Yinstall trouble! HELP PLS! - Page 2

**Cookiegal** · 13-Oct-2006, 03:27 PM **#16**

Download Brute Force Uninstaller to your desktop.

Right click the file on your Desktop, and choose Extract All.
Click Next.
In the box to choose where to extract the files to:
Click Browse.
Click on the + sign next to My Computer
Click on Local Disk (C:) or whatever your primary drive is.
Click Make New Folder
Type in BFU
Click Next, and uncheck the Show Extracted Files box and then click Finish.

Download sidekickFix.bat (rightclick on that link and choose save as)

Place sidekickFix.bat in your C:\BFU - folder. (Important!)
Close all browsers and explorer folders.
Double-click on sidekickFix.bat
Click Yes and follow the prompts, when prompted to restart the PC please do so.

Dom_B · 19-Oct-2006, 06:07 PM **#17**

Logfile of HijackThis v1.99.1
Scan saved at 10:06:51 PM, on 10/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\explorer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virushelpzone.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F3 - REG:win.ini: load=C:\WINDOWS\system32\qsbrtfqjdg\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\qsbrtfqjdg\csrss.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [logon.exe] C:\WINDOWS\System32\logon.exe
O4 - HKCU\..\Run: [mfku] C:\PROGRA~1\COMMON~1\mfku\mfkum.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZJxdm035YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Stan James Poker.com Poker - {7F2F6F5A-CAE2-4954-A461-36B3757B2BFB} - C:\Program Files\stanjamesgibMPP\MPPoker.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/in...eanerstart.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activ...33352D2D2D.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan8/oscan8.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.co...ic/FlashAX.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{38BD9D07-A9C6-459B-A578-D6F18B687C52}: NameServer = 80.225.255.50 80.225.255.58
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

**Cookiegal** · 19-Oct-2006, 06:21 PM **#18**

Please run a new Panda scan and post the results.

Dom_B · 19-Oct-2006, 06:34 PM **#19**

The system is randomly rebooting itself. So I unchecked the automatic bit under my computer advanced options.
This is the msg from the blue screen:

***STOP: 0x0000008E (OxC0000005,0xF442DD03,0xF381FA20,0x00000000)

Pls help. Thanks

**Cookiegal** · 19-Oct-2006, 06:58 PM **#20**

Are you able to boot up?

Dom_B · 19-Oct-2006, 07:05 PM **#21**

Yes, I am able to boot up. It just restarts randomly with that error code once one of three users has logged on. I cant run the Panda scan because it wont complete in time before a restart occurs.

**Cookiegal** · 19-Oct-2006, 07:11 PM **#22**

Click Here and download Killbox and save it to your desktop but don’t run it yet.

Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click fix checked.

F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

F3 - REG:win.ini: load=C:\WINDOWS\system32\qsbrtfqjdg\csrss.exe

F3 - REG:win.ini: run=C:\WINDOWS\system32\qsbrtfqjdg\csrss.exe

O4 - HKLM\..\RunServices: [logon.exe] C:\WINDOWS\System32\logon.exe

O4 - HKCU\..\Run: [mfku] C:\PROGRA~1\COMMON~1\mfku\mfkum.exe

O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O4 - Startup: csrss.lnk = ?

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZJxdm035YYGB

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/in...eanerstart.cab

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activ...33352D2D2D.exe

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.co...ic/FlashAX.cab

Then boot to safe mode:

How to restart to safe mode

Double-click on Killbox.exe to run it.

Put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

C:\WINDOWS\system32\qsbrtfqjdg\csrss.exe
C:\WINDOWS\System32\logon.exe
C:\PROGRA~1\COMMON~1\mfku
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
c:\windows\system32\atmtd.dll
c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
c:\windows\downloaded program files\UDC6_0001_D19M1908NetInstaller.exe
c:\windows\browserxtras\pn\remove.exe
C:\Documents and Settings\Dominic\Local Settings\Temporary Internet Files\Ssk.log
c:\windows\switchagreement.txt
c:\windows\ucmoreiex.exe
c:\windows\smdat32m.sys
c:\program files\common files\WinAntiVirus Pro 2006
C:\WINDOWS\system32\xmltok.dll
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UDC6_0001_D19M1908NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UDC6_0001_D19M1908NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UDC6_0001_D19M1908NetInstaller.exe
C:\Program Files\Common Files\WinFixer 2005
Click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confirmation to delete the file.
Click Yes.
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
Killbox may tell you that one or more files do not exist.
If that happens, just continue on with all the files. Be sure you don't miss any.
Next in Killbox go to Tools > Delete Temp Files
In the window that pops up, put a check by ALL the options there except these three:
- XP Prefetch
- Recent
- History
Now click the Delete Selected Temp Files button.
Exit the Killbox.

Boot back to Windows normally and post another HijackThis log please.

Dom_B · 20-Oct-2006, 07:23 AM **#23**

Logfile of HijackThis v1.99.1
Scan saved at 11:22:20 AM, on 10/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virushelpzone.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Stan James Poker.com Poker - {7F2F6F5A-CAE2-4954-A461-36B3757B2BFB} - C:\Program Files\stanjamesgibMPP\MPPoker.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{38BD9D07-A9C6-459B-A578-D6F18B687C52}: NameServer = 80.225.255.50 80.225.255.58
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

**Cookiegal** · 20-Oct-2006, 09:29 PM **#24**

How are things running now?

Dom_B · 20-Oct-2006, 10:18 PM **#25**

not great, im stil gettin the random shutdowns. with the "blue screen" and white text. once that problem is solved itll b running fine.

**Cookiegal** · 21-Oct-2006, 01:30 PM **#26**

Download WinPFind.exe to your desktop and double click on it to extract the files. This will create a folder named WinPFind on your desktop.

Start in Safe Mode Using the F8 method:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
Use the arrow keys to select the Safe Mode menu item.
Press the Enter key.

Double click on the WinPFind folder on your desktop to open it and then double click on the WinPFind.exe file to start the program.

Click “Configure scan options”
Under “Run AdOns” select the following:
- Policies.def
- Security.def
Click “apply”
Click "Start Scan"
It will scan the entire System, so please be patient and let it complete.

When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here along with a new HijackThis log.

Dom_B · 21-Oct-2006, 02:01 PM **#27**

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 10/21/2006 5:49:12 PM
WinPFind v1.5.0 Folder = C:\Documents and Settings\Dominic\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
aspack 07/26/2001 9:16:16 AM 46080 C:\WINDOWS\Uninstall.exe (ZbSoft)
aspack 06/14/2004 11:25:16 AM 187392 C:\WINDOWS\Acer.scr ()

Checking %System% folder...
UPX! 10/11/2006 4:54:34 PM 7680 C:\WINDOWS\SYSTEM32\~.exe ()
PEC2 03/31/2003 12:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
aspack 08/04/2004 8:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
winsync 03/31/2003 12:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 06/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)
Umonitor 08/04/2004 8:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
PTech 08/07/2006 9:50:22 AM 1484592 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL (Microsoft Corporation)
WSUD 06/18/2004 4:32:34 PM 15684608 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
PECompact2 10/04/2006 1:03:46 PM 9639336 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 10/04/2006 1:03:46 PM 9639336 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
PEC2 01/21/2004 4:19:24 PM 59252 C:\WINDOWS\SYSTEM32\ansi.cfg ()
WSUD 08/04/2004 8:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
PTech 08/04/2004 6:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/21/2006 5:46:48 PM S 2048 C:\WINDOWS\bootstat.dat ()
10/20/2006 7:49:30 PM H 54156 C:\WINDOWS\QTFont.qfn ()
10/11/2006 2:08:42 PM HS 2 C:\WINDOWS\system32\netstat.com ()
10/11/2006 2:08:42 PM HS 2 C:\WINDOWS\system32\taskkill.com ()
10/21/2006 5:45:58 PM H 897024 C:\WINDOWS\system32\config\system.LOG ()
10/21/2006 5:45:58 PM H 86016 C:\WINDOWS\system32\config\software.LOG ()
10/21/2006 5:45:58 PM H 16384 C:\WINDOWS\system32\config\default.LOG ()
10/21/2006 5:47:22 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
10/21/2006 5:46:48 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
10/13/2006 9:13:34 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
10/20/2006 5:11:24 PM H 1024 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG ()
10/09/2006 6:15:46 PM S 124 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019 ()
10/09/2006 6:15:48 PM S 120 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1 ()
10/09/2006 6:15:46 PM S 269112 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019 ()
10/09/2006 6:15:48 PM S 29282 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1 ()
10/12/2006 6:16:38 PM HS 956 C:\WINDOWS\system32\qsbrtfqjdg\csrss.ini ()
09/18/2006 3:40:26 PM S 8847 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925486.cat ()
09/04/2006 7:38:52 AM S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924496.cat ()
08/25/2006 6:06:28 PM S 13285 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923191.cat ()
09/13/2006 6:23:54 AM S 9435 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924191.cat ()
09/29/2006 2:37:54 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
09/29/2006 2:37:54 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\4ce4a503-ae92-409f-a80b-e140704ae5cb ()
09/15/2006 1:46:24 PM H 36518 C:\WINDOWS\Help\peg.GID ()
10/21/2006 5:45:54 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()
10/21/2006 5:50:10 PM H 330 C:\WINDOWS\Tasks\MP Scheduled Scan.job ()

