Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Difficulty running laptop

Started by dowsp , Mar 12 2011 06:41 PM

  • Please log in to reply

#121
dowsp
Posted 19 May 2011 - 05:31 PM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
Hi Sal,

Sorry for the delay..

heres the OTL scan...

It only produced one txt file.

Hope its Ok

Dowsp

===============================

OTL logfile created on: 20/05/2011 23:37:52 - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\P\Desktop\OTL\otl 3
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

510.00 Mb Total Physical Memory | 242.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.43 Gb Total Space | 0.82 Gb Free Space | 2.38% Space Free | Partition Type: NTFS

Computer Name: DGR76K1J | User Name: Peter Nightingale | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/20 23:30:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\P\Desktop\OTL\otl 3\OTL.exe
PRC - [2011/05/17 18:55:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/05/17 18:54:58 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/17 18:54:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/05/01 05:48:25 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/12/11 16:58:44 | 000,146,800 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/16 23:15:10 | 000,071,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
PRC - [2005/06/10 18:56:54 | 000,073,728 | ---- | M] (EMC Dantz) -- C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
PRC - [2004/02/25 11:55:34 | 001,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/01/09 11:11:36 | 000,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\SYSTEM32\S24EvMon.exe
PRC - [2004/01/09 11:10:00 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\RegSrvc.exe


========== Modules (SafeList) ==========

MOD - [2011/05/20 23:30:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peter Nightingale\Desktop\OTL\otl 3\OTL.exe
MOD - [2010/04/06 04:52:46 | 002,462,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WMVCore.dll
MOD - [2009/08/13 14:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2007/10/27 17:40:30 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wmasf.dll
MOD - [2006/10/18 21:47:18 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\PortableDeviceApi.dll
MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 06:00:00 | 000,994,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MSGINA.DLL
MOD - [2004/08/04 06:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\ODBC32.DLL
MOD - [2004/08/04 06:00:00 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\NETUI1.DLL
MOD - [2004/08/04 06:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\ODBCINT.DLL
MOD - [2004/08/04 06:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\NETUI0.DLL
MOD - [2004/08/04 06:00:00 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SHGINA.DLL
MOD - [2004/08/04 06:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\STI.DLL
MOD - [2004/08/04 06:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WINSTA.DLL
MOD - [2004/08/04 06:00:00 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\NTLANMAN.DLL
MOD - [2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DAVCLNT.DLL
MOD - [2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRPROV.DLL
MOD - [2004/08/04 06:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\NETRAP.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (KService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/17 18:55:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/05/17 18:54:58 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/12/18 23:05:24 | 000,120,168 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2008/12/11 16:58:44 | 000,146,800 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2005/06/10 18:56:54 | 000,073,728 | ---- | M] (EMC Dantz) [Auto | Running] -- C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe -- (RetroLauncher)
SRV - [2004/10/25 22:01:52 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2004/02/25 11:55:34 | 001,123,440 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/01/09 11:11:36 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\SYSTEM32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/01/09 11:10:00 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/04/29 15:29:54 | 000,139,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/05/20 15:03:55 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{52AA0035-FC67-418D-88FF-076997B35EE9}\MpKslfe4e9502.sys -- (MpKslfe4e9502)
DRV - [2011/05/17 18:55:07 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2011/05/17 18:55:07 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2009/01/21 10:38:32 | 000,095,640 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctplfw.sys -- (pctplfw)
DRV - [2008/12/18 12:16:56 | 000,073,840 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2008/12/11 08:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys -- (pctgntdi)
DRV - [2008/09/22 12:29:18 | 000,097,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctfw.sys -- (SFilter)
DRV - [2008/07/08 14:54:02 | 000,148,496 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\30229470.sys -- (is-0GOKVdrv)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2005/09/07 14:32:58 | 000,024,960 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/09/07 14:29:44 | 000,044,288 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/03/16 02:07:47 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/11/16 11:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/15 16:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/06/30 11:39:36 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/02/13 11:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2004/01/13 03:41:46 | 002,482,176 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\w70n51.sys -- (w70n51) Intel®
DRV - [2004/01/09 10:49:52 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\s24trans.sys -- (s24trans)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcaudsl.sys -- (alcaudsl)
DRV - [2003/11/13 19:21:16 | 000,197,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/11/13 19:18:36 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/13 19:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.group...hoo.com/group//
IE - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://finance.group...oo.com/group//"
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.29
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.9
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6
FF - prefs.js..extensions.enabledItems: {b01bf10c-302a-11da-b67b-000d60ca027b}:2.0.3

FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Components: C:\Program Files\Flock\components [2009/02/19 04:25:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Plugins: C:\Program Files\Flock\plugins [2009/02/19 04:24:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 15:41:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 15:41:10 | 000,000,000 | ---D | M]

[2009/02/19 04:25:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\P\Application Data\Mozilla\Extensions
[2009/02/19 04:25:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\P\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2011/05/20 15:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\P\Application Data\Mozilla\Firefox\Profiles\ejftmv6o.default\extensions
[2011/02/10 01:07:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\P\Application Data\Mozilla\Firefox\Profiles\ejftmv6o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/10 01:07:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\P\Application Data\Mozilla\Firefox\Profiles\ejftmv6o.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/20 15:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/13 20:39:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/08 03:24:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/02/19 13:57:30 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\DOCUMENTS AND SETTINGS\P\APPLICATION DATA\FLOCK\BROWSER\PROFILES\2YE63TKW.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}
[2009/02/19 14:00:24 | 000,000,000 | ---D | M] (Web Developer) -- C:\DOCUMENTS AND SETTINGS\P\APPLICATION DATA\FLOCK\BROWSER\PROFILES\2YE63TKW.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}
[2009/02/19 13:55:35 | 000,000,000 | ---D | M] ("SearchStatus") -- C:\DOCUMENTS AND SETTINGS\P\APPLICATION DATA\FLOCK\BROWSER\PROFILES\2YE63TKW.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}
[2009/02/19 13:51:44 | 000,000,000 | ---D | M] ("SEO For Firefox") -- C:\DOCUMENTS AND SETTINGS\P\APPLICATION DATA\FLOCK\BROWSER\PROFILES\2YE63TKW.DEFAULT\EXTENSIONS\[email protected]
[2011/04/08 03:24:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/05 09:42:07 | 000,000,789 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.t...all/xscan60.cab (HouseCall Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/US...nfo/webscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\system32\LgNotify.dll - C:\WINDOWS\SYSTEM32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\DELL.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\DELL.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\IAC25_32.AX (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\ICCVID.DLL (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\IR41_32.AX (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\IR50_32.DLL (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks)

MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "KService"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe - (America Online, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (BVRP Software)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 7.lnk - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe - (TechSmith Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^P^Start Menu^Programs^Startup^is-0GOKV.lnk - C:\Documents and Settings\Peter Nightingale\Desktop\Virus Removal Tool2\is-0GOKV\startup.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^P^Start Menu^Programs^Startup^Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE - ()
MsConfig - StartUpFolder: C:^Documents and Settings^P^Start Menu^Programs^Startup^Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE - ()
MsConfig - StartUpReg: 00PCTFW - hkey= - key= - C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
MsConfig - StartUpReg: AOL Spyware Protection - hkey= - key= - C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe (AOL Spyware Protection)
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: Dell Photo AIO Printer 922 - hkey= - key= - C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ()
MsConfig - StartUpReg: Dell QuickSet - hkey= - key= - C:\Program Files\Dell\QuickSet\quickset.exe ()
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: dla - hkey= - key= - File not found
MsConfig - StartUpReg: DVDLauncher - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: GoToMeeting - hkey= - key= - C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: MSC - hkey= - key= - c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NapsterShell - hkey= - key= - C:\Program Files\Napster\napster.exe (Napster)
MsConfig - StartUpReg: PRONoMgr.exe - hkey= - key= - C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SpeedTouch USB Diagnostics - hkey= - key= - C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: Tesco internet phone - hkey= - key= - C:\Program Files\Tesco internet phone\TescoIP.exe ()
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: UpdateManager - hkey= - key= - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

========== Files/Folders - Created Within 30 Days ==========

[2011/05/20 19:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\My Documents\Mitch
[2011/05/18 01:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\My Documents\Dan Brock
[2011/05/15 22:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\My Documents\London
[2011/05/14 21:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\My Documents\Heathrow Lodge
[2011/05/13 01:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\My Documents\IMWJ
[2011/05/08 01:35:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\My Documents\Housing
[2011/05/07 21:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\My Documents\Armand Moran
[2011/05/07 21:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\My Documents\Kavit
[2011/05/05 15:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\My Documents\Passport
[2011/05/02 05:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\My Documents\viruses
[2011/05/02 04:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FLV.com FLV PLayer
[2011/05/02 04:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\FLV.com FLV PLayer
[2011/05/02 04:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\Application Data\FLV.com FLV PLayer
[2011/05/02 04:37:01 | 001,797,125 | ---- | C] (FLV.com ) -- C:\Documents and Settings\P\Desktop\Setup_FLVPlayer.exe
[2011/05/02 04:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FLV.com FLV Downloader
[2011/05/02 04:32:42 | 000,307,200 | ---- | C] (FLV.com) -- C:\WINDOWS\System32\TubeFinder.exe
[2011/05/02 04:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\Application Data\FreeFLVConverter
[2011/05/02 04:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\FLV.com FLV Downloader
[2011/05/02 04:26:08 | 005,942,320 | ---- | C] (FLV.com ) -- C:\Documents and Settings\P\Desktop\Setup_FLVDownloader.exe
[2011/05/02 03:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\My Documents\Google Places
[2011/04/30 23:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\My Documents\HC consulting daily deal
[2011/04/28 17:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\My Documents\Community times
[2011/04/27 02:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\Application Data\Avira
[2011/04/27 02:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/04/27 02:39:35 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/04/27 02:39:25 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/04/27 02:39:25 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/04/27 02:39:25 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/04/27 02:39:25 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/04/27 02:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/27 02:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/04/23 23:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\P\My Documents\Daily Deal Builder

========== Files - Modified Within 30 Days ==========

[2011/05/20 23:14:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/05/20 22:53:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/20 19:09:20 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Job seeker advice Ipswich unemplyed forum.bmp
[2011/05/20 15:09:02 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/20 15:00:17 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/20 14:59:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/20 14:59:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/20 14:59:26 | 535,064,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/20 06:16:21 | 016,123,604 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/05/20 06:16:18 | 1377,429,536 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/05/19 04:31:23 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\31.bmp
[2011/05/19 04:04:23 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\30.bmp
[2011/05/19 03:48:50 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\29.bmp
[2011/05/19 03:42:24 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\23.bmp
[2011/05/19 03:40:47 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\PDocuments\22.bmp
[2011/05/19 03:40:19 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\21.bmp
[2011/05/18 01:49:13 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Deadbeat traffic.bmp
[2011/05/17 22:46:28 | 000,011,931 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Security.rtf
[2011/05/17 18:55:07 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/05/17 18:55:07 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/05/17 18:16:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/05/16 02:58:55 | 000,000,673 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2011/05/15 21:28:09 | 000,044,919 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Megabus Mc to Lon May15th 4.30 23-6583.GIF
[2011/05/15 18:04:02 | 000,051,215 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Nat Express May 14th 11.GIF
[2011/05/15 01:05:18 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Dollys..2.bmp
[2011/05/14 17:46:33 | 000,005,606 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Mystery sonic boom.rtf
[2011/05/14 02:15:41 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Homes.....bmp
[2011/05/13 20:48:51 | 000,005,615 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Glen Beck.rtf
[2011/05/13 20:26:13 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Supercar.bmp
[2011/05/13 15:59:58 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Taylor Swift.bmp
[2011/05/13 03:00:42 | 000,137,170 | ---- | M] () -- C:\Documents and Settings\P\My Documents\imwj4.GIF
[2011/05/13 02:37:47 | 000,075,794 | ---- | M] () -- C:\Documents and Settings\P\My Documents\IMWJ3.GIF
[2011/05/13 02:10:14 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\IMWJ2.bmp
[2011/05/12 20:33:12 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Dollys.bmp
[2011/05/12 20:28:47 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Grand canyon....bmp
[2011/05/11 13:15:19 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/05/11 13:15:19 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/05/11 11:25:35 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter Nightingale\My Documents\Car Insurance Lloydes for Nissan Micra 10th May 2011.bmp
[2011/05/10 20:56:51 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Women....bmp
[2011/05/10 15:14:59 | 000,009,490 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Motor Insurance details.rtf
[2011/05/10 14:34:26 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/05/10 14:34:26 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/05/10 11:51:32 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\1 0n1 int profits coaching.bmp
[2011/05/10 03:13:24 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\SIM 9.bmp
[2011/05/10 03:00:45 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\SIM 8.bmp
[2011/05/10 02:57:52 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\SIM 7.bmp
[2011/05/10 02:55:02 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\SIM 6.bmp
[2011/05/10 02:53:19 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\SIM 5.bmp
[2011/05/10 02:51:42 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\SIM 4.bmp
[2011/05/10 02:50:08 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\SIM 3.bmp
[2011/05/10 02:48:50 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\SIM 2.bmp
[2011/05/10 02:46:40 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\SIM 1.bmp
[2011/05/10 01:46:41 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Heliosia Nursing Home 54 Boundary Lane Astbury congleton.bmp
[2011/05/08 15:22:49 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\May 7th 2011.bmp
[2011/05/08 01:42:46 | 000,011,445 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Alternative vote.rtf
[2011/05/07 19:50:17 | 000,018,980 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Email to Armand.rtf
[2011/05/07 01:10:55 | 000,025,813 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Stock market lunar page folders.GIF
[2011/05/05 09:42:07 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/05/05 01:30:39 | 000,042,094 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Superfoods.rtf
[2011/05/04 20:11:32 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\PMy Documents\Deal of the day.bmp
[2011/05/04 17:53:09 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/04 00:31:06 | 000,007,296 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Voting AV.rtf
[2011/05/03 22:37:33 | 000,010,099 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Brain Food Diet.rtf
[2011/05/03 03:12:43 | 000,042,282 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Mi6 story.rtf
[2011/05/03 00:12:18 | 000,036,774 | ---- | M] () -- C:\Documents and Settings\P\My Documents\IQ boost.rtf
[2011/05/02 04:37:48 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\P\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV.com FLV PLayer.lnk
[2011/05/02 04:37:47 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\P\Desktop\FLV.com FLV PLayer.lnk
[2011/05/02 04:37:08 | 001,797,125 | ---- | M] (FLV.com ) -- C:\Documents and Settings\P\Desktop\Setup_FLVPlayer.exe
[2011/05/02 04:32:50 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\P\Desktop\FLV.com FLV Downloader.lnk
[2011/05/02 04:26:08 | 005,942,320 | ---- | M] (FLV.com ) -- C:\Documents and Settings\P\Desktop\Setup_FLVDownloader.exe
[2011/05/02 00:14:57 | 000,921,654 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Spybot ... 30th Apr 11.bmp
[2011/05/01 23:51:50 | 000,921,654 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Spybot 30th April 11.bmp
[2011/05/01 19:31:41 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Spybot.bmp
[2011/04/29 21:29:59 | 000,072,809 | ---- | M] () -- C:\Documents and Settings\P\My Documents\fb..........GIF
[2011/04/29 17:45:44 | 000,004,319 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Email to Armand 28th April 2011.rtf
[2011/04/29 16:24:23 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Daily deal3.bmp
[2011/04/29 16:23:43 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Daily deal egs 2.bmp
[2011/04/29 16:03:09 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\The Daily Deal examples.bmp
[2011/04/29 16:00:50 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P Documents\The Daily Deal landscape.bmp
[2011/04/29 15:59:29 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Daily Deal advert eg.bmp
[2011/04/29 15:26:31 | 000,007,551 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Bully.rtf
[2011/04/27 22:21:12 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\P\Desktop\Avira AntiVir Personal Profile Complete system scan.LNK
[2011/04/27 02:40:31 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/04/26 01:48:13 | 000,005,422 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Body Language.rtf
[2011/04/25 20:53:32 | 001,368,297 | ---- | M] () -- C:\Documents and Settings\P\My Documents\dodreportbook.pdf
[2011/04/24 00:13:41 | 000,002,047 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Dailydealbuilder links.rtf
[2011/04/23 22:12:46 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Daily deal builder vip.bmp
[2011/04/23 21:38:30 | 000,004,513 | ---- | M] () -- C:\Documents and Settings\P\My Documents\Daily deal builder.rtf

