[moscatomg1]

I've been doing a lot of program installs, messing w/ start up settings, etc. on a newer laptop, and--long story short--some things have gotten fouled up. the topic title pretty much says it: there are several basic microsoft programs that have disappeared (calculator, paint, IE, and more), but it looks like it's just their icons and listings from the start/program menu(s). opening those programs from the run item in the start menu seems to work for most. also, dual monitor was working fine but then in the middle of it I tried to move the laptop lid down so it was just ajar, but it clamped down shut instead--and now the dual monitor set up is all glitchy. I.e. only parts of the screen image show up on the other "monitor"(a tv), and the cpu clocks way high when plugged in to that device only. when plugged into another device, though, it's all fine. lastly, the great fix-all solution, sys. restore, of course does not want to work on any of the several available pts. I've done some preliminary virus scanning, and that does not seem to be the issue. though, of course, i could be wrong, and there could be something deep in there. please, please help.

[Advertisements]

How NEW is newer please

[Macboatmaster]

How NEW is newer please

[moscatomg1]

purchased in the last 3-4 months. so there's *maybe* some tech support w/ dell i could use, but I prefer to seek my tech help here, b/c geekstogo has always solved my issues. anyway, the sys. info:
dell inspiron 1012, intel atom, CPU n450 @ 1.66ghz, .99 gb RAM. . . . also, as for the dual monitor problem. I've done some more trouble shooting, and it looks to definitely be isolated to the tv set itself and it's rgb input--something on that end must have gotten overloaded, b/c of a stupid little mistake of the laptop lid closing in the middle of watching some streaming live video (world cup). and i checked the cables, too, so something in the tv probably got overloaded. so that problem likely goes beyond the realm of things in these forums....but I still do need help w/ the other issues. thank you. Edit: I also have some unusual and cpu consuming stuff happening w/ msmsgs.exe--which I've read other people say is potentially a virus.

Edited by moscatomg1, 27 June 2010 - 11:44 PM.

[Macboatmaster]

1. My advice would be back to the supplier in view of the fact it is without doubt under guarantee, for the possible result is that the more you try the worst it maybe and the more invalidated the guarantee maybe.
That said it is of course your decision.
2. See this for the dual monitor. I would ahve thought that the TV needed to be set on OTHER than RGB for the video output from the Dell.
http://ask-leo.com/h...ve_it_work.html
3. If you wish to try
START
My Computer
Right click the hard drive
Click Properties
Click Tools
Click Error checking
Click Check Now
Click to check the box - automatically Fix file system errors
Click Start - you will rceive a message to reschedule for next restart
Click YES
Restart
DO NOT INTERRUPT or use computer.
Come back pls when completed.

[moscatomg1]

ok. thanks for the advice. if things don't work out here, and/or we find that there's some malfunctioning hardware, then I'll probably take you up the suggestion. still, since I've had some underwhelming experiences w/ dell tech support (though their systems are *ok* and at the right price), I'll first give it a shot here if you'd like to continue trying to help. . . . as for the hd scan, I did it, and it seemed to run smoothly--and I couldn't see any bad error messages. also, earlier, I started going through some more basic steps. i did a combofix run, and I'll post that below. lastly, as for the still missing programs/icons, I started to wonder if it may be due to that the sys. was haphazardly shut off in the middle of windows update, which it always says not to do. so i wonder if that could be a potential culprit? edit: also, again earlier, since I didn't know how long it would be for a reply, I did a full sys. virus scan w/ norton, and it didn't find a single thing infected, for what that's worth.


