Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Difficulty running laptop

Started by dowsp , Mar 12 2011 06:41 PM

  • Please log in to reply

#46
dowsp
Posted 03 April 2011 - 11:25 AM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
Most of the options that you say to check on dial a fix ...
theres one box for each that selects other box options below each.

BUT for one... REGISTRATION... there are numerous options.

Should I select all of them.


What should happen once this has been done ?

Cheers..

----------------


Download Dial-a-fix
Unzip the program and run it.
Put a check under the following:

MSI

WU/WUAU

SSL/HTTPS/CryptSvc

Registration center
  • 0

Advertisements

#47
dowsp
Posted 03 April 2011 - 01:44 PM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
Hi,

I ran dialfix and I decided to select all the options.

Unfortunately it seems to have made using my computer even more
difficult at the moment..

my mouse is reversable, ie i can set right or left side to scroll and operate
..i did have a problem with the left..so i swapped to right side to use as scroll
etc.. now when i put my mouse on anything... a list shows and i have to select each option

instead of being able to just select and scroll..

so something has upset the settings..

i wonder if you can advise..

i dont think the computer is running any better as yet..

i cant complete the other things until i have sorted the scroll capture.
  • 0

#48
dowsp
Posted 03 April 2011 - 02:03 PM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
I dont know what happened but all of a sudden, the computer seems to
be running ok again...

I had tried and ran some other unticked options on dialafix..

but initially it did not alter anything..

Now it seems much better..

I will try and send combofix later
  • 0

#49
dowsp
Posted 03 April 2011 - 02:40 PM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
I tried to run a existing copy of combofix on my computer..

But I got a message saying that its corrupted..

SO I tried to download a new copy and placed it in a new seperate folder on desk top.

I then tried to run it...but..it wont work....I still get a message saying
it is corupt even though its a new upload..

I assume that I need to delete the old version.. But I am unsure how ?

I cannot find it in control panel ..remove programs.. or All programs..

Can you advise How I can delete it ?

Thank you

Dowsp
  • 0

#50
dowsp
Posted 03 April 2011 - 03:40 PM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
Hi,

I tried to do a search for the combofix files to see if i could delete
them.. on doing so I came accross a Dr Web folder..

Inside it was several combofix files that have been quarantined.

When I ran that ESET programme yesterday... IS this also known as Dr web ?

IF NOT... I do not know how It has got on my computer as I dont ever recal
using any program called Dr Web, Unless its built in Win XP or my system.

The computer is still running unusually... when I turned it on again..

sometimes the mouse is working on one side and later the next..to scroll
or select options or close webpages etc...

it seems a bit weird !...


Until I can delete the combofix files , upload a new version...then re check with AV.. I dont think that It will be Ok..
  • 0

#51
Salagubang
Posted 03 April 2011 - 04:35 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi dowsp,

Sorry for the delay.

Combofix is a stand alone program and will not appear in the add/remove programs. You can download a fresh copy here.

When I ran that ESET programme yesterday... IS this also known as Dr web ?

\\

No they're different.

I don't know why your mouse is reacting that way, my plan of action is to remove any existing nasties first then maintenance next.

Tell me if you're still having trouble running combofix using a fresh download.

:D
  • 0

#52
dowsp
Posted 03 April 2011 - 05:14 PM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
Hi Salagubang,

Thank you for getting back ..

For some reason.. Combofix will not allow me to upload a new version..
I suspect that I could do with deleting the other copies if it is possible.

Would you be able to advise How to do this if it is possible ?


It seems a mystery then as to why I have Dr Web on my system..
and that has some of the previous Combofix files in quarantine.

I may be able to take a screen shot later if you need to
see what I mean.

With regards to the mouse.. what I THINK is causing the problem is.. it may have
some dirt under the buttons.. and I have found if I click on one edge of it, that this
makes it work or not... At the moment.. the Left hand side can seclect options, such a
delete, select all...restore, minimise , close etc..


I am now able to scroll ok again at the moment..
  • 0

#53
Salagubang
Posted 03 April 2011 - 05:20 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts

It seems a mystery then as to why I have Dr Web on my system..
and that has some of the previous Combofix files in quarantine.


Files on quarantine won't do any damage so its all good.

How is the computer running?

Well run OTL again for review.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Select All Users
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the
    Quick Scan
    button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#54
dowsp
Posted 03 April 2011 - 05:39 PM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
Computer seems to be running better, But I still get the impression that there may be a keylog problem and when I write, the curser seems to flicker a bit unsual...also I am finding as I write when that sometimes the screen moves down...and I loose my place where I
I am writing...