========== Files Created - No Company Name ==========

[2011/05/20 19:09:00 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Job seeker advice Ipswich unemplyed forum.bmp
[2011/05/19 04:31:22 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\31.bmp
[2011/05/19 04:04:17 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\30.bmp
[2011/05/19 03:48:49 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\29.bmp
[2011/05/19 03:41:44 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\23.bmp
[2011/05/19 03:40:45 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\22.bmp
[2011/05/19 03:40:18 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\21.bmp
[2011/05/18 01:49:12 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Deadbeat traffic.bmp
[2011/05/17 22:45:04 | 000,011,931 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Security.rtf
[2011/05/15 21:28:07 | 000,044,919 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Megabus Mc to Lon May15th 4.30 23-6583.GIF
[2011/05/15 18:04:00 | 000,051,215 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Nat Express May 14th 11.GIF
[2011/05/15 00:53:33 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Dollys..2.bmp
[2011/05/14 17:46:33 | 000,005,606 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Mystery sonic boom.rtf
[2011/05/14 02:15:39 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Homes.....bmp
[2011/05/13 20:48:51 | 000,005,615 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Glen Beck.rtf
[2011/05/13 20:14:02 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Supercar.bmp
[2011/05/13 15:50:06 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Taylor Swift.bmp
[2011/05/13 02:51:10 | 000,137,170 | ---- | C] () -- C:\Documents and Settings\P\My Documents\imwj4.GIF
[2011/05/13 02:37:45 | 000,075,794 | ---- | C] () -- C:\Documents and Settings\PMy Documents\IMWJ3.GIF
[2011/05/13 02:10:13 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\IMWJ2.bmp
[2011/05/12 20:28:45 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Grand canyon....bmp
[2011/05/12 19:46:55 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Dollys.bmp
[2011/05/11 11:24:27 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Car Insurance Lloydes for Nissan Micra 10th May 2011.bmp
[2011/05/10 20:56:08 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Women....bmp
[2011/05/10 15:14:58 | 000,009,490 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Motor Insurance details.rtf
[2011/05/10 14:34:26 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/05/10 14:34:26 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/05/10 11:47:07 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\PMy Documents\1 0n1 int profits coaching.bmp
[2011/05/10 03:13:23 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\SIM 9.bmp
[2011/05/10 02:59:22 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\SIM 8.bmp
[2011/05/10 02:57:51 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\SIM 7.bmp
[2011/05/10 02:55:01 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\SIM 6.bmp
[2011/05/10 02:53:01 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\SIM 5.bmp
[2011/05/10 02:51:26 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\SIM 4.bmp
[2011/05/10 02:50:05 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\SIM 3.bmp
[2011/05/10 02:47:32 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\SIM 2.bmp
[2011/05/10 02:46:37 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\SIM 1.bmp
[2011/05/10 01:46:09 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Heliosia Nursing Home 54 Boundary Lane Astbury congleton.bmp
[2011/05/08 15:21:13 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\May 7th 2011.bmp
[2011/05/08 01:39:50 | 000,011,445 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Alternative vote.rtf
[2011/05/07 15:18:23 | 000,018,980 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Email to Armand.rtf
[2011/05/06 23:26:34 | 000,025,813 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Stock market lunar page folders.GIF
[2011/05/05 01:30:37 | 000,042,094 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Superfoods.rtf
[2011/05/04 20:11:31 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Deal of the day.bmp
[2011/05/04 00:31:06 | 000,007,296 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Voting AV.rtf
[2011/05/03 22:37:32 | 000,010,099 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Brain Food Diet.rtf
[2011/05/03 03:10:44 | 000,042,282 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Mi6 story.rtf
[2011/05/03 00:12:18 | 000,036,774 | ---- | C] () -- C:\Documents and Settings\P\My Documents\IQ boost.rtf
[2011/05/02 04:37:48 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\P\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV.com FLV PLayer.lnk
[2011/05/02 04:37:47 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\P\Desktop\FLV.com FLV PLayer.lnk
[2011/05/02 04:32:50 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\P\Desktop\FLV.com FLV Downloader.lnk
[2011/05/02 04:32:30 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\PropertyGrid.ocx
[2011/05/02 04:32:30 | 000,208,500 | ---- | C] () -- C:\WINDOWS\System32\ReyXpBasics.tlb
[2011/05/02 04:32:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ControlSubX.ocx
[2011/05/02 00:18:21 | 535,064,576 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/02 00:14:56 | 000,921,654 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Spybot ... 30th Apr 11.bmp
[2011/05/01 23:47:08 | 000,921,654 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Spybot 30th April 11.bmp
[2011/05/01 19:26:50 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Spybot.bmp
[2011/04/29 21:29:58 | 000,072,809 | ---- | C] () -- C:\Documents and Settings\P\My Documents\fb..........GIF
[2011/04/29 17:45:39 | 000,004,319 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Email to Armand 28th April 2011.rtf
[2011/04/29 16:24:22 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Daily deal3.bmp
[2011/04/29 16:23:43 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Daily deal egs 2.bmp
[2011/04/29 16:02:38 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\The Daily Deal examples.bmp
[2011/04/29 15:59:28 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Daily Deal advert eg.bmp
[2011/04/29 15:58:27 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\The Daily Deal landscape.bmp
[2011/04/29 15:25:32 | 000,007,551 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Bully.rtf
[2011/04/27 22:21:12 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\P\Desktop\Avira AntiVir Personal Profile Complete system scan.LNK
[2011/04/27 02:40:30 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/04/26 01:48:13 | 000,005,422 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Body Language.rtf
[2011/04/25 20:53:32 | 001,368,297 | ---- | C] () -- C:\Documents and Settings\P\My Documents\dodreportbook.pdf
[2011/04/23 23:38:15 | 000,002,047 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Dailydealbuilder links.rtf
[2011/04/23 22:08:24 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Daily deal builder vip.bmp
[2011/04/23 21:38:30 | 000,004,513 | ---- | C] () -- C:\Documents and Settings\P\My Documents\Daily deal builder.rtf
[2011/04/20 23:26:34 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2011/04/20 23:26:34 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2011/04/20 23:26:34 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2011/04/02 23:22:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/02 23:22:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/02 23:22:34 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/02 23:22:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/02 23:22:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/08 13:05:27 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\P\Local Settings\Application Data\housecall.guid.cache
[2010/08/08 12:55:51 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\uti2mzq1.sys
[2010/07/10 20:23:22 | 000,092,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/27 12:31:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/08 23:47:58 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/12 19:36:00 | 000,007,856 | ---- | C] () -- C:\WINDOWS\extend.dat
[2009/03/28 07:09:50 | 1377,429,536 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/03/25 05:55:59 | 001,075,840 | ---- | C] () -- C:\Program Files\Google Updater.exe
[2009/02/02 10:22:22 | 000,043,698 | ---- | C] () -- C:\WINDOWS\System32\xvid-uninstall.exe
[2008/08/22 18:48:22 | 000,104,416 | ---- | C] () -- C:\Documents and Settings\P\Local Settings\Application Data\Open Source Software Bundle Installer2.exe
[2008/02/11 10:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 10:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 14:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008/02/05 09:48:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerUninstaller.exe
[2007/07/27 15:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 15:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/07/25 14:24:28 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/03/10 12:51:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/24 17:18:12 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/05/11 01:22:03 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\P\Local Settings\Application Data\fusioncache.dat
[2006/05/01 00:31:53 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2006/05/01 00:31:52 | 000,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/15 00:48:37 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/02/20 00:10:31 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/02/13 14:12:27 | 000,003,480 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/02/07 09:23:25 | 001,489,920 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2005/12/05 20:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 13:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/10/27 03:22:51 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/10/27 03:22:16 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/10/14 05:19:37 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/09/12 06:17:19 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\P\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/09 23:13:59 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/08/09 23:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/05/14 04:55:10 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\P\Application Data\dm.ini
[2005/05/03 11:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 11:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/04/25 13:59:02 | 000,000,673 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/04/25 13:57:22 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2005/04/25 13:57:21 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2005/04/25 11:57:10 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dlbtih.exe
[2005/04/25 11:57:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2005/04/25 11:57:09 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2005/04/25 11:57:09 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2005/04/25 11:57:05 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2005/04/25 11:57:00 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2005/04/17 13:52:47 | 000,000,153 | ---- | C] () -- C:\WINDOWS\aebmark.ini
[2005/04/17 13:08:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\AEBFONT.INI
[2005/04/10 18:54:30 | 000,000,015 | ---- | C] () -- C:\WINDOWS\cfwin.ini
[2005/04/10 18:54:27 | 000,000,098 | ---- | C] () -- C:\WINDOWS\cfwinlib.ini
[2005/04/10 17:28:10 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2005/04/04 09:40:17 | 000,000,014 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2005/03/27 15:01:37 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\P\Application Data\QSPMShare
[2005/03/19 03:14:29 | 000,059,904 | ---- | C] () -- C:\WINDOWS\ShareBarData.dll
[2005/03/16 02:18:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/16 02:16:23 | 000,000,173 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/16 02:10:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/03/16 01:56:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/03/16 01:54:58 | 000,443,034 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/03/16 01:54:58 | 000,072,134 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/03/16 01:22:06 | 000,000,366 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/03/03 16:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2004/10/15 19:56:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/10/01 17:33:46 | 000,000,680 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:08:08 | 000,143,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:03:52 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:02:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 11:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/10 11:08:26 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/04 06:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 17:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/04/20 12:08:08 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\DLBTPLC.INI
[2004/01/09 11:10:48 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/09/10 03:17:24 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/09/10 03:17:24 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1996/11/17 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1980/01/01 01:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2008/05/26 17:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2006/02/19 03:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2005/04/24 13:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2009/03/26 22:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2005/11/27 00:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/05/20 15:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/03/16 02:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/02/02 08:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\P\Application Data\Any Video Converter
[2006/12/28 22:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\P\Application Data\CoffeeCup Software
[2011/04/20 23:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\P\Application Data\eBookPro6
[2010/09/28 21:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\P\Application Data\FileZilla
[2009/02/19 04:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\P\Application Data\Flock
[2011/05/02 04:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\P\Application Data\FLV.com FLV PLayer
[2011/05/02 04:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\P\Application Data\FreeFLVConverter
[2008/04/26 04:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\P\Application Data\HouseCall 6.6
[2009/03/19 07:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\P\Application Data\KompoZer
[2005/12/09 22:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\P\Application Data\Leadertech
[2006/05/11 01:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\P\Application Data\NASA
[2008/06/18 03:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\P\Application Data\Nvu
[2008/08/22 18:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\P\Application Data\OSI
[2009/03/31 08:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\P\Application Data\PCToolsFirewallPlus
[2009/03/12 06:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\P\Application Data\StumbleUpon
[2005/03/27 15:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\P\Application Data\Template
[2005/05/29 21:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\P\Application Data\Tesco
[2006/02/13 14:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\P\Application Data\Thunderbird
[2009/09/23 03:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\P\Application Data\uTorrent
[2008/05/31 19:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\P\Application Data\Viewpoint
[2011/05/20 23:14:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2011/05/20 15:09:02 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >
  • 0