ComboFix 10-06-27.06 - R 06/28/2010 10:05:59.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.451 [GMT -7:00]
Running from: c:\documents and settings\R\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\R\Application Data\BITS
c:\documents and settings\R\Application Data\BITS\BITS.ini
c:\documents and settings\R\Application Data\BITS\DHTTable.dat
c:\documents and settings\R\Application Data\BITS\ProxyList.ini
c:\documents and settings\R\Application Data\FlashGetBHO
c:\documents and settings\R\Application Data\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\R\Application Data\FlashGetBHO\FlashGetHook.dll
c:\documents and settings\R\Application Data\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\R\Application Data\FlashGetBHO\GetUrl.htm
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\adns.dll
c:\program files\FlashGet Network\FlashGet 3\btcoreu.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.exe
c:\program files\FlashGet Network\FlashGet 3\cd1.ico
c:\program files\FlashGet Network\FlashGet 3\ckcore.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll
c:\program files\FlashGet Network\FlashGet 3\commonlib.dll
c:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll
c:\program files\FlashGet Network\FlashGet 3\config\clients.met
c:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat
c:\program files\FlashGet Network\FlashGet 3\config\emfriends.met
c:\program files\FlashGet Network\FlashGet 3\config\known.met
c:\program files\FlashGet Network\FlashGet 3\config\known2_64.met
c:\program files\FlashGet Network\FlashGet 3\config\preferences.dat
c:\program files\FlashGet Network\FlashGet 3\config\preferences.ini
c:\program files\FlashGet Network\FlashGet 3\config\server.met
c:\program files\FlashGet Network\FlashGet 3\config\upload.met
c:\program files\FlashGet Network\FlashGet 3\corestat.dll
c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\program files\FlashGet Network\FlashGet 3\dbghelp.dll
c:\program files\FlashGet Network\FlashGet 3\fg.ico
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml
c:\program files\FlashGet Network\FlashGet 3\FGSoftware.exe
c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
c:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi
c:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll
c:\program files\FlashGet Network\FlashGet 3\FlashGetHook.dll
c:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll
c:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll
c:\program files\FlashGet Network\FlashGet 3\fnsLanguage.dll
c:\program files\FlashGet Network\FlashGet 3\fnslanguage_en.dll
c:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll
c:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll
c:\program files\FlashGet Network\FlashGet 3\game.ico
c:\program files\FlashGet Network\FlashGet 3\gb2312-unicode.dic
c:\program files\FlashGet Network\FlashGet 3\gdiplus.dll
c:\program files\FlashGet Network\FlashGet 3\GetAllUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GetUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe
c:\program files\FlashGet Network\FlashGet 3\libem.dll
c:\program files\FlashGet Network\FlashGet 3\license.txt
c:\program files\FlashGet Network\FlashGet 3\lst_tz.bin
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\P2PCore.dll
c:\program files\FlashGet Network\FlashGet 3\P2SCore.dll
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pncrt.dll
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll
c:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\bmsgbox_clock.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\bmsgbox_disk.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\preview.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\skin.xml
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\Gray\BarSet.png
c:\program files\FlashGet Network\FlashGet 3\storage.dll
c:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe
c:\program files\FlashGet Network\FlashGet 3\uninst.exe
c:\program files\FlashGet Network\FlashGet 3\VodCore.dll
c:\program files\FlashGet Network\FlashGet 3\zlib.dll
c:\windows\system32\secushr.dat
c:\windows\system32\secustat.dat

.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-28 )))))))))))))))))))))))))))))))
.

2010-06-28 15:58 . 2010-06-28 15:58 -------- d-----w- C:\Search
2010-06-28 00:43 . 2008-04-14 07:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-06-28 00:43 . 2008-04-14 07:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-06-27 19:14 . 2010-06-27 19:14 -------- d-----w- c:\program files\SopCast
2010-06-27 07:43 . 2010-06-27 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AutoHideIP
2010-06-27 07:43 . 2010-06-27 07:43 -------- d-----w- c:\documents and settings\R\Application Data\AutoHideIP
2010-06-27 07:39 . 2010-06-27 07:42 -------- d-----w- c:\program files\AutoHideIP
2010-06-27 02:28 . 2010-06-27 02:29 -------- d-----w- C:\f7cbdc8ba372b36c6fb5f849187ba617
2010-06-27 02:28 . 2010-06-27 09:51 -------- d-----w- c:\windows\ie8updates
2010-06-27 02:06 . 2010-06-27 02:06 -------- d-----w- C:\7c340492fc84f1f172bb62edc2
2010-06-26 21:08 . 2010-03-24 17:42 57418 ----a-w- c:\documents and settings\R\Application Data\Mozilla\Firefox\Profiles\t0qbasac.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll
2010-06-26 21:08 . 2010-06-26 21:08 -------- d-----w- C:\Downloads
2010-06-26 21:07 . 2010-06-26 21:07 -------- d-----w- c:\documents and settings\R\Application Data\FlashGet
2010-06-26 20:01 . 2010-06-26 20:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-26 19:24 . 2010-06-27 17:50 188152 ----a-w- c:\documents and settings\R\Application Data\Mozilla\Firefox\Profiles\t0qbasac.default\FlashGot.exe
2010-06-26 19:24 . 2007-12-30 11:01 307200 ----a-w- c:\documents and settings\R\Application Data\Mozilla\Firefox\Profiles\t0qbasac.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2010-06-26 19:24 . 2007-12-30 11:01 172032 ----a-w- c:\documents and settings\R\Application Data\Mozilla\Firefox\Profiles\t0qbasac.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2010-06-26 19:24 . 2007-12-30 11:01 90112 ----a-w- c:\documents and settings\R\Application Data\Mozilla\Firefox\Profiles\t0qbasac.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2010-06-26 19:24 . 2008-09-17 16:07 847360 ----a-w- c:\documents and settings\R\Application Data\Mozilla\Firefox\Profiles\t0qbasac.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
2010-06-26 16:06 . 2010-06-27 08:02 -------- d-----w- c:\documents and settings\R\Application Data\vlc
2010-06-26 06:43 . 2010-06-26 06:43 -------- d-----w- c:\documents and settings\R\Application Data\Apple Computer
2010-06-26 06:41 . 2010-06-26 06:41 -------- d-----w- c:\program files\QuickTime
2010-06-26 06:41 . 2010-06-26 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-26 06:40 . 2010-06-26 06:40 -------- d-----w- c:\program files\Common Files\Apple
2010-06-26 06:40 . 2010-06-26 06:40 -------- d-----w- c:\documents and settings\R\Local Settings\Application Data\Apple
2010-06-26 06:40 . 2010-06-26 06:40 -------- d-----w- c:\program files\Apple Software Update
2010-06-26 06:40 . 2010-06-26 06:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-06-26 06:40 . 2010-06-26 06:40 -------- d-----w- c:\documents and settings\R\Local Settings\Application Data\Apple Computer
2010-06-26 06:39 . 2010-06-26 06:39 -------- d-----w- c:\program files\7-Zip
2010-06-26 03:02 . 2010-06-26 03:02 -------- d-----w- c:\program files\VideoLAN
2010-06-26 02:29 . 2010-06-26 02:29 4710 ----a-r- c:\documents and settings\R\Application Data\Microsoft\Installer\{DF6DA606-904D-4C18-823F-A4CFC3035E53}\ext.exe
2010-06-26 02:29 . 2010-06-26 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\eFax Messenger 4.4 Output
2010-06-26 02:29 . 2010-06-26 02:29 -------- d-----w- c:\program files\eFax Messenger 4.4
2010-06-26 02:29 . 2010-06-26 02:29 89600 ----a-w- c:\documents and settings\R\Application Data\j2 Global\eFax Messenger\install\decoder.dll
2010-06-26 02:29 . 2010-06-26 02:29 -------- d-----w- c:\documents and settings\R\Application Data\j2 Global
2010-06-25 00:22 . 2010-06-25 00:22 -------- d-----w- c:\documents and settings\R\Application Data\Template
2010-06-24 18:00 . 2010-06-24 18:00 -------- d-----w- c:\program files\Common Files\HP
2010-06-24 17:59 . 2010-06-24 18:00 -------- d-----w- c:\program files\Hewlett-Packard
2010-06-24 17:59 . 2010-06-24 17:59 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-06-24 17:58 . 2008-04-14 07:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-06-24 17:58 . 2008-04-14 07:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-06-24 17:58 . 2008-04-14 07:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-06-24 17:58 . 2008-04-14 07:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-06-24 17:56 . 2004-09-29 19:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-06-24 17:56 . 2004-09-29 19:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-06-24 17:56 . 2004-09-29 19:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-06-24 17:56 . 2004-09-29 19:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-06-24 17:56 . 2004-09-29 19:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-06-24 17:56 . 2004-09-29 19:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-06-24 17:56 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-06-24 17:55 . 2010-06-24 18:00 -------- d-----w- c:\program files\HP
2010-06-24 17:54 . 2010-06-24 18:01 69421 ----a-w- c:\windows\hpoins05.dat
2010-06-24 17:54 . 2004-12-14 16:07 19696 ------w- c:\windows\hpomdl05.dat
2010-06-24 17:50 . 2004-12-14 16:07 581632 ----a-w- c:\windows\system32\hpotscl.dll
2010-06-24 17:50 . 2004-12-14 16:07 229376 ----a-w- c:\windows\system32\hpovst08.dll
2010-06-24 17:50 . 2004-12-14 16:07 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2010-06-24 17:50 . 2004-12-14 16:07 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-06-24 17:50 . 2004-12-14 16:07 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-06-24 17:50 . 2004-12-14 16:07 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-06-24 17:50 . 2004-12-14 16:07 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2010-06-24 17:50 . 2004-12-14 16:07 180315 ----a-w- c:\windows\system32\hpzsnt12.dll
2010-06-24 17:50 . 2004-12-14 16:07 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2010-06-24 17:50 . 2004-12-14 16:07 274432 ----a-w- c:\windows\system32\HPZc3212.dll
2010-06-24 03:24 . 2010-06-24 03:24 -------- d-----w- c:\windows\Sun
2010-06-24 01:16 . 2010-06-24 01:16 -------- d-----w- c:\program files\uTorrent
2010-06-24 01:15 . 2010-06-27 09:23 -------- d-----w- c:\documents and settings\R\Application Data\uTorrent
2010-06-24 00:56 . 2010-06-27 02:34 -------- d-----w- c:\program files\PeerGuardian2
2010-06-23 01:30 . 2010-06-23 01:30 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-06-23 01:29 . 2010-06-23 01:29 -------- d-----w- c:\windows\OPTIONS
2010-06-23 01:29 . 2008-06-27 17:39 332928 ----a-w- c:\windows\system32\drivers\RTL8187.sys
2010-06-23 01:29 . 2008-06-27 17:39 332928 ----a-w- c:\windows\system\rtl8187.sys
2010-06-23 01:29 . 2010-06-23 01:29 -------- d-----w- c:\windows\system32\RadioLabs Wireless USB Driver and Utility
2010-06-23 01:29 . 2010-06-23 01:29 -------- d-----w- c:\program files\RadioLabs
2010-06-23 01:29 . 2007-10-09 20:13 38144 ----a-w- c:\windows\system32\drivers\EAPPkt.sys
2010-06-18 21:35 . 2010-06-18 21:35 -------- d-----w- c:\documents and settings\R\Application Data\eFax Messenger
2010-06-18 18:10 . 2010-06-18 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2010-06-18 18:09 . 2010-06-18 18:09 -------- d-----w- c:\documents and settings\R\Application Data\Creative
2010-06-09 15:38 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-03 15:49 . 2010-06-03 15:49 -------- d-----w- c:\program files\Hungry for Knowledge
2010-06-03 15:45 . 2010-06-03 15:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-06-03 15:40 . 2010-06-03 15:41 -------- d-----w- c:\documents and settings\R\Local Settings\Application Data\Temp
2010-06-03 15:40 . 2010-06-03 15:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-06-03 15:39 . 2010-06-26 19:25 -------- d-----w- c:\documents and settings\R\Local Settings\Application Data\Google
2010-06-03 15:39 . 2010-06-26 02:43 -------- d-----w- c:\program files\Google
2010-06-03 13:56 . 2010-06-03 13:56 503808 ----a-w- c:\documents and settings\R\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-39224521-n\msvcp71.dll
2010-06-03 13:56 . 2010-06-03 13:56 499712 ----a-w- c:\documents and settings\R\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-39224521-n\jmc.dll
2010-06-03 13:56 . 2010-06-03 13:56 348160 ----a-w- c:\documents and settings\R\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-39224521-n\msvcr71.dll
2010-06-03 13:56 . 2010-06-03 13:56 -------- d-----w- c:\program files\Common Files\Java
2010-06-03 13:56 . 2010-06-03 13:56 61440 ----a-w- c:\documents and settings\R\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-42435639-n\decora-sse.dll
2010-06-03 13:56 . 2010-06-03 13:56 12800 ----a-w- c:\documents and settings\R\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-42435639-n\decora-d3d.dll
2010-06-03 13:56 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-03 13:56 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-06-02 23:07 . 2010-06-17 19:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-06-02 22:10 . 2009-10-13 10:30 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2010-06-01 21:16 . 2010-06-01 21:16 -------- d-----w- c:\windows\system32\LogFiles
2010-05-31 03:15 . 2010-05-31 03:15 503808 ----a-w- c:\documents and settings\R\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-180223a7-n\msvcp71.dll
2010-05-31 03:15 . 2010-05-31 03:15 499712 ----a-w- c:\documents and settings\R\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-180223a7-n\jmc.dll
2010-05-31 03:15 . 2010-05-31 03:15 348160 ----a-w- c:\documents and settings\R\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-180223a7-n\msvcr71.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 16:33 . 2010-04-29 20:36 -------- d-----w- c:\documents and settings\R\Application Data\Skype
2010-06-28 16:00 . 2010-04-30 21:17 -------- d-----w- c:\documents and settings\R\Application Data\skypePM
2010-06-27 19:35 . 2010-03-31 03:09 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-27 09:51 . 2010-03-31 02:55 -------- d-----w- c:\program files\Microsoft Works
2010-06-25 05:39 . 2010-06-25 00:22 128 ----a-w- c:\documents and settings\R\Application Data\wklnhst.dat
2010-06-23 01:29 . 2010-03-31 02:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-03 13:55 . 2010-03-31 02:49 -------- d-----w- c:\program files\Java
2010-06-03 02:59 . 2010-04-29 17:51 161920 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-05-06 10:41 . 2008-04-25 20:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 06:34 . 2008-04-25 20:33 1860352 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 21:17 . 2010-04-30 21:17 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-29 19:01 . 2010-04-29 19:01 -------- d-----r- c:\program files\Skype
2010-04-29 19:01 . 2010-04-29 19:01 -------- d-----w- c:\program files\Common Files\Skype
2010-04-29 19:01 . 2010-04-29 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-29 17:51 . 2010-04-29 17:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-29 17:50 . 2010-04-29 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-29 17:49 . 2010-04-29 17:48 -------- d-----w- c:\program files\Symantec
2010-04-29 17:49 . 2010-04-29 17:49 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-29 17:49 . 2010-04-29 17:49 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-29 17:49 . 2010-04-29 17:49 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-29 17:49 . 2010-04-29 17:49 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-20 05:30 . 2008-04-25 20:33 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-18 20:55 . 2010-04-12 18:32 37936 ----a-w- c:\documents and settings\R\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-18 20:22 . 2010-04-18 20:22 0 ----a-w- c:\windows\nsreg.dat
2010-03-31 07:16 . 2010-03-31 07:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 07:10 . 2010-03-31 07:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-31 04:18 . 2010-03-31 04:18 77824 ----a-w- c:\windows\setpwr32.exe
2010-03-31 02:58 . 2010-03-31 02:58 76 --sh--r- c:\windows\CT4CET.bin
2010-03-31 02:32 . 2008-04-26 01:45 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-17 18782720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2009-09-17 632176]
"WSED"="c:\program files\WSED\WSED.exe" [2009-05-27 247080]
"CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-06-09 320880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 141336]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-09-24 115560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-16 417792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\documents and settings\R\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
RadioLabs Wireless USB Utility.lnk - c:\program files\RadioLabs\RadioLabs Wireless USB Utility\RtWLan.exe [2010-6-22 815104]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\PeerGuardian2\\pg2.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [3/30/2010 7:50 PM 14248]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [6/22/2010 6:29 PM 38144]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [3/30/2010 7:57 PM 143840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/30/2010 1:00 AM 102448]
R3 OAO17Afx;OAO17Afx;c:\windows\system32\drivers\OAO17Afx.sys [3/30/2010 9:19 PM 134144]
R3 RTLWUSB;RadioLabs Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [6/22/2010 6:29 PM 332928]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/3/2010 8:40 AM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/30/2010 9:19 PM 1684736]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [9/24/2009 8:49 AM 23888]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [3/30/2010 9:19 PM 174592]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 1:33 PM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 15:39]

2010-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 15:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyServer = http=
IE: Download all by FlashGet3 - c:\documents and settings\R\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\R\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\documents and settings\R\Application Data\Mozilla\Firefox\Profiles\t0qbasac.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\R\Application Data\Mozilla\Firefox\Profiles\t0qbasac.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\R\Application Data\Mozilla\Firefox\Profiles\t0qbasac.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll
FF - plugin: c:\documents and settings\R\Application Data\Mozilla\Firefox\Profiles\t0qbasac.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS
SafeBoot-Symantec Antvirus
AddRemove-FlashGet 3.5 - c:\program files\FlashGet Network\FlashGet 3\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-28 10:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\R\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-06-28 10:14:42
ComboFix-quarantined-files.txt 2010-06-28 17:14

Pre-Run: 115,621,793,792 bytes free
Post-Run: 115,589,713,920 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 7F7B93573C6BE2E5716FA220D04A9A6F

Edited by moscatomg1, 29 June 2010 - 09:46 AM.

[Macboatmaster]

http://www.geekstogo...Bs-file197.html
See this link please.
I am NOT qualified to advise on the use or interpretation of ComboFix.
What it has done, or what you have done, I would not wish to get involved in.
Providing you are sure that you know what you are doing with ComboFix, it is your computer., but I would not have advised its use, if I had have thought it necessary I would have referred you to someone who is qualified.
Pls go to Event Viewer in Administrative Tools then to Application and WinLogOn and examine the results of the chkdsk.

Edited by Macboatmaster, 29 June 2010 - 03:43 PM.

[moscatomg1]

well after reading your and those other warnings, I'm "scared good now." since it looks like I was lucking enough to find someone to stick w/ this to help me figure things out, i am officially not doing a [bleep] thing until I'm told first. the one good thing, judging from what I read about the combofix warnings, is that I ran the full sys. virus scan Before--and, again, it found nothing--so maybe I got lucky this once. anyway, I ran the check disk thing again, and the results are below. Thank you.


Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 6/29/2010
Time: 4:29:55 PM
User: N/A
Computer: BABYDELL
Description:
Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 6 unused index entries from index $SII of file 0x9.
Cleaning up 6 unused index entries from index $SDH of file 0x9.
Cleaning up 6 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

146008919 KB total disk space.
33708516 KB in 65000 files.
23016 KB in 7197 indexes.
0 KB in bad sectors.
179339 KB in use by the system.
65536 KB occupied by the log file.
112098048 KB available on disk.

4096 bytes in each allocation unit.
36502229 total allocation units on disk.
28024512 allocation units available on disk.

Internal Info:
40 1c 01 00 11 1a 01 00 ba 8d 01 00 00 00 00 00 @...............
94 00 00 00 02 00 00 00 94 01 00 00 00 00 00 00 ................
58 0c a0 05 00 00 00 00 00 16 d6 36 00 00 00 00 X..........6....
7a ff b6 06 00 00 00 00 00 00 00 00 00 00 00 00 z...............
00 00 00 00 00 00 00 00 da 65 17 4e 00 00 00 00 .........e.N....
99 9e 36 00 00 00 00 00 98 38 07 00 e8 fd 00 00 ..6......8......
00 00 00 00 00 90 67 09 08 00 00 00 1d 1c 00 00 ......g.........

Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

[Macboatmaster]

Please insert the XP CD. If it autoruns just exit.
Click Start
Click Run
Type "sfc /scannow"
Without the colons and note space between sfc and /

[moscatomg1]

well I did that--as best I could. b/c this is a dell mini, and it has no cd drive. so I took the disc that came w/ it, put it in a folder on a portable drive, plugged it in, and followed your instructions. it seems to have done something when I typed in that command, but when it finished it gave no other message, etc. any advice?

[Macboatmaster]

sfc /scannow checks and replaces any faulty system files ie: System file checker.
It only provides a message if anything is found and cannot be rectified.
Has it made any difference please to the working of the computer.

Edited by Macboatmaster, 30 June 2010 - 01:41 PM.

[moscatomg1]

no, no difference. and I ran the sfc /scannow a second time, just for good measure. those microsoft programs and their icons are still missing. also, I'm very curious, among the things I listed in my early posts, what do you think could have caused these programs and their icons to go missing??

one more thing, I did find that internet explorer is still on the sys.--I just have to type IEXPLORE.EXE in the Run thing. but I'm having a difficult time finding the other programs like calculator, paint, the standard microsoft games etc. by doing the same thing. . . . do you know the commands to try doing that w/ those? (I found some command suggestions elsewhere online for those programs, but they did not work.)

[Macboatmaster]

Try this please
http://support.micro....com/kb/310353/

Edited by Macboatmaster, 30 June 2010 - 02:32 PM.

[moscatomg1]

ok, I did that, but it made no difference as far as I could tell. also, any ideas about those other questions i had?

[moscatomg1]

ok, I think I found both a possible reason & solution for all of this mess. this guy has some ideas: http://bharathreddyt...-in-windows-xp/. and he refers to this (http://windowsxp.mvp...accessories.htm) as just one of more than a few possible solutions, and it seems a reputable, though independent, site for xp info and fixes. of course, I'd like a second opinion before I run the AccRestore thing, though. what do you think?

[moscatomg1]

well I got curious/impatient, and I tried the easiest method of putting some of those missing programs back on: I just found them in their folder on my other computer and put them in their proper places on this one--w/ shortcuts, too. and they all seem to work fine. Most importantly, i tried another sys. restore, and that works now, too. maybe b/c of the recovery console dl that I had to do earlier w/ combofix. I'm sure that later I'll find some other less obvious files went missing along w/ these, but I don't know how else to check on that for now.