Checking for CPL files...
08/04/2004 8:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
08/04/2004 8:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
03/31/2003 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
08/04/2004 8:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
08/04/2004 8:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
03/31/2003 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
12/22/2003 9:28:12 AM 69632 C:\WINDOWS\SYSTEM32\mbllnk.cpl (AvantGo, Inc.)
03/31/2003 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
08/04/2004 8:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
08/26/2005 6:14:42 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
08/04/2004 8:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
06/18/2004 4:32:34 PM 15684608 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
05/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
08/04/2004 8:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
08/04/2004 8:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
08/04/2004 8:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
08/04/2004 8:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
08/04/2004 8:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
08/04/2004 8:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
08/04/2004 8:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
08/04/2004 8:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
08/04/2004 8:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
08/04/2004 8:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
08/04/2004 8:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
08/04/2004 8:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
03/31/2003 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
03/31/2003 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
03/31/2003 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/s...irector/sw.cab
{556DDE35-E955-11D0-A707-000000521957} - - CodeBase = http://www.xblock.com/download/xclean_micro.exe
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - BDSCANONLINE Control - CodeBase = http://www.bitdefender.co.uk/scan8/oscan8.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_05 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/actives...ree/asinst.cab
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - Java Plug-in 1.5.0_05 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object - CodeBase = http://fpdownload.macromedia.com/get...sh/swflash.cab
{E055C02E-6258-40FF-80A7-3BDA52FACAD7} - - CodeBase = http://activex.matcash.com/speedtest2.dll

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
06/06/2006 6:47:34 PM 1665 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ()
08/18/2004 10:29:42 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
01/19/2006 5:43:10 PM 750 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk ()
10/14/2004 6:35:22 AM 1638 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ()
08/16/2005 10:48:04 AM 1426 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
08/18/2004 10:22:14 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
10/20/2006 7:50:06 PM 3151 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
10/12/2006 5:35:46 PM HS 80 C:\Documents and Settings\Dominic\Start Menu\Programs\Startup\csrss.lnk ()
08/18/2004 10:29:42 AM HS 84 C:\Documents and Settings\Dominic\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
08/18/2004 10:22:14 AM HS 62 C:\Documents and Settings\Dominic\Application Data\desktop.ini ()
09/12/2005 9:00:28 PM 41368 C:\Documents and Settings\Dominic\Application Data\GDIPFONTCACHEV1.DAT ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
\\Search Page - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
\\Default_Page_URL - http://www.tiscali.co.uk/broadband
\\Default_Search_URL - http://www.google.com/ie
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.virushelpzone.com/
\\Search Bar - http://www.google.com/ie
\\Search Page - http://www.google.com
\\Default_Page_URL - http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/en-gb/srchasst/srchcust.htm
\\SearchAssistant - http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
\\SearchAssistant - http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects]
\{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar2.dll (Google Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - = ()
\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - = ()
\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} - = ()
\WebBrowser\\{C004DEC2-2623-438E-9CA2-C9043AB28508} - = ()
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\NEXTID - 8218
\\{C2A80015-C447-4dc4-82DD-AED83D6ED57E} - 8193 =
\\{3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - 8194 =
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8196 =
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8197 =
\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - 8198 =
\\{B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - 8199 =
\\{77E68763-4284-41d6-B7E7-B6E1F053A9E7} - 8200 =
\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} - 8201 =
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8202 =
\\{EFFF8D47-D060-4108-B761-E8EC86622E56} - 8203 =
\\{437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - 8204 =
\\{7F2F6F5A-CAE2-4954-A461-36B3757B2BFB} - 8205 =
\\{94148DB5-B42D-4915-95DA-2CBB4F7095BF} - 8206 =
\\{FB389F33-303A-4490-9E18-B301A493FBF2} - 8207 =
\\{B723B1B8-9788-4684-ADA7-D1DB02E1D516} - 8208 =
\\{D45D9D5F-B491-4c95-8B05-FA6B6C69CA82} - 8209 =
\\{FA4904B4-1FAF-4afd-886C-C19D2297BA62} - 8210 =
\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - 8211 =
\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - 8212 =
\\{49783ED4-258D-4f9f-BE11-137C18D3E543} - 8213 =
\\{6FDD5236-C9F0-49ef-935D-385F5E21991A} - 8214 =
\\{24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - 8215 =
\\{e2e2dd38-d088-4134-82b7-f2ba38496583} - 8216 =
\\{85d1f590-48f4-11d9-9669-0800200c9a66} - 8217 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{7F2F6F5A-CAE2-4954-A461-36B3757B2BFB} - ButtonText: Stan James Poker.com Poker = C:\Program Files\stanjamesgibMPP\MPPoker.exe (Microgaming)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{2F603045-309F-11CF-9774-0020AFD0CFF6} - Synaptics Control Panel = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics, Inc.)
\\{53DA580E-D78C-11D2-A00C-00A0C91771EF} - Image Categories = C:\WINDOWS\system32\Categories.dll ()
\\{04055D60-93D3-11D1-B8CC-00409524F097} - Image Folder = ()
\\{7FC7C9B0-FED7-11D1-8F70-00409524F097} - PackedImageFolder = ()
\\{F93F5F63-423F-11D2-8D61-00605206619F} - Search Result = ()
\\{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
\\{A5110426-177D-4e08-AB3F-785F10B4439C} - Sony Ericsson File Manager = C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll (Sony Ericsson Mobile Communications AB)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMen uHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMen uHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
csrss - Reg Data missing or invalid ()
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
StartupDelayer - C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe (r2 studios)
!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)
Windows Defender - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalCo mponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnc e]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
csrss - Reg Data missing or invalid ()
H/PC Connection Agent - C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Dominic\Start Menu\Programs\Startup\csrss.lnk - Reg Data missing or invalid ()
C:\Documents and Settings\Dominic\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\sv1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)
\\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - Microsoft AntiMalware ShellExecuteHook = C:\PROGRA~1\WINDOW~4\MpShHook.dll (Microsoft Corporation)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Share dTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\Userinit.exe
\\Shell = explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{23A5C266-C2B3-4B0D-A7BD-EA35379737F7} - (Realtek RTL8139/810x Family Fast Ethernet NIC)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Na meSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Pr otocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Dom_B · 21-Oct-2006, 02:02 PM **#28**

Logfile of HijackThis v1.99.1
Scan saved at 6:02:22 PM, on 10/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virushelpzone.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Stan James Poker.com Poker - {7F2F6F5A-CAE2-4954-A461-36B3757B2BFB} - C:\Program Files\stanjamesgibMPP\MPPoker.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{38BD9D07-A9C6-459B-A578-D6F18B687C52}: NameServer = 80.225.255.50 80.225.255.58
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

**Cookiegal** · 21-Oct-2006, 03:23 PM **#29**

Please download Brute Force Uninstaller to your desktop.

Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C: or whatever your primary drive is)
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with this yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

Then, please go to Start > My Computer and navigate to the C:\BFU folder.

Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
Press Execute and let the program do its job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

Reboot into normal windows.

Come back here and post a new HijackThis log along with a new WinpFind log. Last time you omitted to select the add-ons I requested so please be sure to include them this time.

Dom_B · 23-Oct-2006, 10:28 AM **#30**

Logfile of HijackThis v1.99.1
Scan saved at 1:58:20 PM, on 10/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virushelpzone.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Stan James Poker.com Poker - {7F2F6F5A-CAE2-4954-A461-36B3757B2BFB} - C:\Program Files\stanjamesgibMPP\MPPoker.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 1:55:40 PM, on 10/23/2006

Option Unload Explorer: Yes
Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Deskbar\deskbar.dll|1 (file not found)
Failed: DllUnregister \asappsrv.dll|1 (file not found)
Failed: DllUnregister \MyToolBar.dll (file not found)
Failed: ServiceStop Network Monitor (service not found)
Failed: ServiceStop cmdService (service not found)
Failed: ServiceDisable Network Monitor (service not found)
Failed: ServiceDisable cmdService (service not found)
Failed: ServiceDelete Network Monitor (service not found)
Failed: ServiceDelete cmdService (service not found)
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|winlog (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRis kFileTypes (key not found)
Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
Failed: FolderDelete C:\Program Files\outlook (folder not found)
Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\MyToolBar.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\MyToolBar.dll (operation failed)
Failed: FolderDelete C:\Program Files\toolbar888 (folder not found)
Failed: FolderDelete C:\Program Files\e-mailpaysu toolbar (folder not found)
Failed: FolderDelete C:\Program Files\EMUSIC TOOLBAR (folder not found)
Failed: FolderDelete C:\Program Files\find dvd toolbar (folder not found)
Failed: FolderDelete C:\Program Files\GULESIDER VERKTøYLINJE (folder not found)
Failed: FolderDelete C:\Program Files\sesam-p4 toolbar (folder not found)
Failed: FolderDelete C:\Program Files\slownik ling (folder not found)
Failed: FolderDelete C:\Program Files\MediaPipe (folder not found)
Failed: FolderDelete C:\Program Files\p2pnetworks (folder not found)
Failed: FileDelete C:\DOCUME~1\Dominic\LOCALS~1\Temp\BFU.exe (operation failed)
Failed: FileDelete C:\DOCUME~1\Dominic\LOCALS~1\Temp\~DF4ED4.tmp (operation failed)
Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
Failed: FolderDelete C:\Program Files\DNS (folder not found)
Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderDelete C:\Program Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)
Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)
Failed: FolderDelete C:\Program Files\Update06 (folder not found)
Failed: FolderDelete C:\Program Files\Update03 (folder not found)
Failed: FolderDelete C:\Program Files\Update04 (folder not found)
Failed: FolderDelete C:\Program Files\Update08 (folder not found)
Failed: FolderDelete C:\Program Files\W-Update (folder not found)
Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)
Failed: FolderDelete C:\Program Files\Cas (folder not found)
Failed: FolderDelete C:\Program Files\CasStub (folder not found)
Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
Failed: FolderDelete C:\Program Files\ipwins (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\Snowball Wars (folder not found)
Failed: FolderDelete C:\temp (folder not found)
Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)
Failed: FolderDelete C:\WINDOWS\system32\crunner (folder not found)
Failed: FolderDelete C:\Program Files\PECarlin (folder not found)
Failed: FolderDelete C:\Program Files\AXVenore (folder not found)
Failed: FolderDelete C:\Program Files\SDVita (folder not found)
Failed: FolderDelete C:\Program Files\EQBranch (folder not found)
Failed: FolderDelete C:\Program Files\EQArticle (folder not found)
Failed: FolderDelete C:\Program Files\PSHope (folder not found)
Failed: FolderDelete C:\Program Files\Batty (folder not found)
Failed: FolderDelete C:\Program Files\Batty2 (folder not found)
Failed: FolderDelete C:\Program Files\AXFibula (folder not found)
Failed: FolderDelete C:\Program Files\CMFibula (folder not found)
Failed: FolderDelete C:\Program Files\PSLister (folder not found)
Failed: FolderDelete C:\Program Files\PSCloner (folder not found)
Failed: FolderDelete C:\Program Files\cmapp (folder not found)
Failed: FolderDelete C:\Program Files\cmman (folder not found)
Failed: FolderDelete C:\Program Files\cmsystem (folder not found)
Failed: FolderDelete C:\Program Files\fcengine (folder not found)
Failed: FolderDelete C:\Program Files\wincmapp (folder not found)
Failed: FolderDelete C:\Program Files\Deskbar\Cache (folder not found)
Failed: FolderDelete C:\Program Files\popupwithcast (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\cloader (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderCreate C:\bintheredunthat (folder already exists)
Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)
Script completed.

Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming graphics hard drive hardware hdmi internet laptop malware memory missing monitor motherboard network printer problem ram registry repair router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!