Advertisements

#122
dowsp
Posted 19 May 2011 - 06:04 PM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
Hi Sal,

I just tried to download aswMBR and run it..

I got what seems like a warning message that saying it is not a valid win32 application

So I am unable to run it..

Wonder if you can advise ..

Dowsp..

---------------

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it
  • 0

#123
Salagubang
Posted 19 May 2011 - 06:06 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi dowsp,

I got what seems like a warning message that saying it is not a valid win32 application


That is unusual. Could you try restarting the machine then run aswMBR again.

:)
  • 0

#124
dowsp
Posted 19 May 2011 - 06:11 PM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
Hi Sal,

Will do, but it may take a few mins.

thks
  • 0

#125
dowsp
Posted 19 May 2011 - 06:38 PM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
Hi Sal,

I restarted my laptop and tried Downloading it again saving just to my desktop ( rather than within a folder on my desktop) and I noted that when I saved it.. there was two options, Application or all files...
I think last time I saved it as application... this time I saved as all files..

Anyway It worked this time.. Hope ive done everything correct..

The scan file is below..

Cheers
Dowps
..


-----------------------

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-21 01:28:00
-----------------------------
01:28:00.513 OS Version: Windows 5.1.2600 Service Pack 2
01:28:00.513 Number of processors: 1 586 0xD08
01:28:00.523 ComputerName: DGR76K1J UserName:
01:28:03.647 Initialize success
01:28:47.290 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
01:28:47.290 Disk 0 Vendor: HTS548040M9AT00 MG2OA5EA Size: 38154MB BusType: 3
01:28:47.300 Disk 0 MBR read successfully
01:28:47.300 Disk 0 MBR scan
01:28:47.300 Disk 0 unknown MBR code
01:28:47.330 Disk 0 scanning sectors +78124095
01:28:47.681 Disk 0 scanning C:\WINDOWS\system32\drivers
01:29:21.039 Service scanning
01:29:24.434 Disk 0 trace - called modules:
01:29:24.454 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
01:29:24.454 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f9c030]
01:29:24.454 3 CLASSPNP.SYS[f883805b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f9cd98]
01:29:24.454 Scan finished successfully
01:29:55.729 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\P\Desktop\ASW\MBR.dat"
01:29:55.809 The log file has been saved successfully to "C:\Documents and Settings\P\Desktop\ASW\aswMBR.txt"
  • 0

#126
Salagubang
Posted 19 May 2011 - 06:50 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi dowsp,

aswMBR is not recognizing the type of MBR this computer has. What is the brand and model of this machine?
  • 0

#127
dowsp
Posted 19 May 2011 - 07:29 PM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
Hi Sal,

It is a Dell Inspiron 510 m laptop machine with windows XP software..

I wonder if I should had saved it as application rather than all files..

Maybe I should try downloading it again. :)
  • 0

#128
Salagubang
Posted 19 May 2011 - 07:35 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
I need you to have some files analyzed for me:

Please go to one of the below sites to scan the following files:
virscan.org
Virus Total

Click on Browse, and upload the following file, for analysis:

C:\Documents and Settings\P\Desktop\ASW\MBR.dat

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.
  • 0

#129
dowsp
Posted 19 May 2011 - 08:08 PM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
Hi Sal,

That File MBR.dat was within the initial download I did that I placed within a folder
on my laptop and had saved the ASW MBR exe file as an application ( rather than all files)... then somehow the MBR.dat file appeared within it.

I did the scan you asked on virscan and uploaded the MBR.dat file and the scan started automatically
It ran 37 checks from various antivirus or malware online scans

When it ended... It says that there was no malware found..

At the bottom it does say that this file has been scanned before..therefore this files scan result will not be stored on the database...when I clicked to copy to clipboard
for some reason it wont do it.. There is NO button that said "reanalyse now "
  • 0

#130
dowsp
Posted 19 May 2011 - 08:13 PM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
Also tried Virus total that scanned with 43 AVs and that also found nothing.
  • 0

Advertisements

#131
Salagubang
Posted 19 May 2011 - 08:19 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Please download an updated version ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#132
dowsp
Posted 19 May 2011 - 11:24 PM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
Hi Sal,

Sorry for the delay, It seemed to take sometime and I had fell to sleep zzzz waiting.

Just woke up again ... :)

I was not too sure about disabling all the AV progs that I have tried on my machine ..
I think some were not active unless I enabled.. but I did get a warning about Mic Sec Essentials

...I tried to disable.. but Im not sure if I needed to restart to deactivate it..after I checked to
disable.

I did see a message saying that CF would make a recovery point..similar but not the same as screenshot 1..

BUT after I cant recall seeing or have not had any message come up about confirming Mic Recovery
console being installed.. IF I recall the screen had turned Blue Not Black when it scanned..
and did a restart after.... and eventually created this log..

BUT NO 2nd screenshot message..

I also still have or had the MSconfig items checked / or unchecked when I tried to
select some AVs to be disabled... BUT that wanted me to restart to activate some options
as I was doing Comfix...

This may had been a tricky part of doing that scan..

I am not sure what to make of it... BUT It had found and deleted at least one item..Blinx Beat was one of the main items..

Hope this is ok.

I have to go to bed now..

cheers

Dowsp


===========================================

ComboFix 11-05-18.04 - P 21/05/2011 3:49.17.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.292 [GMT 1:00]
Running from: c:\documents and settings\P\Desktop\com fx\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: PC Tools Firewall Plus *Enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\P\g2mdlhlpx.exe
c:\program files\Blinkx
c:\program files\Blinkx\blinkx.ico
c:\program files\Blinkx\blinkxss.exe
c:\program files\Blinkx\blinkxstop.exe
c:\program files\Blinkx\lang.dll
c:\program files\Blinkx\templates\beat.ico
c:\program files\Blinkx\templates\index.html
c:\program files\Blinkx\templates\noflash.html
c:\program files\Blinkx\templates\offline.html
c:\program files\Blinkx\templates\offline.swf
c:\program files\Blinkx\templates\uninstall.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
.
.
((((((((((((((((((((((((( Files Created from 2011-04-21 to 2011-05-21 )))))))))))))))))))))))))))))))
.
.
2011-05-21 00:44 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D74071FF-8FAB-476C-A005-AC472AE9731D}\mpengine.dll
2011-05-10 13:34 . 2011-05-10 13:34 1409 ----a-w- c:\windows\QTFont.for
2011-05-02 03:37 . 2011-05-02 03:37 -------- d-----w- c:\documents and settings\P\Application Data\FLV.com FLV PLayer
2011-05-02 03:37 . 2011-05-02 03:37 -------- d-----w- c:\program files\FLV.com FLV PLayer
2011-05-02 03:32 . 2011-03-14 15:15 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2011-05-02 03:32 . 2009-06-19 17:51 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2011-05-02 03:32 . 2009-06-19 17:51 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
2011-05-02 03:32 . 2009-06-19 17:51 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2011-05-02 03:32 . 2009-06-19 17:51 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2011-05-02 03:32 . 2009-06-19 17:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2011-05-02 03:32 . 2009-06-19 17:51 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
2011-05-02 03:32 . 2009-06-19 17:51 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2011-05-02 03:32 . 2009-06-19 17:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2011-05-02 03:32 . 2011-05-02 03:32 -------- d-----w- c:\program files\FLV.com FLV Downloader
2011-05-02 03:32 . 2011-05-02 03:32 -------- d-----w- c:\documents and settings\P\Application Data\FreeFLVConverter
2011-04-27 01:44 . 2011-04-27 01:44 -------- d-----w- c:\documents and settings\P\Application Data\Avira
2011-04-27 01:39 . 2011-05-17 17:55 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-27 01:39 . 2011-05-17 17:55 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-27 01:39 . 2009-05-11 11:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-04-27 01:39 . 2009-05-11 11:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-04-27 01:39 . 2011-04-27 01:39 -------- d-----w- c:\program files\Avira
2011-04-27 01:39 . 2011-04-27 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 07:04 . 2010-07-11 21:53 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-08 02:24 . 2011-04-08 02:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-08 02:24 . 2010-07-08 23:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-02 06:55 . 2011-04-02 06:56 388608 ----a-w- c:\windows\system32\CF32099.exe
2009-03-25 04:56 . 2009-03-25 04:55 1075840 ----a-w- c:\program files\Google Updater.exe
.
.
------- Sigcheck -------
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\SYSTEM32\DLLCACHE\tcpip.sys
[-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\SYSTEM32\DRIVERS\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-03-16 98304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-05-17 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-12 06:55 110592 ----a-w- c:\windows\SYSTEM32\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 7.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk
backup=c:\windows\pss\SnagIt 7.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^P^Start Menu^Programs^Startup^is-0GOKV.lnk]
path=c:\documents and settings\P\Start Menu\Programs\Startup\is-0GOKV.lnk
backup=c:\windows\pss\is-0GOKV.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^P^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\P\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^P^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\P\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00PCTFW]
2009-02-23 09:49 2652056 ----a-w- c:\program files\PC Tools Firewall Plus\FirewallGUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
2004-02-16 14:04 147456 -c--a-w- c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-09-13 11:33 155648 -c--a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]
2004-11-10 19:36 290816 ----a-w- c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2004-10-07 19:44 610304 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2004-07-19 07:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 01:05 127035 -c--a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 16:54 57344 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-03-11 13:34 190464 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMeeting]
2010-06-02 19:54 39816 ----a-w- c:\program files\Citrix\GoToMeeting\457\g2mstart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-09-20 08:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 08:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 08:36 114688 ----a-w- c:\windows\SYSTEM32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-09-20 08:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 13:20 997408 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2006-06-17 13:29 319488 ----a-w- c:\program files\Napster\napster.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
2003-05-28 17:32 86016 -c--a-w- c:\program files\Intel\NCS\PROSet\PRONoMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-03-16 01:11 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-09-12 04:36 208941 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 09:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
2004-01-26 11:38 866816 ----a-w- c:\program files\Thomson\SpeedTouch USB\dragdiag.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-25 04:56 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tesco internet phone]
2007-01-30 10:14 6942720 ----a-w- c:\program files\Tesco internet phone\TescoIP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-09-12 04:36 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 01:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"KService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"StumbleUponUpdateService"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"RetroLauncher"=2 (0x2)
"RegSrvc"=2 (0x2)
"PCToolsFirewallPlus"=2 (0x2)
"NetSvc"=3 (0x3)
"MsMpSvc"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate1c9ad062ddca2f0"=2 (0x2)
"dlbt_device"=3 (0x3)
"AOL ACS"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Tesco internet phone\\TescoIP.exe"=
"c:\\Documents and Settings\\P\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 is-0GOKVdrv;is-0GOKVdrv;c:\windows\SYSTEM32\DRIVERS\30229470.sys [28/03/2009 08:20 148496]
R1 pctgntdi;pctgntdi;c:\windows\SYSTEM32\DRIVERS\pctgntdi.sys [31/03/2009 08:33 159600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27/04/2011 02:39 136360]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\SYSTEM32\DRIVERS\PCTAppEvent.sys [31/03/2009 08:33 73840]
R3 pctplfw;pctplfw;c:\windows\SYSTEM32\DRIVERS\pctplfw.sys [31/03/2009 08:30 95640]
S1 MpKsl02a591b9;MpKsl02a591b9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BBFC592A-305B-4BAA-951A-62E71701294D}\MpKsl02a591b9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BBFC592A-305B-4BAA-951A-62E71701294D}\MpKsl02a591b9.sys [?]
S1 MpKsl10334ae5;MpKsl10334ae5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD679E9C-5155-45A0-9940-5DF7AF7D6C19}\MpKsl10334ae5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD679E9C-5155-45A0-9940-5DF7AF7D6C19}\MpKsl10334ae5.sys [?]
S1 MpKsl133e6817;MpKsl133e6817;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37A94116-E54E-48EE-AF69-3FA12D7B99FE}\MpKsl133e6817.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37A94116-E54E-48EE-AF69-3FA12D7B99FE}\MpKsl133e6817.sys [?]
S1 MpKsl1ce23b4d;MpKsl1ce23b4d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68688FCE-235D-4D24-A3FD-DA9F55292FF5}\MpKsl1ce23b4d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68688FCE-235D-4D24-A3FD-DA9F55292FF5}\MpKsl1ce23b4d.sys [?]
S1 MpKsl1d3eb406;MpKsl1d3eb406;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{39E87774-D88B-4EDB-AE91-3502C260A67C}\MpKsl1d3eb406.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{39E87774-D88B-4EDB-AE91-3502C260A67C}\MpKsl1d3eb406.sys [?]
S1 MpKsl3edab360;MpKsl3edab360;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F15D2F-2A3E-49E2-A090-DB432F463AF9}\MpKsl3edab360.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F15D2F-2A3E-49E2-A090-DB432F463AF9}\MpKsl3edab360.sys [?]
S1 MpKsl4aa4b9ad;MpKsl4aa4b9ad;\??\c:\windows\system32\MpEngineStore\MpKsl4aa4b9ad.sys --> c:\windows\system32\MpEngineStore\MpKsl4aa4b9ad.sys [?]
S1 MpKsl4d263215;MpKsl4d263215;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64CE6AD6-7051-45CB-8B98-BAB6B83DB7F8}\MpKsl4d263215.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64CE6AD6-7051-45CB-8B98-BAB6B83DB7F8}\MpKsl4d263215.sys [?]
S1 MpKsl719566b2;MpKsl719566b2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17F76C25-D4F3-4311-B5C2-C3FD955F2827}\MpKsl719566b2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17F76C25-D4F3-4311-B5C2-C3FD955F2827}\MpKsl719566b2.sys [?]
S1 MpKsl86c86e31;MpKsl86c86e31;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D74071FF-8FAB-476C-A005-AC472AE9731D}\MpKsl86c86e31.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D74071FF-8FAB-476C-A005-AC472AE9731D}\MpKsl86c86e31.sys [?]
S1 MpKsl936ab378;MpKsl936ab378;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64CE6AD6-7051-45CB-8B98-BAB6B83DB7F8}\MpKsl936ab378.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64CE6AD6-7051-45CB-8B98-BAB6B83DB7F8}\MpKsl936ab378.sys [?]
S1 MpKsl94b56ef0;MpKsl94b56ef0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9833DD60-BD99-4223-B0D3-BC58D9B4E144}\MpKsl94b56ef0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9833DD60-BD99-4223-B0D3-BC58D9B4E144}\MpKsl94b56ef0.sys [?]
S1 MpKsla25de6bd;MpKsla25de6bd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6EC67B8D-5576-4DAF-8027-07828881A1D8}\MpKsla25de6bd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6EC67B8D-5576-4DAF-8027-07828881A1D8}\MpKsla25de6bd.sys [?]
S1 MpKslbf8a3bb3;MpKslbf8a3bb3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD679E9C-5155-45A0-9940-5DF7AF7D6C19}\MpKslbf8a3bb3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD679E9C-5155-45A0-9940-5DF7AF7D6C19}\MpKslbf8a3bb3.sys [?]
S1 MpKslca9d1260;MpKslca9d1260;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17F76C25-D4F3-4311-B5C2-C3FD955F2827}\MpKslca9d1260.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17F76C25-D4F3-4311-B5C2-C3FD955F2827}\MpKslca9d1260.sys [?]
S1 MpKslcb88d00f;MpKslcb88d00f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92F6CB1D-C53D-4313-B3C6-3E9E3C9D9BC0}\MpKslcb88d00f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92F6CB1D-C53D-4313-B3C6-3E9E3C9D9BC0}\MpKslcb88d00f.sys [?]
S1 MpKsld9c76a6f;MpKsld9c76a6f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{77E3D941-0F89-458F-97E8-DBC6AA07C9E4}\MpKsld9c76a6f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{77E3D941-0F89-458F-97E8-DBC6AA07C9E4}\MpKsld9c76a6f.sys [?]
S1 MpKsled6ce4bc;MpKsled6ce4bc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64CE6AD6-7051-45CB-8B98-BAB6B83DB7F8}\MpKsled6ce4bc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64CE6AD6-7051-45CB-8B98-BAB6B83DB7F8}\MpKsled6ce4bc.sys [?]
S4 gupdate1c9ad062ddca2f0;Google Update Service (gupdate1c9ad062ddca2f0);c:\program files\Google\Update\GoogleUpdate.exe [25/03/2009 05:57 133104]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25/03/2009 05:57 133104]
S4 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [18/12/2008 23:05 120168]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-21 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
2011-05-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2005-02-26 04:56]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 04:57]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 04:57]
.
2011-05-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 12:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://finance.groups.yahoo.com/group//
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
FF - ProfilePath - c:\documents and settings\P\Application Data\Mozilla\Firefox\Profiles\ejftmv6o.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-blinkx beat - c:\program files\Blinkx\templates\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-21 04:14
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1340)
c:\windows\system32\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(2828)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZCfgSvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-05-21 04:24:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-21 03:24
ComboFix2.txt 2011-04-02 22:46
.
Pre-Run: 512,569,344 bytes free
Post-Run: 1,008,160,768 bytes free
.
- - End Of File - - B0D76446629F273DA7DF407BA696AF0A
  • 0

#133
Salagubang
Posted 19 May 2011 - 11:39 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Continue when you're rested and refresh in the morning. :)

You have two Antivirus (MSE and Avira) actively running on your system.

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine


Choose one and uninstall the other as it will be creating unseen conflicts.


NExt

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::
c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys|c:\windows\SYSTEM32\DRIVERS\tcpip.sys

Driver::
is-0GOKVdrv
MpKsl02a591b9
MpKsl10334ae5
MpKsl133e6817
MpKsl1ce23b4d
MpKsl1d3eb406
MpKsl3edab360
MpKsl4aa4b9ad
MpKsl4d263215
MpKsl719566b2
MpKsl86c86e31
MpKsl936ab378
MpKsl94b56ef0
MpKsla25de6bd
MpKslbf8a3bb3
MpKslca9d1260
MpKslcb88d00f
MpKsld9c76a6f
MpKsled6ce4bc

File::
c:\windows\SYSTEM32\DRIVERS\30229470.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BBFC592A-305B-4BAA-951A-62E71701294D}\MpKsl02a591b9.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD679E9C-5155-45A0-9940-5DF7AF7D6C19}\MpKsl10334ae5.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37A94116-E54E-48EE-AF69-3FA12D7B99FE}\MpKsl133e6817.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68688FCE-235D-4D24-A3FD-DA9F55292FF5}\MpKsl1ce23b4d.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{39E87774-D88B-4EDB-AE91-3502C260A67C}\MpKsl1d3eb406.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F15D2F-2A3E-49E2-A090-DB432F463AF9}\MpKsl3edab360.sys
c:\windows\system32\MpEngineStore\MpKsl4aa4b9ad.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64CE6AD6-7051-45CB-8B98-BAB6B83DB7F8}\MpKsl4d263215.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17F76C25-D4F3-4311-B5C2-C3FD955F2827}\MpKsl719566b2.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D74071FF-8FAB-476C-A005-AC472AE9731D}\MpKsl86c86e31.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64CE6AD6-7051-45CB-8B98-BAB6B83DB7F8}\MpKsl936ab378.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9833DD60-BD99-4223-B0D3-BC58D9B4E144}\MpKsl94b56ef0.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6EC67B8D-5576-4DAF-8027-07828881A1D8}\MpKsla25de6bd.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD679E9C-5155-45A0-9940-5DF7AF7D6C19}\MpKslbf8a3bb3.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17F76C25-D4F3-4311-B5C2-C3FD955F2827}\MpKslca9d1260.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92F6CB1D-C53D-4313-B3C6-3E9E3C9D9BC0}\MpKslcb88d00f.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{77E3D941-0F89-458F-97E8-DBC6AA07C9E4}\MpKsld9c76a6f.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64CE6AD6-7051-45CB-8B98-BAB6B83DB7F8}\MpKsled6ce4bc.sys



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#134
dowsp
Posted 19 May 2011 - 11:56 PM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts
Hi Sal,

Thanks for confirming that I have two AVs running.

I Know that I had downloaded and tried several while we have tried various
things... and I know I did ask once if I should TRY and delete or remove some.

I had tried to remove some in the past BUT for some reason.. I was not able to do so.
Sometimes I thought that I had removed them, BUT they were still on my computer.

I had Kapersky on my Laptop and did try and remove it using its unistall option,
BUT at a later date found it opened up.. I tried uninstalling Avira and reinstalling
it BUT it wont scan when I select scan... BUT it does auto update...and has occasionally
suggested finding threats.. BUT NOT like it once did...when It used to make a certain sound..

I have malware bytes on my machine BUT I only think that works when I update it and ask it to scan ...

Other AVs are ones that you suggested that I tried... and I think they are still on my machine, BUT may not be active... SO I am wondering IF I should try and remove as many as I can BEFORE I do anything else..

Maybe I should remove all... and then just decide upon what you suggest as best option..

And then follow your instruction.

I will try and do this when refreshed..

Cheers for now..must sleep zzzzzzzz

Dowsp..
  • 0

#135
Salagubang
Posted 20 May 2011 - 12:04 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Thats a good idea. You can use this tool to sweep your system and remove some borked AV programmes.

Download AppRemover and run it.

Click Next >>
Posted Image


Ensure "Remove Security Application" is collected and click Next >>
Posted Image


AppRemover will scan all the security applications on your PC
Posted Image

Select Any AVG entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot,please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP