Author Topic: PC full of rubbish..and slow. (Read 20312 times)

Confused.com · « **on:** March 06, 2011, 04:31:29 PM »

PC Details: Siemens Desktop. Operating with Windows XP Pro. 2002 Service pack 3. Intel R.Celeron (R)CPU 2.60GHz 259GHz1.21GB of Ram. A genuine version with discs. Currently running Avast Trial version of Avast. Periodically using CCleaner, Eusing Free Register Cleaner, and ncleaner.

I have 28 processes running with CPU usage at 0-4%

Current space available 6.59GB

In add\remove programs I have a mixture of 17 Microsoft "things" Frameworks 1.1 2.0. Service Pack 2 Framework 3.5 SP1
Compression Client Pack 1.0
M\Soft SQL 2005 Compact Edition
M\Soft Office Outlook Connector
M\Soft user-mode driver framework 1.0
M\Soft Visual C++2005ATL Update kb973923x86 8.050727.4053
M\Soft Visual C++ 2005 Redistributable
etc etc also 5 MSXML "things"

Hi and apologies for being one of many who isn't able to understand the Logfile provided below. I hope that something below gives indications of why my pc is running slowly, and why having more than one webpage or program has me taking a bath whilst waiting for one to close down. Bye the way my PC will not turn off, it says it is closing down but simply restarts. In anticipation of any assistance THANK YOU.

Confused.com ( Martin)

As requested I have now followed the instructions given. I somehow lost 1 log. The Java identifier stated no Java detected.

Thanks again
Martin

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org[/b][/b]

Database version: 5977

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06/03/2011 22:37:45
mbam-log-2011-03-06 (22-37-45).txt

Scan type: Quick scan
Objects scanned: 195363
Time elapsed: 20 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBAF53D4-11FE-482D-B516-B3103BC71F87} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBAF53D4-11FE-482D-B516-B3103BC71F87} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\helpassistant.jessica-03b63cd\application data\antispywarebot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\Jessica\application data\antispywarebot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\Guest\my documents\downloads\unconfirmed 7244.crdownload (PUP.Casino) -> Not selected for removal.
c:\documents and settings\Jessica\my documents\downloads\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

Logfile of HijackThis v2.0.2[/b][/b][/b][/b]
Scan saved at 23:29:39, on 06/03/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60347
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] //~c:\program files\real\realplayer\update\realsched.exe -osboot
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] //~c:\program files\windows live\messenger\msnmsgr.exe /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] //~c:\program files\spybot - search & destroy\teatimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247312077156
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate1ca0e0da721a366) (gupdate1ca0e0da721a366) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe

--
End of file - 6409 bytes

SuperDave · « **Reply #1 on:** March 07, 2011, 12:31:37 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
Eusing Free Register Cleaner
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
*************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
**************************************************
Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.
****************************************************

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [TkBellExe] //~c:\program files\real\realplayer\update\realsched.exe -osboot
O4 - HKCU\..\Run: [msnmsgr] //~c:\program files\windows live\messenger\msnmsgr.exe /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
***************************************

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

Confused.com · « **Reply #2 on:** March 08, 2011, 04:40:45 PM »

Hi Dave

Many thanks for your time. It is appreciated.

I will delete Eusing Registry - thanks for the tip.

I have done as you asked. Worthy of note is that after the suggestion of downloading PC Tools Firewall I get the message " PC tools Firewall has an unspecified error"

Also Avast reports " MBR Physical Drive0"..............option to delete. Then moments later I get
"MBR Physical Drive Win32:MB Root"......................option to ignore.

Also despite being informed updates are available it rarely permits all to be updated. I'm not worried - just added information.

Scan results as requested:

DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/07/2009 11:10:30
System Uptime: 08/03/2011 22:34:55 (1 hours ago)
.
Motherboard: FUJITSU SIEMENS | | D1761
Processor: Intel(R) Celeron(R) CPU 2.60GHz | CPU | 2593/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 5.808 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Serial Port
Device ID: PCI\VEN_14DB&DEV_2130&SUBSYS_213014DB&REV_00\3&61AAA01&0&70
Manufacturer:
Name: PCI Serial Port
PNP Device ID: PCI\VEN_14DB&DEV_2130&SUBSYS_213014DB&REV_00\3&61AAA01&0&70
Service:
.
==== System Restore Points ===================
.
RP584: 06/02/2011 22:39:28 - System Checkpoint
RP585: 07/02/2011 22:59:28 - System Checkpoint
RP586: 08/02/2011 23:39:29 - System Checkpoint
RP587: 10/02/2011 00:39:28 - System Checkpoint
RP588: 10/02/2011 03:00:23 - Software Distribution Service 3.0
RP589: 11/02/2011 03:28:18 - System Checkpoint
RP590: 12/02/2011 04:28:18 - System Checkpoint
RP591: 13/02/2011 05:24:39 - System Checkpoint
RP592: 14/02/2011 06:24:06 - System Checkpoint
RP593: 15/02/2011 06:57:01 - System Checkpoint
RP594: 16/02/2011 07:56:54 - System Checkpoint
RP595: 16/02/2011 21:24:04 - Installed Envisioneer 6 - Express
RP596: 17/02/2011 22:06:23 - System Checkpoint
RP597: 18/02/2011 23:01:23 - System Checkpoint
RP598: 20/02/2011 00:15:23 - System Checkpoint
RP599: 21/02/2011 00:55:52 - System Checkpoint
RP600: 21/02/2011 22:00:36 - Software Distribution Service 3.0
RP601: 22/02/2011 22:08:36 - Configured Envisioneer 6 - Express
RP602: 23/02/2011 23:47:48 - System Checkpoint
RP603: 24/02/2011 01:48:03 - Software Distribution Service 3.0
RP604: 24/02/2011 22:32:47 - Restore Operation
RP605: 24/02/2011 23:11:59 - Software Distribution Service 3.0
RP606: 25/02/2011 23:45:15 - System Checkpoint
RP607: 26/02/2011 23:56:40 - System Checkpoint
RP608: 27/02/2011 21:23:05 - Software Distribution Service 3.0
RP609: 28/02/2011 21:43:18 - System Checkpoint
RP610: 01/03/2011 22:02:01 - System Checkpoint
RP611: 02/03/2011 23:52:01 - System Checkpoint
RP612: 04/03/2011 00:39:00 - System Checkpoint
RP613: 05/03/2011 00:45:12 - System Checkpoint
RP614: 05/03/2011 19:23:25 - Removed Skype™ 4.1
RP615: 05/03/2011 23:54:18 - Agnitum Outpost Firewall Restore Point: install
RP616: 06/03/2011 08:21:47 - Agnitum Outpost Firewall Restore Point: uninstall
RP617: 06/03/2011 19:11:19 - Restore Operation
RP618: 06/03/2011 19:30:30 - Agnitum Outpost Firewall Restore Point: install
RP619: 06/03/2011 19:47:47 - Agnitum Outpost Firewall Restore Point: uninstall
RP620: 06/03/2011 19:57:33 - Restore Operation
RP621: 07/03/2011 20:54:53 - System Checkpoint
.
==== Installed Programs ======================
.
.
1.3.0
Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
avast! Free Antivirus
CCleaner (remove only)
Critical Update for Windows Media Player 11 (KB959772)
DivX Web Player
Eusing Free Registry Cleaner
Google Chrome
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Junk Mail filter update
Logitech QuickCam Software
Logitech® Camera Driver
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6 Service Pack 2 (KB973686)
nCleaner second 2.3.4.0
Next Generation Visualisations
OGA Notifier 2.0.0048.0
PC Tools Firewall Plus 7.0
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek AC'97 Audio
RealUpgrade 1.1
Recover My Files
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
ShowInfo
Skype™ 4.1
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.5
WebFldrs XP
WinCleaner OneClick Professional Clean Version 11 Trial Edition
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
06/03/2011 19:19:07, error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
03/03/2011 18:35:23, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jessica at 23:11:19.37 on 08/03/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1247.805 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jessica\My Documents\Downloads\dds.pif
.
============== Pseudo HJT Report ===============
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60347
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60347
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] //~c:\program files\spybot - search & destroy\teatimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Search - ?p=ZNfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247312077156
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\jessica\applic~1\mozilla\firefox\profiles\npmwuxnm.default\
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-29 294608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-29 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-29 40384]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2011-3-6 287024]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-3-6 57536]
S2 gupdate1ca0e0da721a366;Google Update Service (gupdate1ca0e0da721a366);c:\program files\google\update\GoogleUpdate.exe [2009-7-26 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;

S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2011-3-6 57536]
S3 qic157;qic157;c:\windows\system32\drivers\qic157.sys [2009-7-11 6016]
.
=============== Created Last 30 ================
.
2011-03-08 23:11:05   --------   d--h--w-   c:\windows\PIF
2011-03-06 22:08:40   --------   d-----w-   c:\docume~1\jessica\applic~1\Malwarebytes
2011-03-06 22:07:35   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-06 22:07:34   --------   dc----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-06 22:07:30   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-03-06 22:07:30   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-03-06 21:57:35   --------   d-----w-   c:\docume~1\jessica\applic~1\PCToolsFirewallPlus
2011-03-06 20:31:09   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-03-06 20:14:25   89192   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-03-06 20:14:25   57536   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
2011-03-06 20:14:25   32808   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
2011-03-06 20:14:25   --------   d-----w-   c:\program files\common files\PC Tools
2011-03-06 20:14:22   124992   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
2011-03-06 20:14:17   --------   d-----w-   c:\program files\PC Tools Firewall Plus
2011-03-06 20:01:08   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2011-03-06 20:01:08   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-03-06 19:59:50   --------   d-----r-   c:\program files\Skype
2011-02-23 22:58:19   --------   d-----w-   c:\program files\Microsoft Security Client
.
==================== Find3M ====================
.
2011-02-27 13:29:36   0   ----a-w-   c:\windows\system32\w32apiw.dll
2011-01-21 14:44:37   439296   ----a-w-   c:\windows\system32\shimgvw.dll
2011-01-13 08:47:35   38848   ----a-w-   c:\windows\avastSS.scr
2011-01-07 14:09:02   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-12-31 13:10:33   1854976   ----a-w-   c:\windows\system32\win32k.sys
2010-12-27 08:26:10   1409   ----a-w-   c:\windows\QTFont.for
2010-12-23 18:43:21   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2010-12-23 18:43:21   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2010-12-22 12:34:28   301568   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-20 23:59:20   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-12-20 23:59:19   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00   730112   ----a-w-   c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26   385024   ----a-w-   c:\windows\system32\html.iec
2010-12-09 15:15:09   718336   ----a-w-   c:\windows\system32\ntdll.dll
2010-12-09 14:30:22   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47   2192768   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05   2069376   ----a-w-   c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 23:12:17.98 ===============
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jessica at 23:11:19.37 on 08/03/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1247.805 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jessica\My Documents\Downloads\dds.pif
.
============== Pseudo HJT Report ===============
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60347
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60347
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] //~c:\program files\spybot - search & destroy\teatimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Search - ?p=ZNfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247312077156
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\jessica\applic~1\mozilla\firefox\profiles\npmwuxnm.default\
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-29 294608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-29 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-29 40384]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2011-3-6 287024]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-3-6 57536]
S2 gupdate1ca0e0da721a366;Google Update Service (gupdate1ca0e0da721a366);c:\program files\google\update\GoogleUpdate.exe [2009-7-26 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;

S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2011-3-6 57536]
S3 qic157;qic157;c:\windows\system32\drivers\qic157.sys [2009-7-11 6016]
.
=============== Created Last 30 ================
.
2011-03-08 23:11:05   --------   d--h--w-   c:\windows\PIF
2011-03-06 22:08:40   --------   d-----w-   c:\docume~1\jessica\applic~1\Malwarebytes
2011-03-06 22:07:35   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-06 22:07:34   --------   dc----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-06 22:07:30   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-03-06 22:07:30   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-03-06 21:57:35   --------   d-----w-   c:\docume~1\jessica\applic~1\PCToolsFirewallPlus
2011-03-06 20:31:09   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-03-06 20:14:25   89192   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-03-06 20:14:25   57536   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
2011-03-06 20:14:25   32808   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
2011-03-06 20:14:25   --------   d-----w-   c:\program files\common files\PC Tools
2011-03-06 20:14:22   124992   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
2011-03-06 20:14:17   --------   d-----w-   c:\program files\PC Tools Firewall Plus
2011-03-06 20:01:08   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2011-03-06 20:01:08   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-03-06 19:59:50   --------   d-----r-   c:\program files\Skype
2011-02-23 22:58:19   --------   d-----w-   c:\program files\Microsoft Security Client
.
==================== Find3M ====================
.
2011-02-27 13:29:36   0   ----a-w-   c:\windows\system32\w32apiw.dll
2011-01-21 14:44:37   439296   ----a-w-   c:\windows\system32\shimgvw.dll
2011-01-13 08:47:35   38848   ----a-w-   c:\windows\avastSS.scr
2011-01-07 14:09:02   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-12-31 13:10:33   1854976   ----a-w-   c:\windows\system32\win32k.sys
2010-12-27 08:26:10   1409   ----a-w-   c:\windows\QTFont.for
2010-12-23 18:43:21   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2010-12-23 18:43:21   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2010-12-22 12:34:28   301568   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-20 23:59:20   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-12-20 23:59:19   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00   730112   ----a-w-   c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26   385024   ----a-w-   c:\windows\system32\html.iec
2010-12-09 15:15:09   718336   ----a-w-   c:\windows\system32\ntdll.dll
2010-12-09 14:30:22   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47   2192768   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05   2069376   ----a-w-   c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 23:12:17.98 ===============

Hi Dave you must enjoy this, it occurs to me it may become repetitive, so massive thanks.

Confused.com (Martin)

SuperDave · « **Reply #3 on:** March 09, 2011, 05:16:08 PM »

Quote

I have done as you asked. Worthy of note is that after the suggestion of downloading PC Tools Firewall I get the message " PC tools Firewall has an unspecified error"

Please don't install any new programs on your computer while we're in the process of cleaning it.

You only 5.808 GiB free space on your harddrive. This is about 15% and Windows requires 15% or more to operate correctly. Please keep an eye on this to make sure it doesn't drop below 15% or 5.55 Gb.

Quote

Hi Dave you must enjoy this, it occurs to me it may become repetitive, so massive thanks.

Every new problem is a challenge. Thanks

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
****************************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

Confused.com · « **Reply #4 on:** March 10, 2011, 01:40:14 PM »

Hi Dave,
Please see the requested logs. Despite attempting (using the link provided) I was unable to disable malware and anti-spy programs as they were not in the system tray, I deleted them with a view to reinstalling) I hope this was ok, I will ONLY use my pc to check for your reply and reinstall once i get the "go ahead" from you.

Just so you know; at reboot, I again got the message that PC Tools had a problem.

Thank you Dave.

ComboFix 11-03-09.05 - Jessica 10/03/2011 19:49:57.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1247.756 [GMT 0:00]
Running from: c:\documents and settings\Jessica\My Documents\Downloads\ComboFix.exe
FW: PC Tools Firewall Plus *Enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Jessica\LOCALS~1\Temp\SAS8D.tmp
c:\documents and settings\HelpAssistant.JESSICA-03B63CD\System
c:\documents and settings\HelpAssistant.JESSICA-03B63CD\System\win_qs8.jqx
c:\documents and settings\HelpAssistant\System
c:\documents and settings\HelpAssistant\System\win_qs8.jqx
c:\documents and settings\Jessica\Local Settings\Temp\SAS8D.tmp
c:\documents and settings\Jessica\System
c:\documents and settings\Jessica\System\win_qs8.jqx
c:\windows\system32\w32apiw.dll
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-02-10 to 2011-03-10 )))))))))))))))))))))))))))))))
.
.
2011-03-08 23:11 . 2011-03-08 23:11   --------   d--h--w-   c:\windows\PIF
2011-03-06 22:08 . 2011-03-06 22:08   --------   d-----w-   c:\documents and settings\Jessica\Application Data\Malwarebytes
2011-03-06 22:07 . 2011-03-06 22:07   --------   dc----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-06 22:07 . 2011-03-10 19:58   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-03-06 21:57 . 2011-03-06 21:58   --------   d-----w-   c:\documents and settings\Jessica\Application Data\PCToolsFirewallPlus
2011-03-06 20:14 . 2011-03-06 20:14   --------   d-----w-   c:\program files\Common Files\PC Tools
2011-03-06 20:14 . 2010-11-24 09:18   89192   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-03-06 20:14 . 2010-07-08 09:49   57536   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
2011-03-06 20:14 . 2010-02-05 09:26   32808   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
2011-03-06 20:14 . 2010-11-25 10:42   124992   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
2011-03-06 20:14 . 2011-03-06 21:53   --------   d-----w-   c:\program files\PC Tools Firewall Plus
2011-03-06 20:01 . 2011-03-06 20:01   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-03-06 19:59 . 2011-03-06 19:59   --------   d-----w-   c:\program files\Common Files\Skype
2011-03-06 19:59 . 2011-03-06 19:59   --------   d-----r-   c:\program files\Skype
2011-03-06 19:59 . 2011-03-06 19:59   --------   d-----w-   c:\documents and settings\Jessica\Application Data\Skype
2011-02-23 22:58 . 2011-02-24 22:33   --------   d-----w-   c:\program files\Microsoft Security Client
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 12:00   270848   ----a-w-   c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-07-11 10:02   2067456   ----a-w-   c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-07-11 10:02   677888   ----a-w-   c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 12:00   439296   ----a-w-   c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 12:00   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 12:00   1854976   ----a-w-   c:\windows\system32\win32k.sys
2010-12-27 08:26 . 2010-12-27 08:26   1409   ----a-w-   c:\windows\QTFont.for
2010-12-23 18:43 . 2010-12-23 18:43   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2010-12-23 18:43 . 2010-12-23 18:43   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2010-12-22 12:34 . 2004-08-04 12:00   301568   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-04 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-04 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-04 12:00   730112   ----a-w-   c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 12:00   385024   ----a-w-   c:\windows\system32\html.iec
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-23 274608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2005-06-08 13:44   196608   ----a-w-   c:\program files\Logitech\Video\ManifestEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 14:24   458752   -c--a-w-   c:\program files\Logitech\Video\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 14:14   217088   -c--a-w-   c:\program files\Logitech\Video\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 16:32   221184   ----a-w-   c:\windows\system32\LVCOMSX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 22:12   3872080   ----a-w-   c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-07-11 14:15   77824   -c--a-w-   c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28   577536   -c--a-w-   c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 15:31   2144088   ------w-   c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"9571:TCP"= 9571:TCP:Services
"9572:TCP"= 9572:TCP:Services
"2696:TCP"= 2696:TCP:Services
"3892:TCP"= 3892:TCP:Services
"7914:TCP"= 7914:TCP:Services
"7915:TCP"= 7915:TCP:Services
"3165:TCP"= 3165:TCP:Services
"4830:TCP"= 4830:TCP:Services
"1946:TCP"= 1946:TCP:Services
"2392:TCP"= 2392:TCP:Services
"2368:TCP"= 2368:TCP:Services
"3236:TCP"= 3236:TCP:Services
"4274:TCP"= 4274:TCP:Services
"7048:TCP"= 7048:TCP:Services
"5069:TCP"= 5069:TCP:Services
"8638:TCP"= 8638:TCP:Services
"3629:TCP"= 3629:TCP:Services
"5758:TCP"= 5758:TCP:Services
"8661:TCP"= 8661:TCP:Services
"8662:TCP"= 8662:TCP:Services
"4959:TCP"= 4959:TCP:Services
"6824:TCP"= 6824:TCP:Services
"4027:TCP"= 4027:TCP:Services
"8099:TCP"= 8099:TCP:Services
"1744:TCP"= 1744:TCP:Services
"3805:TCP"= 3805:TCP:Services
"2936:TCP"= 2936:TCP:Services
"1522:TCP"= 1522:TCP:Services
"1544:TCP"= 1544:TCP:Services
"2177:TCP"= 2177:TCP:Services
"6677:TCP"= 6677:TCP:Services
"4272:TCP"= 4272:TCP:Services
"3883:TCP"= 3883:TCP:Services
"3601:TCP"= 3601:TCP:Services
"4521:TCP"= 4521:TCP:Services
"3912:TCP"= 3912:TCP:Services
"1647:TCP"= 1647:TCP:Services
"4896:TCP"= 4896:TCP:Services
"6615:TCP"= 6615:TCP:Services
"3349:TCP"= 3349:TCP:Services
"5198:TCP"= 5198:TCP:Services
.
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [06/03/2011 20:14 57536]
S2 gupdate1ca0e0da721a366;Google Update Service (gupdate1ca0e0da721a366);c:\program files\Google\Update\GoogleUpdate.exe [26/07/2009 16:25 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;

S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [06/03/2011 20:14 57536]
S3 qic157;qic157;c:\windows\system32\drivers\qic157.sys [11/07/2009 10:57 6016]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 16:25]
.
2011-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 16:25]
.
2011-03-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]
.
2011-03-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-1409082233-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
.
2011-03-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-1409082233-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Jessica\Application Data\Mozilla\Firefox\Profiles\npmwuxnm.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-SpybotSD TeaTimer - files\spybot - search & destroy\teatimer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-10 20:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3272)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-03-10 20:09:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-10 20:09
.
Pre-Run: 7,357,812,736 bytes free
Post-Run: 7,486,500,864 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5A03D23A1C465FD9B080853028E0BAD9

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
PC Tools Firewall Plus 7.0
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
nCleaner second 2.3.4.0
WinCleaner OneClick Professional Clean Version 11 Trial Edition
Adobe Flash Player 10.0.45.2
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
PC Tools Firewall Plus FWService.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````

SuperDave · « **Reply #5 on:** March 10, 2011, 04:48:11 PM »

Quote

Just so you know; at reboot, I again got the message that PC Tools had a problem.

Why not uninstall it? We can re-install it later.
Could you please run this for me? I want to check on something.

•Start HijackThis
•Click on the Misc Tools button
•Click on the Open Uninstall Manager button.
•Click on the Save list... button and specify where you would like to save this file. When you press Save button a Notepad will open with the contents of that file. Save the file to your desktop.
Copy and paste this file in your next reply.

Confused.com · « **Reply #6 on:** March 11, 2011, 12:31:58 PM »

Hi Dave

Thank you for the continued help.

I will uninstall pc tools now, I was advised to load it, thats the only reason I even have it.

As requested the Hijack this log, yikes it looks to be a lot, but what do i know? (Dont answer this, I have the answer thanks!!!)

1.3.0
Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
CCleaner (remove only)
Critical Update for Windows Media Player 11 (KB959772)
DivX Web Player
Google Chrome
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Junk Mail filter update
Logitech QuickCam Software
Logitech® Camera Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6 Service Pack 2 (KB973686)
Next Generation Visualisations
OGA Notifier 2.0.0048.0
PC Tools Firewall Plus 7.0
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek AC'97 Audio
RealUpgrade 1.1
Recover My Files
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
ShowInfo
Skype™ 4.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.5
WinCleaner OneClick Professional Clean Version 11 Trial Edition
Windows Imaging Component
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3

SuperDave · « **Reply #7 on:** March 12, 2011, 11:50:24 AM »

Quote

I was advised to load it, thats the only reason I even have it.

Oh, it's a good idea to have a third-party firewall. We can re-install it when we're finished.

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

Confused.com · « **Reply #8 on:** March 12, 2011, 03:08:14 PM »

Hi Dave, Ooops I have attempted numerous times but get the message
" Error invalid PE image" I can however still scan and attach the file in case it is of value to us. If it is lacking just let me know how I can maybe get the desired result.

Thanks
Martin.

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2011/03/12 22:03
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB5E00000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA600000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB5BF0000   Size: 49152   File Visible: No   Signed: -
Status: -

==EOF==

SuperDave · « **Reply #9 on:** March 13, 2011, 12:07:02 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Confused.com · « **Reply #10 on:** March 13, 2011, 02:35:48 PM »

Hi Again Dave, well the scan didn't reveal anything so the options to export a list of found threats wasn't given.
Therefore please see NOTHING below for your attention!!!
Martin

SuperDave · « **Reply #11 on:** March 13, 2011, 07:12:32 PM »

That looks good. How's your computer running? Any issues?

Confused.com · « **Reply #12 on:** March 14, 2011, 01:56:16 PM »

Hi Dave, ha I have been so busy taking care not to "invite" things into my system whilst taking your advice I had not actually used my pc, but now notice that all in all I can now open more than one URL at a time, the speed of the pages appearing in full is better too.

The start up process to the point of being able to open Google is about 3 minutes. So all in all I am very pleased, I can remove MSN Messenger from the "start up" as i rarely use it which should help.

So its over to you......May I ask if you have spotted anything that takes up lots of space that I don't need? I wish to purchase a Software Program for Home Design that I wouldn't purchase whilst my pc was so slow and unresponsive.

Thanks again Dave, sorry I only just noticed the improvements.

SuperDave · « **Reply #13 on:** March 15, 2011, 04:34:10 PM »

Quote

The start up process to the point of being able to open Google is about 3 minutes.

I've notice that same thing with my computer but I know it's all the upgrades coming in at once. It's less frustrationg to just wait 5 - 10 mins. before using the computer. I have added a program below that you can run to speed up your startup, if you wish.

StartupLite

Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
*******************************************

Quote

May I ask if you have spotted anything that takes up lots of space that I don't need?

I look through your list of programs and nothing pops out that you should remove. You can go through them and uninstall anything you don't use. I've also included a program below that will clear out unused files.

Please download PureRa by RaProducts from HERE

First, unzip the program.
Double click Purera.exe to open it.
When it opens, click the "Next" button to open up a menu of options.
Tick the box that says "Check All" and make sure the "Create Log" option is also checked.
Then press the "Clean" button to start the cleaning process.
It may look like nothing is happening, but let it run.
After it's done, it will make a log file of what it has removed.
Paste the log back here.

***********************************************
Now some cleanup.
This may not work because you have ComboFix running from a different location. Please let me know if it doesn't work.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

**********************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Confused.com · « **Reply #14 on:** March 17, 2011, 04:02:15 PM »

Hi Dave, WOW! Lots to read and consider at the end your message, thank you.

Ok I have done all you suggested. StartUpLite is great. Pasted log from PureRa as requested. I eventually managed to delete that one click wincleaner, it was stubborn,refusing to leave via add\remove programs.

With your recommended tools I can hopefully maintain now - rather than let it get so bad again.

Many thanks Dave.
Martin.

RaProducts' PureRa v1.6
Log created at 22:08 on 16/03/2011 (Jessica)

C:\Config.MSI emptied.
C:\WINDOWS\system32\FNTCACHE.DAT <- Successfully deleted.
Recycle bin emptied.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs emptied.
C:\WINDOWS\SoftwareDistribution\Download emptied.
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default emptied.
C:\WINDOWS\SoftwareDistribution\WuRedir emptied.
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log <- The process cannot access the file because it is being used by another process.
C:\DOCUME~1\Jessica\LOCALS~1\Temp emptied.
C:\WINDOWS\TEMP emptied.
C:\WINDOWS\$MSI31Uninstall_KB893803v2$ <- Successfully deleted.
C:\WINDOWS\$NtServicePackUninstall$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2079403$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2115168$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2121546$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2141007$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2158563$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2160329$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2229593$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2259922$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2279986$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2286198$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2296011$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2296199$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2345886$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2347290$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2360937$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2378111_WM9$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2387149$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2419632$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2423089$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2436673$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2440591$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2443105$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2443685$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2447961_WM9L$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB2467659$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB898461$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB916089$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB923561$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB923561_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB923689$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB925720$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB926239$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB929399$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB936782_WMP10$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB936782_WMP11$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB938464-v2$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB938464-v2_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB939683$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB941569$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB944338-v2$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB946648$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB946648_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB950762$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB950762_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB950974$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB950974_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB951066$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB951066_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB951376-v2$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB951376-v2_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB951748$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB951748_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB951978$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB952004$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB952004_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB952069_WM9$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB952287$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB952287_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB952954$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB952954_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB954154_WM11$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB954155_WM9$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB954156_WM9L$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB954600$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB954600_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB954708$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB955069$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB955069_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB955759$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB955759_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB955839$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB956572$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB956572_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB956744$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB956802$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB956802_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB956803$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB956803_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB956844$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB956844_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB957097$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB957097_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB958470$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB958644$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB958644_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB958687$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB958687_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB958869$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB959426$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB959426_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB959772_WM11$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB960225$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB960225_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB960803$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB960803_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB960859$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB960859_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB961118$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB961118_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB961371$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB961371_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB961501$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB961503$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB961503_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB967715$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB967715_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB968389$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB968389_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB968537$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB968537_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB968816_WM9$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB969059$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB969059_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB969897$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB969947$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB969947_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB970238$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB970238_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB970430$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB970430_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB970653-v3$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB971032$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB971468$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB971468_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB971486$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB971486_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB971557$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB971557_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB971633$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB971633_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB971657$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB971657_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB971737$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB971737_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB972270$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB972270_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB973346$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB973354$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB973354_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB973507$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB973507_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB973525$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB973540_WM9L$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB973687$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB973687_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB973687_1$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB973815$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB973815_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB973869$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB973869_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB973904$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB974112$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB974112_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB974112_1$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB974318$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB974318_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB974392$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB974392_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB974571$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB974571_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB975025$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB975025_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB975467$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB975467_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB975558_WM8$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB975560$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB975560_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB975561$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB975561_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB975562$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB975713$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB975713_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB976098-v2$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB977165$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB977165_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB977816$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB977914_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB978037$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB978037_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB978251$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB978251_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB978262$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB978338$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB978542$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB978601$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB978695_WM9$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB978706$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB978706_0$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB979306$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB979309$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB979332_WM9L$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB979482$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB979559$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB979683$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB979687$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB980195$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB980218$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB980232$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB980436$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB981322$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB981793$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB981852$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB981957$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB981997$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB982132$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB982214$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB982665$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallKB982802$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallMSCompPackV1$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallWdf01005$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallWIC$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallWMFDist11$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallwmp11$ <- Successfully deleted.
C:\WINDOWS\$NtUninstallWudf01000$ <- Successfully deleted.
C:\WINDOWS\system32\wbem\Logs\FrameWork.log <- Successfully deleted.
C:\WINDOWS\system32\wbem\Logs\mofcomp.log <- Successfully deleted.
C:\WINDOWS\system32\wbem\Logs\wbemcore.log <- Successfully deleted.
C:\WINDOWS\system32\wbem\Logs\wbemcore.lo_ <- Successfully deleted.
C:\WINDOWS\system32\wbem\Logs\wbemess.log <- Successfully deleted.
C:\WINDOWS\system32\wbem\Logs\wbemess.lo_ <- Successfully deleted.
C:\WINDOWS\system32\wbem\Logs\wbemprox.log <- Successfully deleted.
C:\WINDOWS\system32\wbem\Logs\wmiprov.log <- Successfully deleted.
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Guest\Application Data\Microsoft\MSN Messenger\sqmnoopt00.sqm <- Successfully deleted.
C:\Documents and Settings\Guest\Application Data\Microsoft\MSN Messenger\sqmnoopt01.sqm <- Successfully deleted.
C:\Documents and Settings\Guest\Application Data\Microsoft\MSN Messenger\sqmnoopt02.sqm <- Successfully deleted.
C:\Documents and Settings\Guest\Application Data\Microsoft\MSN Messenger\sqmnoopt03.sqm <- Successfully deleted.
C:\Documents and Settings\Guest\Application Data\Microsoft\MSN Messenger\sqmnoopt04.sqm <- Successfully deleted.
C:\Documents and Settings\Guest\Application Data\Microsoft\MSN Messenger\sqmnoopt05.sqm <- Successfully deleted.
C:\Documents and Settings\Guest\Application Data\Microsoft\MSN Messenger\sqmnoopt06.sqm <- Successfully deleted.
C:\Documents and Settings\Guest\Application Data\Microsoft\MSN Messenger\sqmnoopt07.sqm <- Successfully deleted.
C:\Documents and Settings\Guest\Application Data\Microsoft\MSN Messenger\sqmnoopt08.sqm <- Successfully deleted.
C:\Documents and Settings\Guest\Application Data\Microsoft\MSN Messenger\sqmnoopt09.sqm <- Successfully deleted.
C:\Documents and Settings\Guest\Application Data\Microsoft\MSN Messenger\sqmnoopt10.sqm <- Successfully deleted.
C:\Documents and Settings\Guest\Application Data\Microsoft\MSN Messenger\sqmnoopt11.sqm <- Successfully deleted.
C:\Documents and Settings\Guest\Application Data\Microsoft\MSN Messenger\sqmnoopt12.sqm <- Successfully deleted.
C:\Documents and Settings\Guest\Application Data\Microsoft\MSN Messenger\sqmnoopt13.sqm <- Successfully deleted.
C:\Documents and Settings\Guest\Application Data\Microsoft\MSN Messenger\sqmnoopt14.sqm <- Successfully deleted.
C:\Documents and Settings\Guest\Application Data\Microsoft\MSN Messenger\sqmnoopt15.sqm <- Successfully deleted.
C:\Documents and Settings\Guest\Application Data\Microsoft\MSN Messenger\sqmnoopt16.sqm <- Successfully deleted.
C:\Documents and Settings\Guest\Local Settings\Application Data\IconCache.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\Application Data\Microsoft\MSN Messenger\sqmnoopt00.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\Desktop\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\Desktop\Quick FAT Partition 1\[00466816]\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_1024.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_256.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_32.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_96.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_idx.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_sr.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\wmplog00.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\My Documents\My Music\Santana\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\My Documents\My Music\Santana\Abraxas [Bonus Tracks]\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Baby\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\balloons\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Bird\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Birdy\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Flat100.Leak\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Iwom\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Iwom\Morning Sky\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Iwom\Morning Sky\Ohhhh\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Iwom\Morning Sky\Ohhhh\Awomuk\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Iwom\Morning Sky\Ohhhh\balloons2\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Iwom\Morning Sky\Ohhhh\Iwom\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Lake\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\My Logitech Pictures\Pictures and Videos\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Snow &Fog Dec 22nd 09\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\My Documents\My Pictures\Snow Dec 21st 09\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\My Documents\My Videos\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant\My Documents\My Videos\RealPlayer Downloads\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Application Data\Microsoft\MSN Messenger\sqmnoopt00.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Application Data\Microsoft\MSN Messenger\sqmnoopt01.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Application Data\Microsoft\MSN Messenger\sqmnoopt02.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Application Data\Microsoft\MSN Messenger\sqmnoopt03.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Application Data\Microsoft\MSN Messenger\sqmnoopt04.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Application Data\Microsoft\MSN Messenger\sqmnoopt05.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Application Data\Microsoft\MSN Messenger\sqmnoopt06.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Application Data\Microsoft\MSN Messenger\sqmnoopt07.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Application Data\Microsoft\MSN Messenger\sqmnoopt08.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Application Data\Microsoft\MSN Messenger\sqmnoopt09.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Application Data\Microsoft\MSN Messenger\sqmnoopt10.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Desktop\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Desktop\Bob\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Desktop\Quick FAT Partition 1\[00466816]\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_1024.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_256.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_32.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_96.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_idx.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_sr.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\SqmApi\SqmSessionData-NoOptIn-WLXPhotoGallery-00.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\SqmApi\SqmSessionData-NoOptIn-WLXPhotoGallery-01.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Temp\wmplog00.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Temp\wmplog01.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Temp\wmplog02.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Temp\wmplog03.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Temp\wmplog04.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Temp\wmplog05.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Temp\wmplog06.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Temp\wmplog07.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Temp\wmplog08.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Temp\wmplog09.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Temp\wmplog10.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Temp\wmplog11.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Temp\wmplog12.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Temp\wmplog13.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Temp\wmplog14.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Temp\wmplog15.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\Local Settings\Temp\wmplog16.sqm <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Music\Santana\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Music\Santana\Abraxas [Bonus Tracks]\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\Artillery\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\Baby\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\balloons\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\Bird\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\Birdy\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\Fin\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\Flat100.Leak\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\For Vera\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\Gambia Jan 2010\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\Gambia Jan 2010\New Folder\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\Iwom\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\Iwom\Morning Sky\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\Iwom\Morning Sky\Ohhhh\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\Iwom\Morning Sky\Ohhhh\Awomuk\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\Iwom\Morning Sky\Ohhhh\balloons2\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\Iwom\Morning Sky\Ohhhh\Iwom\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\Lake\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\My Logitech Pictures\Pictures and Videos\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\Oooh!\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\Snow &Fog Dec 22nd 09\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\Snow Dec 21st 09\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\Snow Jan 7th\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\Snow Jan 8th\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\T for 1\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Pictures\YUMMY\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Received Files\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Videos\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\My Videos\RealPlayer Downloads\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\HelpAssistant.JESSICA-03B63CD\My Documents\Quick FAT Partition 1\Lost Files\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\Application Data\Microsoft\MSN Messenger\sqmnoopt00.sqm <- Successfully deleted.
C:\Documents and Settings\Jessica\Application Data\Microsoft\MSN Messenger\sqmnoopt01.sqm <- Successfully deleted.
C:\Documents and Settings\Jessica\Application Data\Microsoft\MSN Messenger\sqmnoopt02.sqm <- Successfully deleted.
C:\Documents and Settings\Jessica\Application Data\Microsoft\MSN Messenger\sqmnoopt03.sqm <- Successfully deleted.
C:\Documents and Settings\Jessica\Application Data\Microsoft\MSN Messenger\sqmnoopt04.sqm <- Successfully deleted.
C:\Documents and Settings\Jessica\Application Data\Microsoft\MSN Messenger\sqmnoopt05.sqm <- Successfully deleted.
C:\Documents and Settings\Jessica\Application Data\Microsoft\MSN Messenger\sqmnoopt06.sqm <- Successfully deleted.
C:\Documents and Settings\Jessica\Application Data\Microsoft\MSN Messenger\sqmnoopt07.sqm <- Successfully deleted.
C:\Documents and Settings\Jessica\Application Data\Microsoft\MSN Messenger\sqmnoopt08.sqm <- Successfully deleted.
C:\Documents and Settings\Jessica\Application Data\Microsoft\MSN Messenger\sqmnoopt09.sqm <- Successfully deleted.
C:\Documents and Settings\Jessica\Desktop\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\Desktop\Quick FAT Partition 1\[00466816]\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\Local Settings\Application Data\IconCache.db <- Successfully deleted.
C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_1024.db <- Successfully deleted.
C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_256.db <- Successfully deleted.
C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_32.db <- Successfully deleted.
C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_96.db <- Successfully deleted.
C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_idx.db <- Successfully deleted.
C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_sr.db <- Successfully deleted.
C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\SqmApi\SqmSessionData-NoOptIn-WLXPhotoGallery-00.sqm <- Successfully deleted.
C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\SqmApi\SqmSessionData-NoOptIn-WLXPhotoGallery-01.sqm <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Music\Santana\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Music\Santana\Abraxas [Bonus Tracks]\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\06-11-2010\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\08 January 2011\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\18-10-2010\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\18-10-2010(1)\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\2011-01-08 001\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\21-10-2010\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\Baby\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\balloons\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\Bits\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\Gambia dec2010\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\Gambia Jan 2010\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\Gambia Jan 2010\New Folder\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\Iwom\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\Iwom\Morning Sky\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\Iwom\Morning Sky\Ohhhh\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\Iwom\Morning Sky\Ohhhh\Awomuk\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\Iwom\Morning Sky\Ohhhh\balloons2\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\Iwom\Morning Sky\Ohhhh\Iwom\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\Lake\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\My Logitech Pictures\bitsand\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\My Logitech Pictures\Pictures and Videos\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Pictures\Snow Jan 8th\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Received Files\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Videos\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Videos\08 January 2011\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\My Videos\RealPlayer Downloads\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\New Folder\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Jessica\My Documents\Quick FAT Partition 1\Lost Files\Thumbs.db <- Successfully deleted.
C:\output\Thumbs.db <- Successfully deleted.

Total space cleaned: 1415227105 bytes

-=E.O.F=-

Computer Hope Forum

News:

Author Topic: PC full of rubbish..and slow. (Read 20312 times)

Confused.com

PC full of rubbish..and slow.

SuperDave

Re: PC full of rubbish..and slow.

Confused.com

Re: PC full of rubbish..and slow.

SuperDave

Re: PC full of rubbish..and slow.

Confused.com

Re: PC full of rubbish..and slow.

SuperDave

Re: PC full of rubbish..and slow.

Confused.com

Re: PC full of rubbish..and slow.

SuperDave

Re: PC full of rubbish..and slow.

Confused.com

Re: PC full of rubbish..and slow.

SuperDave

Re: PC full of rubbish..and slow.

Confused.com

Re: PC full of rubbish..and slow.

SuperDave

Re: PC full of rubbish..and slow.

Confused.com

Re: PC full of rubbish..and slow.

SuperDave

Re: PC full of rubbish..and slow.

Confused.com

Re: PC full of rubbish..and slow.