IS IT NOT POSSIBLE to DELETE COMBOFIX ?
I still have one or two copies also in folders that
I placed on my desk top...

I can probably delete the icons but im not sure it will remove
the program from my computer to allow me to upload a new version.

Is OTL similar to Combofix ?
  • 0

#55
Salagubang
Posted 03 April 2011 - 05:52 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi dowsp,

To Remove ComboFix
  • Click the Start button
  • Click Run...
  • Type Combofix /Uninstall in the run dialog box and click OK
Posted Image
  • 0

Advertisements

#56
dowsp
Posted 03 April 2011 - 06:26 PM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
Thanks for answering that Salagubang,

Would that delete more than one copy at a time, or would I need to
write it in for each download ?

Also would It be combofix.exe/uninstall

I just wondered if it had to be very specific.

I did just try it... and it seems to have attempted to open it.

and as It did so it has come up with the same message again
saying that it wont work and i need to upload a new copy.

if I press escape the message and image of combofix disappears
  • 0

#57
dowsp
Posted 03 April 2011 - 07:24 PM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
I ran OTL.... but it only created 1 txt file...
it didnt produce the extra.txt for some reason.

Maybe I need to run it again.

Thank you

=========================

OTL logfile created on: 05/04/2011 01:48:00 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\P\Desktop\OTL
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

510.00 Mb Total Physical Memory | 225.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.43 Gb Total Space | 4.96 Gb Free Space | 14.42% Space Free | Partition Type: NTFS

Computer Name: DGR76K1J | User Name: P | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\P\Desktop\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
PRC - C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Tesco internet phone\TescoIP.exe ()
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe (EMC Dantz)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\WINDOWS\SYSTEM32\S24EvMon.exe (Intel Corporation )
PRC - C:\WINDOWS\SYSTEM32\RegSrvc.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\P\Desktop\OTL\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\ThreatFire\TFWAH.dll (PC Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (KService) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (ThreatFire) -- C:\Program Files\ThreatFire\TFService.exe (PC Tools)
SRV - (StumbleUponUpdateService) -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe (stumbleupon.com)
SRV - (PCToolsFirewallPlus) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (RetroLauncher) -- C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe (EMC Dantz)
SRV - (dlbt_device) -- C:\WINDOWS\System32\dlbtcoms.exe (Dell)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (S24EventMonitor) -- C:\WINDOWS\SYSTEM32\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) -- C:\WINDOWS\SYSTEM32\RegSrvc.exe (Intel Corporation)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)


========== Driver Services (SafeList) ==========

DRV - (MpKsl04b021c0) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{77E3D941-0F89-458F-97E8-DBC6AA07C9E4}\MpKsl04b021c0.sys (Microsoft Corporation)
DRV - (TfSysMon) -- C:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\WINDOWS\SYSTEM32\DRIVERS\TfNetMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (pctplfw) -- C:\WINDOWS\SYSTEM32\DRIVERS\pctplfw.sys (PC Tools)
DRV - (PCTAppEvent) -- C:\WINDOWS\SYSTEM32\DRIVERS\PCTAppEvent.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys (PC Tools)
DRV - (SFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\pctfw.sys (PC Tools)
DRV - (is-0GOKVdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\30229470.sys (Kaspersky Lab)
DRV - (Afc) -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys (Arcsoft, Inc.)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (ApfiltrService) -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys (SigmaTel, Inc.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Inc)
DRV - (w70n51) Intel® -- C:\WINDOWS\SYSTEM32\DRIVERS\w70n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\SYSTEM32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\SYSTEM32\DRIVERS\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\WINDOWS\SYSTEM32\DRIVERS\alcaudsl.sys (THOMSON)
DRV - (HSFHWICH) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.group...hoo.com/group//
IE - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://finance.group...oo.com/group//"
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.29
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.9
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6
FF - prefs.js..extensions.enabledItems: {b01bf10c-302a-11da-b67b-000d60ca027b}:2.0.3

FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Components: C:\Program Files\Flock\components [2009/02/19 04:25:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Plugins: C:\Program Files\Flock\plugins [2009/02/19 04:24:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 01:06:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/29 01:06:52 | 000,000,000 | ---D | M]

[2009/02/19 04:25:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\P\Application Data\Mozilla\Extensions
[2009/02/19 04:25:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Plication Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2011/03/30 21:50:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\ejftmv6o.default\extensions
[2011/02/10 01:07:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\P\Application Data\Mozilla\Firefox\Profiles\ejftmv6o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/10 01:07:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\P\Application Data\Mozilla\Firefox\Profiles\ejftmv6o.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/30 21:50:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/13 20:39:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/03/25 17:26:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/02/19 13:57:30 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\DOCUMENTS AND SETTINGS\P\APPLICATION DATA\FLOCK\BROWSER\PROFILES\2YE63TKW.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}
[2009/02/19 14:00:24 | 000,000,000 | ---D | M] (Web Developer) -- C:\DOCUMENTS AND SETTINGS\P\APPLICATION DATA\FLOCK\BROWSER\PROFILES\2YE63TKW.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}
[2009/02/19 13:55:35 | 000,000,000 | ---D | M] ("SearchStatus") -- C:\DOCUMENTS AND SETTINGS\P\APPLICATION DATA\FLOCK\BROWSER\PROFILES\2YE63TKW.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}
[2009/02/19 13:51:44 | 000,000,000 | ---D | M] ("SEO For Firefox") -- C:\DOCUMENTS AND SETTINGS\P\APPLICATION DATA\FLOCK\BROWSER\PROFILES\2YE63TKW.DEFAULT\EXTENSIONS\[email protected]
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/02 23:38:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006..\Run: [Tesco internet phone] C:\Program Files\Tesco internet phone\TescoIP.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\P\Start Menu\Programs\Startup\is-0GOKV.lnk = C:\Documents and Settings\Pe\Desktop\Virus Removal Tool2\is-0GOKV\startup.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.t...all/xscan60.cab (HouseCall Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/US...nfo/webscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\system32\LgNotify.dll - C:\WINDOWS\SYSTEM32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\DELL.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\DELL.BMP
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\IAC25_32.AX (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\ICCVID.DLL (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\IR41_32.AX (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\IR50_32.DLL (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe - (America Online, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (BVRP Software)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 7.lnk - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe - (TechSmith Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Pe^Start Menu^Programs^Startup^Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE - ()
MsConfig - StartUpFolder: C:^Documents and Settings^P^Start Menu^Programs^Startup^Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE - ()
MsConfig - StartUpReg: AOL Spyware Protection - hkey= - key= - C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe (AOL Spyware Protection)
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: Dell Photo AIO Printer 922 - hkey= - key= - C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ()
MsConfig - StartUpReg: Dell QuickSet - hkey= - key= - C:\Program Files\Dell\QuickSet\quickset.exe ()
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: dla - hkey= - key= - File not found
MsConfig - StartUpReg: DVDLauncher - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NapsterShell - hkey= - key= - C:\Program Files\Napster\napster.exe (Napster)
MsConfig - StartUpReg: PRONoMgr.exe - hkey= - key= - C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SpeedTouch USB Diagnostics - hkey= - key= - C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: UpdateManager - hkey= - key= - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 1

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

========== Files/Folders - Created Within 30 Days ==========

[2011/04/05 01:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe\Desktop\scantxt2
[2011/04/05 01:22:40 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/04/04 21:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe\Desktop\cfix
[2011/04/04 21:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\Desktop\New Folder
[2011/04/04 18:04:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/04/04 17:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe\Desktop\Dial a fix
[2011/04/04 00:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/02 23:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe\My Documents\comb fix
[2011/04/02 23:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\Desktop\CB fix
[2011/04/02 23:46:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/02 23:22:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/02 23:22:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/02 23:22:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/02 23:22:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/02 23:22:22 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/04/02 09:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\Desktop\ComboFix
[2011/04/02 07:55:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/02 06:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe\Desktop\GMER
[2011/04/02 05:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe\Desktop\Scan txt
[2011/04/02 04:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\Desktop\OTL
[2011/04/02 04:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/04/02 04:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/02 04:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe\Desktop\Erunt
[2011/03/26 18:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe\My Documents\Mar24th11
[2011/03/26 16:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\My Documents\Downloads
[2011/03/26 03:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe\My Documents\The Traffic Thief
[2011/03/25 17:26:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/25 17:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/03/14 01:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/03/13 02:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe\My Documents\House and probate
[2011/03/13 01:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\My Documents\Bet hepatic
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/05 01:14:01 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/04/05 01:02:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/04 23:55:50 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/04 23:44:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/04 23:42:53 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/04 23:42:43 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/04 23:42:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/04/04 23:42:29 | 535,064,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/04 23:22:02 | 016,123,604 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/04/04 23:22:00 | 1377,429,536 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/04/04 20:30:57 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/04/04 20:30:57 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/04/04 05:41:42 | 034,578,376 | ---- | M] () -- C:\Documents and Settings\P\My Documents\PJKbook.pdf
[2011/04/03 15:04:51 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Pe\g2mdlhlpx.exe1:47:27 | 000,027,867 | ---- | M] () -- C:\Documents and Settings\\My Documents\Wage UN ... .GIF
[2011/04/02 23:38:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/04/02 09:16:38 | 000,104,783 | ---- | M] () -- C:\Documents and Settings\Pe\My Documents\CF msg.GIF
[2011/04/02 07:08:35 | 000,060,339 | ---- | M] () -- C:\Documents and Settings\Pe\My Documents\OTL alt.rtf
[2011/04/02 04:43:33 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\\Desktop\NTREGOPT.lnk
[2011/04/02 04:43:33 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\\Desktop\ERUNT.lnk
[2011/03/28 06:25:15 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Pe\My Documents\nanacontinuity.bmp
[2011/03/28 01:53:32 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/03/28 01:53:31 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/03/27 07:28:39 | 000,105,214 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Porter Stansbery.rtf
[2011/03/27 06:34:35 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Pe\My Documents\Gov debt chart.bmp
[2011/03/27 05:02:57 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Pe\My Documents\Products that sell on webinars.bmp
[2011/03/27 04:11:44 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Pe\My Documents\Local business Webinar.bmp
[2011/03/27 04:05:28 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Joel Peterson.bmp
[2011/03/26 22:49:32 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Pe\My Documents\Grand canyon ....bmp
[2011/03/14 01:20:17 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/03/11 19:23:44 | 000,000,673 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/04 05:40:57 | 034,578,376 | ---- | C] () -- C:\Documents and Settings\Pe\My Documents\PJKbook.pdf
[2011/04/03 15:04:49 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\P\g2mdlhlpx.exe
[2011/04/03 01:43:18 | 000,027,867 | ---- | C] () -- C:\Documents and Settings\Ple\My Documents\WPmage UN ... Dowspx...PW...snooker147.GIF
[2011/04/02 23:55:12 | 535,064,576 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/02 23:22:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/02 23:22:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/02 23:22:34 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/02 23:22:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/02 23:22:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/02 09:16:34 | 000,104,783 | ---- | C] () -- C:\Documents and Settings\P\My Documents\CF msg.GIF
[2011/04/02 07:08:34 | 000,060,339 | ---- | C] () -- C:\Documents and Settings\Pe\My Documents\OTL alt.rtf
[2011/04/02 04:43:33 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Ple\Desktop\NTREGOPT.lnk
[2011/04/02 04:43:32 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Pesktop\ERUNT.lnk
[2011/03/28 06:24:13 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Pe\My Documents\nanacontinuity.bmp
[2011/03/27 07:28:38 | 000,105,214 | ---- | C] () -- C:\Documents and Settings\Pe\My Documents\Porter Stansbery.rtf
[2011/03/27 06:26:44 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\PMy Documents\Gov debt chart.bmp
[2011/03/27 04:23:08 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Pe\My Documents\Products that sell on webinars.bmp
[2011/03/27 04:10:51 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Local business Webinar.bmp
[2011/03/27 03:46:50 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Joel Peterson.bmp
[2011/03/26 22:44:37 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Grand canyon ....bmp
[2011/03/14 01:23:39 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/03/14 01:20:17 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2010/08/08 13:05:27 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Pe\Local Settings\Application Data\housecall.guid.cache
[2010/08/08 12:55:51 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\uti2mzq1.sys
[2010/07/10 20:23:22 | 000,092,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/27 12:31:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/08 23:47:58 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/12 19:36:00 | 000,007,856 | ---- | C] () -- C:\WINDOWS\extend.dat
[2009/03/28 07:09:50 | 1377,429,536 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/03/25 05:55:59 | 001,075,840 | ---- | C] () -- C:\Program Files\Google Updater.exe
[2009/02/02 10:22:22 | 000,043,698 | ---- | C] () -- C:\WINDOWS\System32\xvid-uninstall.exe
[2008/08/22 18:48:22 | 000,104,416 | ---- | C] () -- C:\Documents and Settings\PLocal Settings\Application Data\Open Source Software Bundle Installer2.exe
[2008/02/11 10:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 10:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 14:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008/02/05 09:48:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerUninstaller.exe
[2007/07/27 15:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 15:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/07/25 14:24:28 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/03/10 12:51:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/24 17:18:12 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/05/11 01:22:03 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\P\Local Settings\Application Data\fusioncache.dat
[2006/05/01 00:31:53 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2006/05/01 00:31:52 | 000,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/15 00:48:37 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/02/20 00:10:31 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/02/13 14:12:27 | 000,003,480 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/02/07 09:23:25 | 001,489,920 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2005/12/05 20:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 13:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/10/27 03:22:51 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/10/27 03:22:16 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/10/14 05:19:37 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/09/12 06:17:19 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\Pe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/09 23:13:59 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/08/09 23:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/05/14 04:55:10 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\P\Application Data\dm.ini
[2005/05/03 11:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 11:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/04/25 13:59:02 | 000,000,673 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/04/25 13:57:22 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2005/04/25 13:57:21 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2005/04/25 11:57:10 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dlbtih.exe
[2005/04/25 11:57:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2005/04/25 11:57:09 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2005/04/25 11:57:09 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2005/04/25 11:57:05 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2005/04/25 11:57:00 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2005/04/17 13:52:47 | 000,000,153 | ---- | C] () -- C:\WINDOWS\aebmark.ini
[2005/04/17 13:08:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\AEBFONT.INI
[2005/04/10 18:54:30 | 000,000,015 | ---- | C] () -- C:\WINDOWS\cfwin.ini
[2005/04/10 18:54:27 | 000,000,098 | ---- | C] () -- C:\WINDOWS\cfwinlib.ini
[2005/04/10 17:28:10 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2005/04/04 09:40:17 | 000,000,014 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2005/03/27 15:01:37 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\P\Application Data\QSPMShare
[2005/03/19 03:14:29 | 000,059,904 | ---- | C] () -- C:\WINDOWS\ShareBarData.dll
[2005/03/16 02:18:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/16 02:16:23 | 000,000,173 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/16 02:10:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/03/16 01:56:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/03/16 01:54:58 | 000,443,034 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/03/16 01:54:58 | 000,072,134 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/03/16 01:22:06 | 000,000,366 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/03/03 16:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2004/10/15 19:56:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/10/01 17:33:46 | 000,000,680 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:08:08 | 000,143,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:03:52 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:02:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 11:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/10 11:08:26 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/04 06:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 17:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/04/20 12:08:08 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\DLBTPLC.INI
[2004/01/09 11:10:48 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/09/10 03:17:24 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/09/10 03:17:24 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1996/11/17 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1980/01/01 01:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2008/05/26 17:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2006/02/19 03:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2005/04/24 13:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2009/03/26 22:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2005/11/27 00:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/04/04 23:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/03/16 02:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/02/02 08:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PApplication Data\Any Video Converter
[2006/12/28 22:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ple\Application Data\CoffeeCup Software
[2010/09/28 21:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pplication Data\FileZilla
[2009/02/19 04:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\Flock
[2008/04/26 04:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ple\Application Data\HouseCall 6.6[2009/03/19 07:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\e\Application Data\KompoZer
[2005/12/09 22:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\Leadertech
[2006/05/11 01:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\NASA
[2008/06/18 03:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pication Data\Nvu
[2008/08/22 18:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ple\Application Data\OSI
[2009/03/31 08:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PCToolsFirewallPlus[2009/03/12 06:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\StumbleUpon
[2005/03/27 15:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\e\Application Data\Template
[2005/05/29 21:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pe\Application Data\Tesco
[2006/02/13 14:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pepplication Data\Thunderbird
[2009/09/23 03:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PApplication Data\uTorrent
[2008/05/31 19:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pplication Data\Viewpoint
[2011/04/05 01:14:01 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2011/04/04 23:55:50 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29

< End of report >
  • 0

#58
Salagubang
Posted 03 April 2011 - 07:25 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Combofix /Uninstall (with space in between x and /. Don't worry about deleting the rest of Combofix as I will take care of it before the end. For now we need to move to fixing that seemingly slow machine.

:D
  • 0

#59
Salagubang
Posted 03 April 2011 - 07:34 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi dowsp,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
[2011/04/02 23:22:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/02 23:22:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/02 23:22:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/02 23:22:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/02 23:22:22 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/04/02 09:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\Desktop\ComboFix
[2011/04/02 07:55:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/02 23:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe\My Documents\comb fix
[2011/04/02 23:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\Desktop\CB fix
[2011/04/05 01:22:40 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/04/04 21:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pe\Desktop\cfix
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)



:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Next

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#60
dowsp
Posted 03 April 2011 - 09:03 PM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
Hi Salagubang,

Wow !...

I ran that programme and it has deleted a lot of temp files etc..
Id estimate 3 gb..

It has got rid of most of the combofix files, but one still remains.

I still seem to have a slight issue with curser when I write..

But so far the computer seems better..

I will post the log later..

I will also run the spyware program..

cheers..
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP