Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Difficulty running laptop


  • Please log in to reply

#1
dowsp

dowsp

    Member

  • Member
  • PipPipPip
  • 542 posts
Hi,

I posted the message below some months ago but I never got a reply, ( I found maybe Id posted it in the wrong section.

Basically I have had someone help me in the past with a very bad virus and they helped me resolve the problem which I was VERY greatful for..

I was told to use an AV prorgamme called Avira and I did use it for a long time and I found it very good.
I was also using a firewall that was recommended so I did tink my computer was safe.

Unfortunately however one day it seemed that the Avira programme stopped working.

I did try to delete it and thought that I had and I tryed to upload a newer updated version..
but unfortunately again, on doing this, it still does not work.

I was often finding my laptop was freezing up or struggling to close pages.
Initially I think it may had been a virtual memory problem , but I had a friend advise me how to make
my VM larger and I hadnt had many messages about VM since, just the odd occasion..

I have tried running several AV and malware programmes including Kapasky,microsoft sec essentials, malwarebytes, spyboy ( which Initially did find several malware that the other programmes missed)trend micro to see if I could find any problems, but I have not found many viruses or spyware overall..

I suspect that I do have some sort of very hard to detect virus or spyware... or keylogger as when I write certain emails to certain persons, I often get the browser hourglass icon appear that stops me writing as normal.
I have to wait until it disappears... but this is only when i reply to certain persons, It doesnt happen every time say if I write a fresh email to someone new.

So I do wonder if I am being monitored somehow.

I wondered if anyone could advise me at all.

Many thanks

Dowsp



--------

Early in 2009 someone (I think it was someone I referred to as Fenz... but the thread is now closed) helped me with a very nasty virus and informed me on some Antivirus and firewall software.

Overall , My laptop has been ok since the last time he helped me.

I am however seeming to have a bit of a problem at the moment.

I recently Compressed my Hard drive/disc to free up some space as my disc had been getting full and I had to keep deleting files/transferring them.. I now have about 3 gb free space.

But the last 2 days my computer seems to be running poorly and often I cannot close my pages. Its usually ok when I just have a few normal pages open. BUT if I say run a video or say watch something live online
it does now seem to lock up and perform very poorly. So I keep having to switch it on and off again.

Sometimes I get a message warning me Ive a virtual memory problem.
but I am not sure what this is.. I used to get a warning low disc space before I compressed my disc... but I dont think virtual memory is the same issue..

As I say it sometimes runs Very Slow at times. I ran one of the Av programs Malwarebytes you gave me which has in the past detected the odd virus that an other that I have didnt. Initially the Free Avira Antivirus seemed to work fine.
BUT for some reason at the moment it doesnt seem to be working.
It updates, BUT wont run when I click on to do a scan.

I was going to delete it and reinstall a newer free version.

BUT I noticed that the Avira file that I have on my laptop is showing a file size of 59 mbs... and the present latest download is only about 42 mbs.... I assume its because over the time I had my initial version that the updates increased the file size.

So I wanted to try and get some advice before I delete my older version
as I thought that he newer version would be the same size file.

Thank you

Pete
  • 0

Advertisements


#2
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi dowsp,

My name is Salagubang and I'll be looking at your problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

+++++++++++++++++++++++++++++++++++++++++++

Posted Image ERUNT - Download here
Removing modern malware infections often requires making changes to the registry, and a corrupt registry can prevent a system from booting. Compatible with Windows NT, 2000, 2003, XP, Vista, 32 & 64-bit versions. To ensure that we have a valid registry backup. Install and run ERUNT (Emergency Recovery Utility NT) which will allows you to store a complete backup of your registry and restore if needed.
  • Download ERUNT
  • Double-click erunt_setup.exe to run.
  • Follow the prompts and install using the default configuration (setup language, install location, shortcuts...).
  • Say No to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later.
    Posted Image
  • Start ERUNT
  • Choose a location for the backup
    The default location C:\WINDOWS\ERDNT\[today's date] is preferred
    Posted Image
  • The first two check boxes are ticked by default (System registry and Current user registry).
  • Press OK
  • When prompted, click YES to create a new folder.
  • Progress bars will show backup status.
  • A confirmation window will popup when complete. Click OK to close.

+++++++++++++++++++++++++++++++++++++++++++

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Standard Output at the top
  • Under the Extra Registry sectionm ensure that Safelist is selected
  • Select All Users
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the
    Quick Scan
    button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

next

GMER Rootkit Scanner
  • Posted Image GMER Rootkit Scanner - Download - Homepage
  • Download GMER
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)

    NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

    Posted Image
    Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.


  • 0

#3
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
Hi Salagubang,

Many thanks for your assistance..

Can I ask...on download OTL.... when I select all users is this the little box at the top that says scan all users.. and THEN WHAT SHOULD I DO NEXT....DO I CLICK RUN SCAN or any other option...

BEFORE I Download Scan.txt... OR later...?

Thank you

Dowsp


---------------------------

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click on Standard Output at the top

Under the Extra Registry sectionm ensure that Safelist is selected

Select All Users

Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • 0

#4
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts

is this the little box at the top that says scan all users


That is correct.

