe[1516] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\lsass.exe[1516] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\lsass.exe[1516] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\lsass.exe[1516] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\svchost.exe[1728] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\svchost.exe[1728] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\svchost.exe[1728] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\svchost.exe[1728] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\svchost.exe[1908] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\svchost.exe[1908] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\svchost.exe[1908] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\svchost.exe[1908] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\svchost.exe[1920] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\svchost.exe[1920] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\svchost.exe[1920] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

.text C:\WINDOWS\system32\svchost.exe[1920] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

---- Devices - GMER 1.0.15 ----

Device \Driver\prohlp02 \Device\ProHlp02 E1525188

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

SuperDave · « **Reply #21 on:** April 29, 2011, 05:28:18 PM »

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

•Open the folder and run Dial-a-fix.exe
•2 windows will open. Close the one in the background labeled Restrictive Policies

•Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked

Fix SSL/HTTPS/Crypstvc:
Stop Services
Empty System32\Catroot2
Register DLLs
Start service

•Click Go

•OK any error messages if received, but write them down and post them here.

•Restart the computer when done.

trekkie · « **Reply #22 on:** April 30, 2011, 09:42:00 AM »

I only got one error message, at the beginning:
"Dial-a-fix was unable to determine your version of Internet Explorer. Certain DLL registrations will be skipped."
Version is IE 8.

It also didn't create a log-that's OK?

SuperDave · « **Reply #23 on:** April 30, 2011, 04:59:32 PM »

Please run another ComboFix scan to see if the service was repaired.

trekkie · « **Reply #24 on:** May 01, 2011, 10:03:26 AM »

By the way, why do we sometimes need to rename programs (e.g. ComboFix to commy)?

Anyways, ComboFix log:

ComboFix 11-04-30.06 - Anna McManus 01/05/2011 16:28:52.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.353.1033.18.1022.790 [GMT 1:00]
Running from: c:\documents and settings\Anna McManus\desktop\commy.exe
Command switches used :: /stepdel
AV: Outpost Security Suite Pro *Disabled/Updated* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FW: Outpost Security Suite Pro *Enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Anna McManus\Application Data\PriceGong
c:\rootrepeal\RootRepeal.exe
c:\documents and settings\Anna McManus\Start Menu\Programs\Uninstall.lnk
c:\windows\jestertb.dll
c:\windows\system32\arp.exe
c:\windows\system32\SCardSvr.exe
c:\windows\system32\setup.exe
.
---- Previous Run -------
.
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Anna McManus\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Anna McManus\Start Menu\Programs\Uninstall.lnk
c:\windows\jestertb.dll
c:\windows\system32\arp.exe
c:\windows\system32\SCardSvr.exe
c:\windows\system32\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-01 to 2011-05-01 )))))))))))))))))))))))))))))))
.
.
2011-04-19 20:05 . 2011-04-19 20:05   63115   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-04-19 20:05 . 2011-04-19 20:05   4599   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-04-19 20:05 . 2011-04-19 20:05   9310   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-04-19 20:05 . 2011-04-19 20:05   8646   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-04-19 20:05 . 2011-04-19 20:05   6429   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-04-19 20:05 . 2011-04-19 20:05   5927   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-04-19 20:05 . 2011-04-19 20:05   8613   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-04-19 20:05 . 2011-04-19 20:05   1651   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-04-19 20:04 . 2011-04-19 20:04   6910   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-04-19 20:04 . 2011-04-19 20:04   8288   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-04-19 20:04 . 2011-04-19 20:04   6208   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-04-19 20:04 . 2011-04-19 20:04   18541   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-04-19 20:04 . 2011-04-19 20:04   51852   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-04-19 20:04 . 2011-04-19 20:04   20719   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-04-19 20:04 . 2011-04-19 20:04   23327   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-04-19 20:04 . 2011-04-19 20:04   8782   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-04-19 20:04 . 2011-04-19 20:04   7271   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-04-19 19:49 . 2011-02-02 16:04   242040   ----a-w-   c:\windows\system32\drivers\VBEngNT.sys
2011-04-19 19:49 . 2011-03-21 15:27   708760   ----a-w-   c:\windows\system32\drivers\SandBox.sys
2011-04-19 19:49 . 2010-09-27 14:40   267624   ----a-w-   c:\windows\system32\drivers\afwcore.sys
2011-04-19 19:48 . 2010-04-20 15:05   34280   ----a-w-   c:\windows\system32\drivers\afw.sys
2011-04-19 19:48 . 2011-04-21 16:57   --------   d-----w-   c:\windows\system32\Filt
2011-04-19 19:48 . 2011-04-19 19:48   --------   d-----w-   c:\program files\Agnitum
2011-04-19 19:48 . 2011-04-19 19:48   --------   d-----w-   c:\documents and settings\Anna McManus\Application Data\Agnitum
2011-04-16 19:21 . 2011-04-16 19:21   --------   d-----w-   c:\documents and settings\Anna McManus\Local Settings\Application Data\Opera
2011-04-15 15:52 . 2011-04-15 15:52   --------   d-----w-   c:\documents and settings\Anna McManus\Local Settings\Application Data\PCHealth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2009-12-15 10:35   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-14 04:42   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-04-14 00:00   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2008-04-14 04:42   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-02-22 23:06 . 2008-04-14 04:42   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2008-04-14 04:41   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-02-22 11:41 . 2008-04-13 23:07   385024   ----a-w-   c:\windows\system32\html.iec
2011-02-17 13:18 . 2008-04-13 23:47   455936   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-13 23:45   357888   ----a-w-   c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-12-15 15:41   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-14 04:39   290432   ----a-w-   c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 04:42   270848   ----a-w-   c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 04:41   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 04:41   978944   ----a-w-   c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2007-04-03 07:44   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2011-02-02 21:40 . 2010-04-23 14:45   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-02-02 19:19 . 2010-04-09 15:30   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2009-12-15 10:33   2067456   ----a-w-   c:\windows\system32\mstscax.dll
2011-03-18 17:57 . 2011-03-23 15:17   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 11:06   163328   --sha-r-   c:\windows\system32\flvDX.dll
2007-02-21 12:47   31232   --sha-r-   c:\windows\system32\msfDX.dll
2008-03-16 14:30   216064   --sha-r-   c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}"= "c:\program files\TV_Bar_1.1\prxtbTV_2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54   175912   ----a-w-   c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}]
2011-01-17 14:54   175912   ----a-w-   c:\program files\TV_Bar_1.1\prxtbTV_2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}"= "c:\program files\TV_Bar_1.1\prxtbTV_2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A386D4B0-FDDB-4E1C-AE61-4F014013CD9B}"= "c:\program files\TV_Bar_1.1\prxtbTV_2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a386d4b0-fddb-4e1c-ae61-4f014013cd9b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2011-03-30 18:01   468128   ----a-w-   c:\program files\Agnitum\Outpost Security Suite Free\op_shell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2011-04-04 3107736]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Security Suite Free\feedback.exe" [2011-03-30 517056]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-23 274608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2006-5-29 1527808]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG111v3 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^µTorrent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\µTorrent.lnk
backup=c:\windows\pss\µTorrent.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
.
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [19/04/2011 20:48 34280]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [23/04/2007 15:11 341504]
S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [19/04/2011 20:49 708760]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [19/04/2011 20:48 2072592]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14/04/2008 05:42 14336]
S2 gupdate1ca8fbae50c76ae;Google Update Service (gupdate1ca8fbae50c76ae);c:\program files\Google\Update\GoogleUpdate.exe [07/01/2010 18:00 133104]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [19/04/2011 20:49 267624]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [19/04/2011 20:49 70160]
S3 Normandy;Normandy SR2;

S3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [19/04/2011 20:49 242040]
S3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt.dll [19/04/2011 20:49 34096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
2011-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 17:00]
.
2011-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 17:00]
.
2011-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1177238915-1417001333-1003Core.job
- c:\documents and settings\Anna McManus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-18 20:23]
.
2011-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1177238915-1417001333-1003UA.job
- c:\documents and settings\Anna McManus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-18 20:23]
.
2011-04-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]
.
2010-08-31 c:\windows\Tasks\pixillionShakeIcon.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2010-08-23 18:34]
.
2011-04-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1177238915-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
.
2011-04-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-1177238915-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
.
2011-04-20 c:\windows\Tasks\User_Feed_Synchronization-{9AEC4122-30F7-425A-AEE8-66CD5650F4FC}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/webhp?rls=ig
uInternet Connection Wizard,ShellNext = hxxp://www.google.ie/
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: {2094D3C8-9017-48C6-9813-BCFE09227041} = 89.101.160.4,89.101.160.5,208.67.222.222
DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab
FF - ProfilePath - c:\documents and settings\Anna McManus\Application Data\Mozilla\Firefox\Profiles\wzlavwzf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=10588&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: AlertStopper: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Check All: [email protected] - %profile%\extensions\[email protected]
FF - Ext: CheckFox: {BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87} - %profile%\extensions\{BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87}
FF - Ext: Copy Link Text: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Crash Report Helper: {078fac48-925f-4524-7cfe-85d44b8f4f98} - %profile%\extensions\{078fac48-925f-4524-7cfe-85d44b8f4f98}
FF - Ext: EAVE: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Expiry Canary: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Flash Killer: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Ghostery: [email protected] - %profile%\extensions\[email protected]
FF - Ext: GoogleEnhancer: {21e48e29-f574-4619-b65d-0f00eea92e5b} - %profile%\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
FF - Ext: Keyboard Shortcuts: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Kongregate Sidebar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Link Alert: [email protected] - %profile%\extensions\[email protected]
FF - Ext: LinkAndForminfo: {B71ACFF2-E436-4cc7-B5E3-0C8E2CC981BA} - %profile%\extensions\{B71ACFF2-E436-4cc7-B5E3-0C8E2CC981BA}
FF - Ext: Override Mozilla Firefox Guidance: omfg@olive - %profile%\extensions\omfg@olive
FF - Ext: PingMe: pingme@arcticfire - %profile%\extensions\pingme@arcticfire
FF - Ext: Privacy Plus: [email protected] - %profile%\extensions\[email protected]
FF - Ext: RightToClick: {cd617375-6743-4ee8-bac4-fbf10f35729e} - %profile%\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
FF - Ext: SimilarWeb: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Simple Links Counter: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Site Information Tool: siteinfo@wmtips - %profile%\extensions\siteinfo@wmtips
FF - Ext: Tab Progress Bar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Test Extension: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Trustpilot Guard: {736048c1-a1ec-4a70-b12b-1e399e79024e} - %profile%\extensions\{736048c1-a1ec-4a70-b12b-1e399e79024e}
FF - Ext: Verify Redirect: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Wappalyzer: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Personas Rotator: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351} - %profile%\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
FF - Ext: Sidebar Companion for Google Sidewiki: {62f82eb5-4d65-4224-983b-a09ff8b172a6} - %profile%\extensions\{62f82eb5-4d65-4224-983b-a09ff8b172a6}
FF - Ext: Google Redesigned: {cc85cd4e-5a5b-4eda-a25c-bdaffa93b406} - %profile%\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
FF - Ext: Google Minimalist: {64312dc5-3fc3-40d1-b183-0e4060fc52ac} - %profile%\extensions\{64312dc5-3fc3-40d1-b183-0e4060fc52ac}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-CTFMON - (no file)
AddRemove-.sol Editor - c:\documents and settings\Anna McManus\My Documents\Conor's Folder\Sol Edit\uninst.exe
AddRemove-Cheat Engine 5.6.1_is1 - c:\documents and settings\Anna McManus\My Documents\Conor's Folder\Pictures\Kongregate\Cheat Engine\unins000.exe
AddRemove-WinGimp-2.0_is1 - c:\documents and settings\Anna McManus\My Documents\Conor's Folder\GIMP-2.0\setup\unins000.exe
AddRemove-{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1 - c:\documents and settings\Anna McManus\My Documents\Conor's Folder\Videos\SUPER\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-01 16:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-796845957-1177238915-1417001333-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1476)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1596)
c:\windows\system32\WININET.dll
c:\program files\Agnitum\Outpost Security Suite Free\op_shell.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-05-01 16:46:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-01 15:46
.
Pre-Run: 6,625,673,216 bytes free
Post-Run: 6,591,098,880 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Professional - New" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Windows XP Professional - Even Newer" /noexecute=optin /fastdetect
.
- - End Of File - - 7B5CDB8CA0541E44DF4A56B2A6608B96

SuperDave · « **Reply #25 on:** May 01, 2011, 12:47:23 PM »

Quote

By the way, why do we sometimes need to rename programs (e.g. ComboFix to commy)?

Sometime the infections are engineered to recognize and stop some of these tools. By renaming them, we are able to get them to run.

It looks like the Cryptography Services Error was repaired. That was the last thing that seemed to be amiss. I reached the bottom of my bag of tricks trying to resolve your problem. I can almost say with almost 100% certainty that it's not cause by any infections. The last thing we can do is do some cleanup and advise you to seek help in one of the software forums. Sorry.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
****************************************************
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
**********************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

trekkie · « **Reply #26 on:** May 01, 2011, 12:58:00 PM »

Quote from: SuperDave on May 01, 2011, 12:47:23 PM

To turn off Windows XP System Restore:

Whoa whoa whoa. Why on Earth would I want to turn off System Restore?

SuperDave · « **Reply #27 on:** May 01, 2011, 01:21:50 PM »

By turning off and then on the System Restore we will get a new Restore Point which should be clean. Keep in mind many infections hide in System Restore.

trekkie · « **Reply #28 on:** May 01, 2011, 02:14:59 PM »

Quote from: SuperDave on May 01, 2011, 12:47:23 PM

Sorry.

OY! Don't you go beating yourself up over my stubborn computer. It's not your fault my computer hates me.

But seriously, you did great, especially considering you're not getting paid for this (so you have got to find this rewarding in some way, otherwise no sane person would do this day in, day out).

Quote

To remove all of the tools we used and the files and folders they created

Will it remove everything? Just, I think I would find it difficult to find one tiny scrap of one program
. Oh, and as I think of it-are there any programs that we've used that you would keep if this was your computer?

Finally, any ideas as to where to go from here to fix this stupid computer (within ComputerHope, that is)?

Oh-finally finally, would you mind not locking the thread on me until I ask? You probably wouldn't have, but just in case.

SuperDave · « **Reply #29 on:** May 01, 2011, 05:10:06 PM »

Here's a list of tools it will remove. I used some other tools so those will have to be removed manually.
!Killbox
*.run
_backupD
_OTL
_OTListIt
_OTM
_OTMoveIt
_OTS
_OTScanIt
404fix.exe
Avenger
avenger.exe
avenger.txt
avenger.zip
AWF.txt
BFU
bfu.zip
catchme
catchme.exe
cleanup.txt
ComboFix
ComboFix*.txt
combofix.exe
combo-fix.exe
Combo-Fix.sys
dds.com
dds.pif
dds.scr
Deckard
delete.bat
deljob
deljob.exe
dss.exe
dumphive.exe
erdnt\subs
Extras.txt
fdsv.exe
FindAWF.exe
fixwareout
fixwareout.exe
fsbl*.log
fsbl.exe
gmer
gmer.dll
gmer.exe
gmer.ini
gmer.log
gmer.sys
gmer_uninstall.cmd
grep.exe
haxfix.exe
haxfix.txt
iedfix.exe
killbox.exe
logit.txt
Lop SD
lopR.txt
LopSD.exe
moveex.exe
nircmd.exe
NoLop.exe
NoLop.txt
NoLopOLD.txt
OTL.exe
OTL.txt
OTListIt.txt
OTListIt2.exe
OTM.exe
OTMoveIt.exe
OTMoveIt2.exe
OTMoveIt3.exe
OTS.exe
OTS.txt
OTScanIt
OTScanIt.exe
OTScanIt2
OTScanIt2.exe
OTViewIt.exe
OTViewIt.txt
QooBox
rapport.txt
Rooter$
Rooter.exe
Rooter.txt
RSIT
RSIT.exe
Runscanner
Runscanner.exe
Runscanner.net
Runscanner.zip
Rustbfix
rustbfix.exe
SDFix
sdfix.exe
sed.exe
Silent Runners.vbs
SmitfraudFix
SmitfraudFix.exe
swreg.exe
Swsc.exe
Swxcacls.exe
SysInsite
tmp.reg
vacfix.exe
vcclsid.exe
VFind.exe
VundoFix Backups
VundoFix.exe
vundofix.txt
vundofix.vft
win32delfkil.exe
windelf.txt
WinPfind
winpfind.exe
WinPFind35u
WinPFind35u.exe
WinPFind3u
WinPFind3u.exe
WS2Fix.exe
zip.exe
***************************************************

Quote

Oh, and as I think of it-are there any programs that we've used that you would keep if this was your computer?

The only two I would keep are SAS and MBAM. Update them and run them on a regular basis.
I will keep this open until you get back to me.
You should start a new thread in this forum.Don't forget to mention that you've spent some time in this forum.

trekkie · « **Reply #30 on:** May 02, 2011, 12:28:24 PM »

Arrgh! It won't let me turn on System Restore in Safe Mode, and I can't guarantee that I can get it to turn on in Normal Mode. WHY DID YOU TELL ME TO TURN IT OFF?!?

SuperDave · « **Reply #31 on:** May 02, 2011, 12:31:59 PM »

Just hold off on that. I'm going to do a consult on this problem with my colleagues.

SuperDave · « **Reply #32 on:** May 02, 2011, 04:22:44 PM »

Please see if you can run this in Normal Mode.

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

trekkie · « **Reply #33 on:** May 06, 2011, 10:53:15 AM »

Sorry I took so long to get back to you - since Easter is over, I'm back to work, so my free time will be limited. By the way, are you the only Malware Removal Specialist left? Just, nobody else is posting here with that qualification. Almost nobody else from ComputerHope is posting here, for that matter. It just seems to be you, people like me looking for help and Allan sometimes pops in to do admin things like moving off-topic posts. .....

Anyways, Process Explorer log:

Process            PID   CPU   Private Bytes   Working Set   Company Name               Virtual Size   Command Line

explorer.exe         916      12,152 K   16,972 K   Microsoft Corporation            89,520 K   C:\WINDOWS\Explorer.EXE

op_mon.exe         1232      11,584 K   16,704 K   Agnitum Ltd.               55,384 K   "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice

procexp.exe         1064   1.93   11,188 K   15,144 K   Sysinternals - www.sysinternals.com      112,332 K   "C:\ProcessExplorer\procexp.exe"

iTunesHelper.exe      1224      9,236 K      14,068 K   Apple Inc.               87,344 K   "C:\Program Files\iTunes\iTunesHelper.exe"

WG111v3.exe         1412   12.56   4,748 K      8,672 K                        51,700 K   "C:\Program Files\NETGEAR\WG111v3\WG111v3.exe"

AppleMobileDeviceService.exe   352      4,964 K      8,068 K      Apple Inc.               52,448 K   "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

jqs.exe            460      3,636 K      6,892 K      Sun Microsystems, Inc.            69,484 K   "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"

svchost.exe         1988   27.54   6,392 K      6,788 K      Microsoft Corporation            47,580 K   C:\WINDOWS\System32\svchost.exe -k netsvcs

taskmgr.exe         1040      4,092 K      6,716 K      Microsoft Corporation            56,012 K   taskmgr.exe

svchost.exe         332      2,996 K      6,372 K      Microsoft Corporation            45,252 K   C:\WINDOWS\System32\svchost.exe -k Akamai

acs.exe            312   13.77   2,344 K      4,468 K      Agnitum Ltd.               32,420 K   C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe

hpqtra08.exe         1368      1,072 K      4,124 K      Hewlett-Packard Development Company, L.P.   33,188 K   "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"

nvsvc32.exe         484      2,608 K      4,120 K      NVIDIA Corporation            36,112 K   C:\WINDOWS\system32\nvsvc32.exe

svchost.exe         1884   10.39   1,368 K      3,512 K      Microsoft Corporation            32,984 K   C:\WINDOWS\system32\svchost.exe -k rpcss

services.exe         1660      1,692 K      3,396 K      Microsoft Corporation            20,800 K   C:\WINDOWS\system32\services.exe

winlogon.exe         1616      6,964 K      3,376 K      Microsoft Corporation            57,460 K   winlogon.exe

ctfmon.exe         1304      924 K      3,312 K      Microsoft Corporation            31,780 K   "C:\WINDOWS\system32\ctfmon.exe"

mDNSResponder.exe      444   14.49   1,044 K      3,240 K      Apple Inc.               26,704 K   "C:\Program Files\Bonjour\mDNSResponder.exe"

csrss.exe         1592      1,440 K      3,236 K      Microsoft Corporation            21,440 K   C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

svchost.exe         1840      1,232 K      3,040 K      Microsoft Corporation            31,464 K   C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe         176   17.39   1,264 K      3,020 K      Microsoft Corporation            28,984 K   C:\WINDOWS\system32\svchost.exe -k NetworkService

HPZipm12.exe         516      556 K      1,844 K      HP                  15,224 K   C:\WINDOWS\system32\HPZipm12.exe

realplay.exe         1444      976 K      1,692 K      RealNetworks, Inc.            33,804 K

lsass.exe         1672      2,088 K      1,252 K      Microsoft Corporation            37,584 K   C:\WINDOWS\system32\lsass.exe

realsched.exe         1280      1,088 K      644 K      RealNetworks, Inc.            35,240 K

smss.exe         1016      172 K      432 K      Microsoft Corporation            3,808 K      \SystemRoot\System32\smss.exe

System            4      0 K      244 K                        860 K

realplay.exe         1500      380 K      88 K                        2,708 K

System Idle Process      0      0 K      28 K                        0 K

Interrupts         n/a   1.21   0 K      0 K                        0 K

DPCs            n/a   0.72   0 K      0 K                        0 K

P.S. Text Wrap sucks.

SuperDave · « **Reply #34 on:** May 06, 2011, 12:34:53 PM »

Quote

By the way, are you the only Malware Removal Specialist left? Just, nobody else is posting here with that qualification. Almost nobody else from ComputerHope is posting here, for that matter. It just seems to be you, people like me looking for help and Allan sometimes pops in to do admin things like moving off-topic posts. .....

I have a few more helpers that I can go to if I get snowed under but so far it's not that busy. We must be winning the war.
It will take some time to analyse this log.

trekkie · « **Reply #35 on:** May 08, 2011, 07:18:45 AM »

Is it because it's confusing to look at? If so, I can start posting the log one item at a time or something. Just tell me.

SuperDave · « **Reply #36 on:** May 08, 2011, 01:03:12 PM »

Quote from: trekkie on May 08, 2011, 07:18:45 AM

Is it because it's confusing to look at? If so, I can start posting the log one item at a time or something. Just tell me.

No. I just have to analyze all the processes. I should have it done in about a day or so.

trekkie · « **Reply #37 on:** May 09, 2011, 01:31:44 PM »

OK, just keep me posted.

SuperDave · « **Reply #38 on:** May 12, 2011, 07:57:49 PM »

Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.

Double-click mbr.exe to start the program.
When done scanning, it will save a log on the Desktop called mbr.log.
Please post the contents of that log in your next reply.

trekkie · « **Reply #39 on:** May 14, 2011, 03:50:38 AM »

MBR only ran for a split second, and the log is very short. Is this normal?

Anyways, MBR log:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST340014AS rev.8.12 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Also, just as a matter of interest: http://www.computerhope.com/forum/index.php/topic,69848.msg456085.html#msg456085
When I post to my thread, it always appears at the top (just under the stickies). But he says it should go to the bottom of the pile. So...

SuperDave · « **Reply #40 on:** May 14, 2011, 12:35:21 PM »

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

trekkie · « **Reply #41 on:** May 15, 2011, 12:08:52 PM »

TDSSKiller Log:

2011/05/15 19:03:12.0984 1408   TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/15 19:03:14.0890 1408   ================================================================================
2011/05/15 19:03:14.0890 1408   SystemInfo:
2011/05/15 19:03:14.0890 1408
2011/05/15 19:03:14.0890 1408   OS Version: 5.1.2600 ServicePack: 3.0
2011/05/15 19:03:14.0890 1408   Product type: Workstation
2011/05/15 19:03:14.0890 1408   ComputerName: DIMENSION-E520E
2011/05/15 19:03:14.0890 1408   UserName: Anna McManus
2011/05/15 19:03:14.0890 1408   Windows directory: C:\WINDOWS
2011/05/15 19:03:14.0890 1408   System windows directory: C:\WINDOWS
2011/05/15 19:03:14.0890 1408   Processor architecture: Intel x86
2011/05/15 19:03:14.0890 1408   Number of processors: 2
2011/05/15 19:03:14.0890 1408   Page size: 0x1000
2011/05/15 19:03:14.0890 1408   Boot type: Safe boot with network
2011/05/15 19:03:14.0890 1408   ================================================================================
2011/05/15 19:03:16.0046 1408   Initialize success
2011/05/15 19:04:10.0203 0660   ================================================================================
2011/05/15 19:04:10.0203 0660   Scan started
2011/05/15 19:04:10.0203 0660   Mode: Manual;
2011/05/15 19:04:10.0203 0660   ================================================================================
2011/05/15 19:04:16.0218 0660   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/15 19:04:16.0562 0660   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/15 19:04:17.0156 0660   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/15 19:04:17.0484 0660   AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/05/15 19:04:17.0812 0660   AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/15 19:04:18.0156 0660   afw (14ba5ca5d11771ce8e8b6cc6830a2436) C:\WINDOWS\system32\DRIVERS\afw.sys
2011/05/15 19:04:18.0500 0660   afwcore (1f3d61965a9bd278a205d3062176e45c) C:\WINDOWS\system32\drivers\afwcore.sys
2011/05/15 19:04:20.0875 0660   ASWFilt (1f9827d87260dad71555a34c7a8624c3) C:\WINDOWS\system32\Filt\ASWFilt.dll
2011/05/15 19:04:21.0171 0660   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/15 19:04:21.0484 0660   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/15 19:04:22.0000 0660   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/15 19:04:22.0312 0660   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/15 19:04:22.0593 0660   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/15 19:04:22.0953 0660   Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/05/15 19:04:23.0078 0660   BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/05/15 19:04:23.0390 0660   BVRPMPR5 (51b327292408b5f3a42e295bce055859) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/05/15 19:04:23.0656 0660   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/15 19:04:24.0171 0660   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/15 19:04:24.0468 0660   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/15 19:04:24.0765 0660   cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2011/05/15 19:04:25.0046 0660   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/15 19:04:26.0546 0660   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/15 19:04:27.0093 0660   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/15 19:04:27.0656 0660   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/15 19:04:28.0000 0660   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/15 19:04:28.0359 0660   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/15 19:04:28.0968 0660   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/15 19:04:29.0312 0660   e1express (6f7ccd3c02b26d530900f06d98171a69) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/05/15 19:04:29.0703 0660   ElbyCDIO (28cb0b64134ad62c2acf77db8501a619) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/05/15 19:04:30.0078 0660   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/15 19:04:30.0406 0660   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/15 19:04:30.0703 0660   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/15 19:04:31.0000 0660   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/15 19:04:31.0312 0660   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/15 19:04:31.0625 0660   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/15 19:04:31.0953 0660   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/15 19:04:32.0281 0660   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/15 19:04:32.0703 0660   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/15 19:04:33.0062 0660   HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/15 19:04:33.0359 0660   hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/15 19:04:33.0968 0660   HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/15 19:04:34.0265 0660   HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/15 19:04:34.0531 0660   HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/15 19:04:34.0906 0660   HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/05/15 19:04:35.0625 0660   HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/05/15 19:04:36.0265 0660   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/15 19:04:37.0156 0660   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/05/15 19:04:37.0468 0660   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/15 19:04:38.0281 0660   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/15 19:04:38.0578 0660   Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/15 19:04:38.0859 0660   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/15 19:04:39.0171 0660   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/15 19:04:39.0484 0660   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/15 19:04:39.0859 0660   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/15 19:04:40.0140 0660   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/15 19:04:40.0468 0660   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/15 19:04:40.0796 0660   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/15 19:04:41.0062 0660   kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/15 19:04:41.0375 0660   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/15 19:04:42.0343 0660   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/15 19:04:42.0953 0660   mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/15 19:04:43.0250 0660   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/15 19:04:43.0515 0660   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/15 19:04:43.0812 0660   MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/15 19:04:44.0093 0660   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/15 19:04:44.0359 0660   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/15 19:04:44.0640 0660   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/15 19:04:45.0187 0660   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/15 19:04:45.0609 0660   MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/15 19:04:46.0046 0660   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/15 19:04:46.0359 0660   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/15 19:04:46.0625 0660   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/15 19:04:46.0890 0660   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/15 19:04:47.0218 0660   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/15 19:04:47.0750 0660   Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/15 19:04:48.0125 0660   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/15 19:04:48.0437 0660   NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/15 19:04:48.0703 0660   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/15 19:04:49.0015 0660   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/15 19:04:49.0328 0660   NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/15 19:04:49.0625 0660   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/15 19:04:49.0953 0660   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/15 19:04:50.0671 0660   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/15 19:04:51.0093 0660   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/15 19:04:51.0562 0660   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/15 19:04:53.0796 0660   nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/15 19:04:56.0046 0660   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/15 19:04:56.0312 0660   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/15 19:04:56.0640 0660   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/15 19:04:56.0968 0660   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/15 19:04:57.0296 0660   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/15 19:04:57.0578 0660   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/15 19:04:58.0156 0660   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/15 19:04:58.0421 0660   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/15 19:05:00.0218 0660   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/15 19:05:00.0515 0660   prodrv06 (f2e3c8f1eb6ba0733e0a1f6373df7957) C:\WINDOWS\System32\drivers\prodrv06.sys
2011/05/15 19:05:00.0843 0660   prohlp02 (150307b52807d0c493c605ab913038ad) C:\WINDOWS\system32\drivers\prohlp02.sys
2011/05/15 19:05:01.0187 0660   PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/15 19:05:01.0484 0660   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/15 19:05:02.0984 0660   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/15 19:05:03.0312 0660   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/15 19:05:03.0625 0660   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/15 19:05:03.0906 0660   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/15 19:05:04.0250 0660   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/15 19:05:04.0562 0660   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/15 19:05:04.0890 0660   rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/15 19:05:05.0250 0660   RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/15 19:05:05.0578 0660   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/15 19:05:06.0015 0660   RTL8187B (de4635e8b7975d2b5d961299469a7462) C:\WINDOWS\system32\DRIVERS\wg111v3.sys
2011/05/15 19:05:06.0625 0660   SandBox (a981b8e884f25701e58c55b3c44d869e) C:\WINDOWS\system32\drivers\SandBox.sys
2011/05/15 19:05:06.0984 0660   SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/15 19:05:07.0171 0660   SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/15 19:05:07.0500 0660   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/15 19:05:07.0843 0660   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/15 19:05:08.0156 0660   sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
2011/05/15 19:05:08.0390 0660   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/15 19:05:09.0171 0660   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/15 19:05:09.0562 0660   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/15 19:05:09.0984 0660   Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/15 19:05:11.0390 0660   STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
2011/05/15 19:05:12.0031 0660   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/15 19:05:12.0562 0660   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/15 19:05:13.0734 0660   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/15 19:05:14.0171 0660   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/15 19:05:14.0609 0660   Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/05/15 19:05:14.0968 0660   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/15 19:05:15.0234 0660   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/15 19:05:15.0531 0660   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/15 19:05:16.0140 0660   tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/05/15 19:05:16.0421 0660   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/15 19:05:17.0218 0660   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/15 19:05:17.0671 0660   USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/15 19:05:17.0953 0660   usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/15 19:05:18.0250 0660   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/15 19:05:18.0531 0660   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/15 19:05:18.0843 0660   usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/15 19:05:19.0109 0660   usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/15 19:05:19.0390 0660   usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/15 19:05:19.0656 0660   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/15 19:05:20.0015 0660   VBEngNT (8dfcd62c767741576bb9cd8da9854517) C:\WINDOWS\system32\drivers\VBEngNT.sys
2011/05/15 19:05:20.0421 0660   VBFilt (442e677f49d0e310a7b0841cb880e821) C:\WINDOWS\system32\Filt\VBFilt.dll
2011/05/15 19:05:20.0765 0660   VClone (9bf2ea54e5ed5acdf96f1dec84c117c4) C:\WINDOWS\system32\DRIVERS\VClone.sys
2011/05/15 19:05:21.0031 0660   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/15 19:05:21.0546 0660   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/15 19:05:21.0890 0660   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/15 19:05:22.0453 0660   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/15 19:05:22.0984 0660   winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/15 19:05:23.0640 0660   WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/15 19:05:23.0953 0660   WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/15 19:05:24.0296 0660   ================================================================================
2011/05/15 19:05:24.0296 0660   Scan finished
2011/05/15 19:05:24.0296 0660   ================================================================================

SuperDave · « **Reply #42 on:** May 15, 2011, 04:25:03 PM »

Download and run SVCHOST Diag by DragonMaster Jay.

Post the log from it when it launches.

trekkie · « **Reply #43 on:** May 16, 2011, 10:40:32 AM »

I had a hunch the program could only find the problem in Normal Mode, but I also had a hunch that, paradoxically, the problem would hinder the program if I ran it in Normal Mode. So, I ran it in both Normal and Safe Mode and got 2 different logs (well, I haven't looked at them, so their contents could be the same). So...

Normal Mode log:

SVCHOST Diag

~~~~~Services loaded under SVCHOST~~~~~

~~~~~Modules loaded under SVCHOST~~~~~

~~~~~SVCHOST service~~~~~

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"HTTPFilter"=hex(7):48,00,54,00,54,00,50,00,46,00,69,00,6c,00,74,00,65,00,72,\
00,00,00,00,00
"LocalService"=hex(7):41,00,6c,00,65,00,72,00,74,00,65,00,72,00,00,00,57,00,65,\
00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4c,00,6d,00,48,00,6f,00,\
73,00,74,00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,\
00,69,00,73,00,74,00,72,00,79,00,00,00,75,00,70,00,6e,00,70,00,68,00,6f,00,\
73,00,74,00,00,00,53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,00,00,00
"NetworkService"=hex(7):44,00,6e,00,73,00,43,00,61,00,63,00,68,00,65,00,00,00,\
00,00
"netsvcs"=hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\
6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\
00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\
53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\
00,44,00,48,00,43,00,50,00,00,00,45,00,52,00,53,00,76,00,63,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,61,\
00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
00,69,00,74,00,79,00,00,00,48,00,69,00,64,00,53,00,65,00,72,00,76,00,00,00,\
49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,00,72,00,6d,\
00,6f,00,6e,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,\
76,00,65,00,72,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,\
00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4d,00,65,00,73,00,\
73,00,65,00,6e,00,67,00,65,00,72,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,\
00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,\
00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,\
74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,\
00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,\
63,00,65,00,73,00,73,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,\
00,00,00,53,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,\
4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,\
00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,\
00,65,00,73,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,57,00,33,00,\
32,00,54,00,69,00,6d,00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,\
00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,\
00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,77,00,73,00,63,00,73,\
00,76,00,63,00,00,00,78,00,6d,00,6c,00,70,00,72,00,6f,00,76,00,00,00,6e,00,\
61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,68,00,6b,00,6d,00,73,00,76,\
00,63,00,00,00,42,00,49,00,54,00,53,00,00,00,77,00,75,00,61,00,75,00,73,00,\
65,00,72,00,76,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,\
00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,68,00,65,00,6c,00,70,00,\
73,00,76,00,63,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,00,\
00,00,00
"DcomLaunch"=hex(7):44,00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,00,68,\
00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,00,00
"rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"eapsvcs"=hex(7):65,00,61,00,70,00,68,00,6f,00,73,00,74,00,00,00,00,00
"dot3svc"=hex(7):64,00,6f,00,74,00,33,00,73,00,76,00,63,00,00,00,00,00
"imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00
"termsvcs"=hex(7):54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,00,00,00,00
"WudfServiceGroup"=hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,\
00
"Akamai"=hex(7):41,00,6b,00,61,00,6d,00,61,00,69,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DComLaunch]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\dot3svc]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\eapsvcs]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\HTTPFilter]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00002000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00003020

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PCHealth]
"CoInitializeSecurityParam"=dword:00000002
"AuthenticationCapabilities"=dword:00000040

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008

~~~~~SVCHOST MD5~~~~~

27C6D03BCDB8CFEB96B716F3D8BE3E18 C:\WINDOWS\system32\svchost.exe

~~~~~END OF FILE!~~~~~

Safe Mode log:

SVCHOST Diag

~~~~~Services loaded under SVCHOST~~~~~

Image Name: svchost.exe
PID: 1680
Services: DcomLaunch
TermService

Image Name: svchost.exe
PID: 1740
Services: RpcSs

Image Name: svchost.exe
PID: 1924
Services: Browser
CryptSvc
Dhcp
dmserver
helpsvc
LanmanServer
lanmanworkstation
Netman
SharedAccess
winmgmt
WZCSVC

Image Name: svchost.exe
PID: 1940
Services: Dnscache

~~~~~Modules loaded under SVCHOST~~~~~

Image Name: svchost.exe
PID: 1680
Modules: ntdll.dll
kernel32.dll
ADVAPI32.dll
RPCRT4.dll
Secur32.dll
ShimEng.dll
AcGenral.DLL
USER32.dll
GDI32.dll
WINMM.dll
ole32.dll
msvcrt.dll
OLEAUT32.dll
MSACM32.dll
VERSION.dll
SHELL32.dll
SHLWAPI.dll
USERENV.dll
UxTheme.dll
IMM32.DLL
comctl32.dll
comctl32.dll
NTMARTA.DLL
SAMLIB.dll
WLDAP32.dll
rpcss.dll
WS2_32.dll
WS2HELP.dll
xpsp2res.dll
termsrv.dll
ICAAPI.dll
SETUPAPI.dll
WINTRUST.dll
CRYPT32.dll
MSASN1.dll
IMAGEHLP.dll
AUTHZ.dll
mstlsapi.dll
ACTIVEDS.dll
adsldpc.dll
NETAPI32.dll
ATL.DLL
REGAPI.dll
rsaenh.dll
CLBCATQ.DLL
COMRes.dll
Apphelp.dll

Image Name: svchost.exe
PID: 1740
Modules: ntdll.dll
kernel32.dll
ADVAPI32.dll
RPCRT4.dll
Secur32.dll
ShimEng.dll
AcGenral.DLL
USER32.dll
GDI32.dll
WINMM.dll
ole32.dll
msvcrt.dll
OLEAUT32.dll
MSACM32.dll
VERSION.dll
SHELL32.dll
SHLWAPI.dll
USERENV.dll
UxTheme.dll
IMM32.DLL
comctl32.dll
comctl32.dll
rpcss.dll
WS2_32.dll
WS2HELP.dll
xpsp2res.dll
rsaenh.dll
mswsock.dll
hnetcfg.dll
wshtcpip.dll
wship6.dll
DNSAPI.dll
iphlpapi.dll
winrnr.dll
WLDAP32.dll
mdnsNSP.dll
rasadhlp.dll
CLBCATQ.DLL
COMRes.dll

Image Name: svchost.exe
PID: 1924
Modules: ntdll.dll
kernel32.dll
ADVAPI32.dll
RPCRT4.dll
Secur32.dll
ShimEng.dll
AcGenral.DLL
USER32.dll
GDI32.dll
WINMM.dll
ole32.dll
msvcrt.dll
OLEAUT32.dll
MSACM32.dll
VERSION.dll
SHELL32.dll
SHLWAPI.dll
USERENV.dll
UxTheme.dll
IMM32.DLL
comctl32.dll
comctl32.dll
NTMARTA.DLL
SAMLIB.dll
WLDAP32.dll
xpsp2res.dll
dhcpcsvc.dll
DNSAPI.dll
WS2_32.dll
WS2HELP.dll
iphlpapi.dll
wzcsvc.dll
rtutils.dll
WMI.dll
CRYPT32.dll
MSASN1.dll
EapolQec.dll
ATL.DLL
QUtil.dll
MSVCP60.dll
dot3api.dll
WTSAPI32.dll
WINSTA.dll
NETAPI32.dll
ESENT.dll
CLBCATQ.DLL
COMRes.dll
rsaenh.dll
WZCSAPI.DLL
rastls.dll
CRYPTUI.dll
WININET.dll
Normaliz.dll
urlmon.dll
iertutil.dll
WINTRUST.dll
IMAGEHLP.dll
MPRAPI.dll
ACTIVEDS.dll
adsldpc.dll
SETUPAPI.dll
RASAPI32.dll
rasman.dll
TAPI32.dll
SCHANNEL.dll
WinSCard.dll
PSAPI.DLL
wkssvc.dll
NTDSAPI.dll
raschap.dll
cryptsvc.dll
certcli.dll
msv1_0.dll
cryptdll.dll
dmserver.dll
srvsvc.dll
srsvc.dll
POWRPROF.dll
wmisvc.dll
VSSAPI.DLL
netman.dll
netshell.dll
credui.dll
dot3dlg.dll
OneX.DLL
eappcfg.dll
eappprxy.dll
pchsvc.dll
HNETCFG.DLL
ipnathlp.dll
MSWSOCK.dll
AUTHZ.dll
wshtcpip.dll
wship6.dll
browser.dll
wbemcomn.dll
wbemcore.dll
esscli.dll
FastProx.dll
wmiutils.dll
repdrvfs.dll
wmiprvsd.dll
NCObjAPI.DLL
wbemess.dll
ncprov.dll
upnp.dll
WINHTTP.dll
SSDPAPI.dll
wbemsvc.dll

Image Name: svchost.exe
PID: 1940
Modules: ntdll.dll
kernel32.dll
ADVAPI32.dll
RPCRT4.dll
Secur32.dll
ShimEng.dll
AcGenral.DLL
USER32.dll
GDI32.dll
WINMM.dll
ole32.dll
msvcrt.dll
OLEAUT32.dll
MSACM32.dll
VERSION.dll
SHELL32.dll
SHLWAPI.dll
USERENV.dll
UxTheme.dll
IMM32.DLL
comctl32.dll
comctl32.dll
dnsrslvr.dll
DNSAPI.dll
WS2_32.dll
WS2HELP.dll
iphlpapi.dll

~~~~~SVCHOST service~~~~~

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"HTTPFilter"=hex(7):48,00,54,00,54,00,50,00,46,00,69,00,6c,00,74,00,65,00,72,\
00,00,00,00,00
"LocalService"=hex(7):41,00,6c,00,65,00,72,00,74,00,65,00,72,00,00,00,57,00,65,\
00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4c,00,6d,00,48,00,6f,00,\
73,00,74,00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,\
00,69,00,73,00,74,00,72,00,79,00,00,00,75,00,70,00,6e,00,70,00,68,00,6f,00,\
73,00,74,00,00,00,53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,00,00,00
"NetworkService"=hex(7):44,00,6e,00,73,00,43,00,61,00,63,00,68,00,65,00,00,00,\
00,00
"netsvcs"=hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\
6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\
00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\
53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\
00,44,00,48,00,43,00,50,00,00,00,45,00,52,00,53,00,76,00,63,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,61,\
00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
00,69,00,74,00,79,00,00,00,48,00,69,00,64,00,53,00,65,00,72,00,76,00,00,00,\
49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,00,72,00,6d,\
00,6f,00,6e,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,\
76,00,65,00,72,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,\
00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4d,00,65,00,73,00,\
73,00,65,00,6e,00,67,00,65,00,72,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,\
00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,\
00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,\
74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,\
00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,\
63,00,65,00,73,00,73,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,\
00,00,00,53,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,\
4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,\
00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,\
00,65,00,73,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,57,00,33,00,\
32,00,54,00,69,00,6d,00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,\
00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,\
00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,77,00,73,00,63,00,73,\
00,76,00,63,00,00,00,78,00,6d,00,6c,00,70,00,72,00,6f,00,76,00,00,00,6e,00,\
61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,68,00,6b,00,6d,00,73,00,76,\
00,63,00,00,00,42,00,49,00,54,00,53,00,00,00,77,00,75,00,61,00,75,00,73,00,\
65,00,72,00,76,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,\
00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,68,00,65,00,6c,00,70,00,\
73,00,76,00,63,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,00,\
00,00,00
"DcomLaunch"=hex(7):44,00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,00,68,\
00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,00,00
"rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"eapsvcs"=hex(7):65,00,61,00,70,00,68,00,6f,00,73,00,74,00,00,00,00,00
"dot3svc"=hex(7):64,00,6f,00,74,00,33,00,73,00,76,00,63,00,00,00,00,00
"imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00
"termsvcs"=hex(7):54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,00,00,00,00
"WudfServiceGroup"=hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,\
00
"Akamai"=hex(7):41,00,6b,00,61,00,6d,00,61,00,69,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DComLaunch]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\dot3svc]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\eapsvcs]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\HTTPFilter]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00002000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00003020

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PCHealth]
"CoInitializeSecurityParam"=dword:00000002
"AuthenticationCapabilities"=dword:00000040

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008

~~~~~SVCHOST MD5~~~~~

27C6D03BCDB8CFEB96B716F3D8BE3E18 C:\WINDOWS\system32\svchost.exe

~~~~~END OF FILE!~~~~~

SuperDave · « **Reply #44 on:** May 17, 2011, 11:16:09 AM »

We're pulling out the big guns to get this sucker.

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
Accept the License agreement and click on next.
It will, by default, install it to your desktop folder. Click Next.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.
Hidden Startup Objects
System Memory
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

trekkie · « **Reply #45 on:** May 18, 2011, 11:47:20 AM »

Quote from: SuperDave on May 17, 2011, 11:16:09 AM

Reboot your computer into SafeMode. You can do this by

That's the problem with canned responses - they're impersonal. As you can see:

Quote from: trekkie

I ran it in both Normal and Safe Mode
-snip-
Arrgh! It won't let me turn on System Restore in Safe Mode
-snip-

I'm quite capable of doing basic things like booting into Safe Mode. Where the problem is, though, in this case, is which one...

I booted into Safe Mode with Networking to get the program, but I stayed there to run the scan. Is there any problem with running it in Safe Mode with Networking, as opposed to good old Safe Mode?

SuperDave · « **Reply #46 on:** May 18, 2011, 04:32:38 PM »

Quote

That's the problem with canned responses - they're impersonal. As you can see:

Canned speeches are the only way I can operate effective. I'm working on four different forums and deal with 15-20 responses.
I do not know the computer skills of each OP so I try to cover all the bases. I'm sorry if I can't be more personal.

Quote

I booted into Safe Mode with Networking to get the program, but I stayed there to run the scan. Is there any problem with running it in Safe Mode with Networking, as opposed to good old Safe Mode?

That should be good.

trekkie · « **Reply #47 on:** May 19, 2011, 12:40:20 PM »

I test booted into Normal Mode after the scan - CPU's still at 100%, so it didn't fix the problem. But it did catch something.

Kas.txt:

Autoscan: completed 2 hours ago (events: 4, objects: 350008, time: 02:41:50)
18/05/2011 16:27:16   Task started
18/05/2011 18:21:25   Detected: Hoax.Win32.Screensaver.b   D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP567\A0182680.DLL
18/05/2011 18:22:11   Deleted: Hoax.Win32.Screensaver.b   D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP567\A0182680.DLL
18/05/2011 19:09:07   Task completed

SuperDave · « **Reply #48 on:** May 20, 2011, 12:21:38 PM »

How to use CodeStuff Starter to view services and startup items:

Please download and install *Blocked Russian URL*/StarterSetup.zip]CodeStuff Starter[/url]
Run Starter by finding it on your start menu after it is installed.
When the program opens, you will see three tabs on the main screen (Startup, Processes, Services)
Please click the Startup tab and make sure that All Sections is selected on the left hand side under the sections view pane.
Once the Startup tab and all sections is selected, please click the File menu and choose Save as HTML.
Please save the file to your desktop and call it startup.html.
Now, please click the Services tab.
Once the Services tab is open, please click the File menu and choose Save as HTML.
Please save the file to your desktop and call it services.html.
Now that both files have been saved to your desktop, close CodeStuff Starter.
Locate the startup.html and services.html files on your desktop. Both files can be attached to the forum, as is. Please do so in your next reply.

.

trekkie · « **Reply #49 on:** May 20, 2011, 01:31:12 PM »

Quote from: SuperDave on May 20, 2011, 12:21:38 PM

Please download and install *Blocked Russian URL*/StarterSetup.zip]CodeStuff Starter[/url].

Something went wrong there. Try again.

SuperDave · « **Reply #50 on:** May 20, 2011, 04:43:51 PM »

It can't understand it. It looked ok in preview but when it hit post, it changes. I tried fixing it a couple of time to no avail. I'll be back.

SuperDave · « **Reply #51 on:** May 20, 2011, 07:52:45 PM »

How to use CodeStuff Starter to view services and startup items:

Please download and install CodeStuff Starter
Run Starter by finding it on your start menu after it is installed.
When the program opens, you will see three tabs on the main screen (Startup, Processes, Services)
Please click the Startup tab and make sure that All Sections is selected on the left hand side under the sections view pane.
Once the Startup tab and all sections is selected, please click the File menu and choose Save as HTML.
Please save the file to your desktop and call it startup.html.
Now, please click the Services tab.
Once the Services tab is open, please click the File menu and choose Save as HTML.
Please save the file to your desktop and call it services.html.
Now that both files have been saved to your desktop, close CodeStuff Starter.
Locate the startup.html and services.html files on your desktop. Both files can be attached to the forum, as is. Please do so in your next reply.

.

trekkie · « **Reply #52 on:** May 21, 2011, 03:57:35 AM »

Quote from: SuperDave on May 20, 2011, 07:52:45 PM

Both files can be attached to the forum, as is.

Um, it won't let me attach the .htmls, but I'll try and link to them.

C:\Documents and Settings\Anna McManus\Desktop\services.html

C:\Documents and Settings\Anna McManus\Desktop\startup.html

EDIT: The urls didn't work for me, so I doubt they will for you.

SuperDave · « **Reply #53 on:** May 21, 2011, 12:41:59 PM »

Please try uploading them to Wikisend and give me the links.

trekkie · « **Reply #54 on:** May 21, 2011, 02:33:19 PM »

Negatori on that. The site seems to be down (HTTP 500 Internal Server Error).

SuperDave · « **Reply #55 on:** May 21, 2011, 05:58:03 PM »

I just tried it and it works ok for me.

trekkie · « **Reply #56 on:** May 22, 2011, 02:16:17 PM »

Wikisend still isn't working for me, but my chum Google found me a site called 4shared.com, which seems to be working. Here's a link to the folder that contains the files:

http://www.4shared.com/folder/8Jz8qc5I/ComputerHope.html

Note: I'm a privacy freak, so it's password-protected, and I'll give you the password in a PM.

trekkie · « **Reply #57 on:** June 14, 2011, 10:20:00 AM »

Alright, I wiped the HDDs and reinstalled the OS. Everything's working fine so far, so although we didn't "solve" the issue, per se, since the problem's gone, I think we can mark it solved, chuck it into a cell in the archive, lock the door and throw away the key.

Just before you do that, can you tell me: Does MS Security Essentials function as a firewall, or do I need a 3rd party firewall? BTW- Windows Firewall?!?

More like Windows' Continent-Sized Bullseye!

...On second thought, put the key somewhere a PM can get at it.

Finally- Go raibh míle míle maith agat (a million thanks) for all the effort you put into trying to fix my computer, even if it was in vain in the end. ...Well, I doubt the site will let me add a million thanks to your profile, so this will have to serve as the remaining 999,999 thanks.

SuperDave · « **Reply #58 on:** June 14, 2011, 04:54:16 PM »

You're welcome. I'm sorry it didn't work out for you. As for MSE; this a very good AV program but you should have a third-party firewall. The Windows firewall in XP was not very good but they have tried to improve it in Vista and Windows 7. I will lock this thread.

Computer Hope Forum

News:

Author Topic: I'm really, really lost.... (Read 37418 times)

trekkie

Allan

trekkie

SuperDave

trekkie

SuperDave

trekkie

SuperDave

trekkie

trekkie

SuperDave

trekkie

SuperDave

trekkie

trekkie

SuperDave

trekkie

SuperDave

trekkie

SuperDave

trekkie

SuperDave

trekkie

SuperDave

trekkie

SuperDave

trekkie

SuperDave

trekkie

SuperDave

trekkie

SuperDave

SuperDave

trekkie

SuperDave

trekkie

SuperDave

trekkie

SuperDave

trekkie

SuperDave

trekkie

SuperDave

trekkie

SuperDave

trekkie

SuperDave

trekkie

SuperDave

trekkie

SuperDave

SuperDave

trekkie

SuperDave

trekkie

SuperDave

trekkie

trekkie

SuperDave