THEN WHAT SHOULD I DO NEXT....DO I CLICK RUN SCAN or any other option...

BEFORE I Download Scan.txt... OR later...?


Download the scan.txt first to yoiur desktop, then follow the instruction.

:D
  • 0

#5
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
Sorry, I re read and mis understood... I THINk that I understand now !..

I have selected the scan txt file into OTL and clciked quick scan... will send the results ASAP.

---------------


On downloading scan txt


netsvcs
drivers32
msconfig
safebootminimal
safebootnetwork
activex
  • 0

#6
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
I noticed as I started the quick scan...and when it was running that ....select All Users in Extra diretory is now indicating NONE and NOT Select ALL Users.... HOPE this is what is surposed to happen..

Before I downloaded scan.txt I HAD selected SELECT ALL USERS..

I have done the scan and will post them next...


-----------

Under the Extra Registry sectionm ensure that Safelist is selected

Select All Users



Double click inside the Custom Scan box at the bottom

A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"

Click the Ok button and navigate to the file scan.txt which we just saved to your desktop

Select scan.txt and click Open. Writing will now appear under the Custom Scan box

Click the
Quick Scan
  • 0

#7
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
WOW !....

I just looked at the txt files and I am AMAZED at what information it is showing...and theres a LOT of It...

I am not too sure if I would like to post this on an open forum.

Is there any way that I could send them by private message
  • 0

#8
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
IF I do post the file content on this thread, IS it Visable to the Public... OR is this part
of geektogo only between me and you ?
  • 0

#9
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
It would be visible.

You can attached the text file.
  • 0

#10
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
IF I attach a file when I reply on this thread, I assume ANYONE could still download and read it.

CAN I ATTACH and send it Privately through your private message ?
  • 0

Advertisements


#11
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
:D

Send it though PM then. Do monitor this topic as I will be replying here.
  • 0

#12
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
I was just about to try and do so, BUT when I click on your PM... for some reason it wont open.

IT MAY be that MY OUT BOX usage is used UP ..and I didnt really want to delete any posts..

I MAY have to resend back on this thread and cover up a few details I would like to hide..

Appologies for any delay.
  • 0

#13
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
OTL Extras logfile created on: 02/04/2011 05:17:46 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\P\Desktop\OTL
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000| Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

510.00 Mb Total Physical Memory | 111.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.43 Gb Total Space | 1.54 Gb Free Space | 4.47% Space Free | Partition Type: NTFS

Computer Name: DGR76K1J | User Name: P | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-4027630464-2353770844-1092200819-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\COFFEE~1\coffee.exe" "%1" (CoffeeCup Software)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Tesco internet phone\TescoIP.exe" = C:\Program Files\Tesco internet phone\TescoIP.exe:*:Enabled:Tesco internet phone -- ()
"C:\Documents and Settings\P\Desktop\utorrent.exe" = C:\Documents and Settings\P\Desktop\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{2C351DB8-E088-41A2-9BF0-113727FBB697}" = Intel® PROSet
"{2CB511DF-AD50-4087-8934-8ACE54DE4FC1}" = BT Openworld Dell Signup
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{5339885F-4597-4343-BD3B-74280CC79424}" = ArcSoft VideoImpression 2
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{77312684-D3DF-4E00-A583-813FF9FFB4FB}" = G15A922EN
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AFF8387B-A958-48F8-9E1C-2E9485A1985A}" = Retrospect 7.0
"{B6CD9865-DE3D-4F97-8D78-525CA990E8F3}" = Lead Evolution 2.3 Elite
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC90EAE9-0E03-44A1-BF36-0B670B8B8E19}" = CoffeeCup Direct FTP
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AdobeESD" = Adobe Download Manager 2.2 (Remove Only)
"America Online uk" = AOL UK (Choose which version to remove)
"Any Video Converter_is1" = Any Video Converter 2.7.0
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach uk" = AOL Coach Version 1.0(Build:20040201.2 uk)
"Audacity_is1" = Audacity 1.2.6
"AutoGK" = Auto Gordian Knot 2.45
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem
"CoffeeCup HTML Editor 2006" = CoffeeCup HTML Editor 2006
"CoverFactory 2.10_is1" = CoverFactory 2.10
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"DellSupport" = Dell Support 5.0.0 (630)
"DT4" = Dynamic Traders Group, Inc. DT4 .69
"eBook Maestro FREE_is1" = eBook Maestro FREE 1.80
"EbooksReader_f_e.exe" = Visual Vision EbooksReader_f_e
"eCover Engineer v3.02 FREE ecovers pack_is1" = eCover Engineer v3.02 ecovers pack
"eCover Engineer_is1" = eCover Engineer v3.02
"ERUNT_is1" = ERUNT 1.1j
"EsetOnlineScanner" = ESET Online Scanner
"FileZilla Client" = FileZilla Client 3.3.4.1
"Flock (2.0.3)" = Flock (2.0.3)
"Gannalyst Professional 5.0_is1" = Gannalyst Professional 5.0
"getPlus®_ocx" = getPlus®_ocx
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (1.5)" = Mozilla Thunderbird (1.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NASA World Wind 1.3" = NASA World Wind 1.3
"Nvu_is1" = Nvu 1.0
"Office8.0" = Microsoft Office 97, Professional Edition
"PC Tools Firewall Plus" = PC Tools Firewall Plus 5.0
"PDF Power Brand_is1" = PDF Power Brand
"Police Letters_is1" = Police Letters
"PROSet" = Intel® PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"Scott's Box Shot Maker" = Scott's Box Shot Maker
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"Tesco internet phone_is1" = Tesco internet phone
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"ViewpointMediaPlayer" = Viewpoint Media Player
"VisualVision_EbooksWriterLITE_e.exe" = Visual Vision EbooksWriterLITE_e
"VobSub" = VobSub v2.23 (Remove Only)
"Web_Edit_1.0" = 123 WysiWyg HTML Editor 2.17
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4027630464-2353770844-1092200819-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Audio/Video Conference" = Audio/Video Conference 4.1+
"blinkx beat" = blinkx beat
"GoToMeeting" = GoToMeeting 4.5.0.458
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/03/2011 08:19:23 | Computer Name = DGR76K1J | Source = Application Error | ID = 1000
Description = Faulting application zcfgsvc.exe, version 4.1.0.53, faulting module
zcfgsvc.exe, version 4.1.0.53, fault address 0x0001322b.

Error - 30/03/2011 12:03:43 | Computer Name = DGR76K1J | Source = Application Error | ID = 1000
Description = Faulting application zcfgsvc.exe, version 4.1.0.53, faulting module
zcfgsvc.exe, version 4.1.0.53, fault address 0x0001322b.

Error - 30/03/2011 16:34:41 | Computer Name = DGR76K1J | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4095, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x0000100b.

Error - 30/03/2011 16:38:57 | Computer Name = DGR76K1J | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4095, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 30/03/2011 19:12:02 | Computer Name = DGR76K1J | Source = Application Error | ID = 1000
Description = Faulting application zcfgsvc.exe, version 4.1.0.53, faulting module
zcfgsvc.exe, version 4.1.0.53, fault address 0x0001322b.

Error - 30/03/2011 20:32:37 | Computer Name = DGR76K1J | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 30/03/2011 20:32:40 | Computer Name = DGR76K1J | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 31/03/2011 05:47:47 | Computer Name = DGR76K1J | Source = Application Error | ID = 1000
Description = Faulting application zcfgsvc.exe, version 4.1.0.53, faulting module
zcfgsvc.exe, version 4.1.0.53, fault address 0x0001322b.

Error - 31/03/2011 11:37:36 | Computer Name = DGR76K1J | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x62f55d10.

Error - 01/04/2011 09:00:34 | Computer Name = DGR76K1J | Source = Application Error | ID = 1000
Description = Faulting application zcfgsvc.exe, version 4.1.0.53, faulting module
zcfgsvc.exe, version 4.1.0.53, fault address 0x0001322b.

[ System Events ]
Error - 30/03/2011 19:10:50 | Computer Name = DGR76K1J | Source = DCOM | ID = 10010
Description = The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register
with DCOM within the required timeout.

Error - 30/03/2011 19:11:20 | Computer Name = DGR76K1J | Source = DCOM | ID = 10010
Description = The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register
with DCOM within the required timeout.

Error - 31/03/2011 05:46:41 | Computer Name = DGR76K1J | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%2

Error - 31/03/2011 05:46:41 | Computer Name = DGR76K1J | Source = Service Control Manager | ID = 7000
Description = The KService service failed to start due to the following error: %%3

Error - 31/03/2011 05:46:56 | Computer Name = DGR76K1J | Source = DCOM | ID = 10010
Description = The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register
with DCOM within the required timeout.

Error - 31/03/2011 05:47:26 | Computer Name = DGR76K1J | Source = DCOM | ID = 10010
Description = The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register
with DCOM within the required timeout.

Error - 01/04/2011 08:58:45 | Computer Name = DGR76K1J | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%2

Error - 01/04/2011 08:58:45 | Computer Name = DGR76K1J | Source = Service Control Manager | ID = 7000
Description = The KService service failed to start due to the following error: %%3

Error - 01/04/2011 08:58:58 | Computer Name = DGR76K1J | Source = DCOM | ID = 10010
Description = The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register
with DCOM within the required timeout.

Error - 01/04/2011 08:59:28 | Computer Name = DGR76K1J | Source = DCOM | ID = 10010
Description = The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register
with DCOM within the required timeout.


< End of report >
  • 0

#14
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
Sorry, posted wrong file,

I have sent new one.


I was running GMAR... BUT it stopped and said it had a problem.

I will have to rerun it..

I am NOT sure how long it will take.

IF IT doest finish in next 30 minutes, I may have to rerun it later today..

say in the next 12 hours..

Edited by dowsp, 01 April 2011 - 12:18 AM.

  • 0

#15
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
I believe you have posted the extras.txt twice. :D

Please post the OTL.txt on your next reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP