• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
pavlov

Blue Screen

24 posts in this topic

Windows XP. Was hit with some malware, tried to do a system restore to a previous point and got the blue screen.

 

Would at least like to get restored enough to get some pictures and other files off of the machine and onto a separate storage drive. Once that's done, I am not opposed to re-installing windows if necessary.

 

I have the OS boot disk from the manufacturer. How shall I proceed?

 

Thanks in advance.

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

 

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

Boot with the Manufacturers disk.

 

What are your options?

 

Any thing that says to restore a previous good installation?

Share this post


Link to post
Share on other sites

Hi,

 

Boot with the Manufacturers disk.

 

What are your options?

 

Any thing that says to restore a previous good installation?

 

Thanks for the response.

 

"Boot with the Manufacturers disk" might sound real easy, but I may need a little coaching to do that. I'll noodle around with it and see what I can figure out.

Share this post


Link to post
Share on other sites

So, I think I booted properly from the disk.

 

Here's the three options I got:

 

To setup windows xp now press enter

 

To repair a windows xp installation using recovery console press R

 

To quit setup without installing windows xp press F3

 

I pressed R for repair.

 

It took me to a DOS screen which advised me what I was doing and listed the operating system installations on the machine (one) and asked me which one I wanted to log on to. I selected the only option listed as:

 

1: C:\WINDOWS

 

It then asked me to type the administrators password. Having never set such a password on the machine I just hit enter. It took me to prompt like this:

 

C:\WINDOWS>_

 

No idea what I would do next.

Share this post


Link to post
Share on other sites

I have to agree with you there is always some risks.

 

Look at this link it may give your some additional information, let me know if you need some further help.

 

http://www.michaelstevenstech.com/XPrepairinstall.htm

Her's what came up on HJT log. Really struggling with PC. IE won't launch outside of safe mode, machine really slow. Tried to install latest HJT, but not sure it worked. Next steps?

 

Logfile of HijackThis v1.99.0

Scan saved at 11:06:05 PM, on 1/31/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\Explorer.EXE

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\RunOnce: [RunNarrator] Narrator.exe

O4 - HKCU\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - https://healthweb.stjohn.org/nps/portal/gadgets/com.novell.nps.gadgets.shortcut.ShortcutGadget/,DanaInfo=.acxBvnmyGkxw+LocalExec.CAB

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe

O16 - DPF: {473EB4B9-6641-4FE4-9A0D-AB0EFAE34FA8} (ELSReg Class) - http://mobile.mdconsult.com/installer/ELSProxy.cab

O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188252694812

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://healthweb.stjohn.org/dana-cached/setup/JuniperSetupSP1.cab

O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Juniper Network Connect Service - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Share this post


Link to post
Share on other sites

Try these fixes.

 

Method 1: Microsoft Internet Explorer 6.x Repair for Windows XP

 

From the Start menu, select Run.

In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)

Select the OK button.

Follow the prompts throughout the System File Checker process.

Reboot the computer when System File Checker completes.

 

Method 2: Microsoft Internet Explorer 6.x Repair for Windows XP

 

From the Start menu, select Search, select All Files and Folders.

Select More Advanced Options and place a checkmark beside Search Hidden Files and Folders option.

Ensure that Search System Folders and Search Subfolders are also checked.

In the All or Part of the File Name box, type ie.inf

In the Look In drop-down menu, select C: or the letter of the hard drive that contains the Windows folder.

Click the Search button.

In the search results pane, find the ie.inf file located in Windows\Inf folder.

Right click the ie.inf file and click Install on the context menu.

Reboot the computer when the file copy process is complete.

 

========

 

HijackThis is still an old version.

 

Can you somehow download, install and run this tool.

 

Random's System Information Tool (RSIT)

 

Download random's system information tool (RSIT) by random/random from >>here<< and save it to your desktop.

  • Double click on RSIT.exe to launch program.
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.

 

These reports are long, please post the contents of both logs (in separate post) in your next reply.

====

Share this post


Link to post
Share on other sites

Logfile of random's system information tool 1.06 (written by random/random)

Run by Yvonne at 2010-02-01 19:50:50

Microsoft Windows XP Home Edition Service Pack 2

System drive C: has 9 GB (23%) free of 38 GB

Total RAM: 511 MB (45% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:51:31 PM, on 2/1/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Dell\Support\Alert\bin\DAMon.exe

C:\Program Files\QuickTime\QTTask.exe

C:\WINDOWS\system32\WDBtnMgr.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\My Book\WD Backup\uBBMonitor.exe

C:\Program Files\Handspring\Hotsync.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\update\update.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\DOCUME~1\Yvonne\LOCALS~1\Temp\Google Toolbar\gtb13.tmp.exe

C:\Documents and Settings\Yvonne\Desktop\RSIT.exe

C:\Program Files\trend micro\Yvonne.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.msu.edu:8080

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\YVONNE\Application Data\Mozilla\Profiles\default\y6i6xdvh.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\YVONNE\Application Data\Mozilla\Profiles\default\y6i6xdvh.slt\prefs.js)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\Hotsync.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: http://secureaccess.botsford.org

O15 - Trusted Zone: *.dmc.org

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - https://healthweb.stjohn.org/nps/portal/gadgets/com.novell.nps.gadgets.shortcut.ShortcutGadget/,DanaInfo=.acxBvnmyGkxw+LocalExec.CAB

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe

O16 - DPF: {473EB4B9-6641-4FE4-9A0D-AB0EFAE34FA8} (ELSReg Class) - http://mobile.mdconsult.com/installer/ELSProxy.cab

O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188252694812

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://healthweb.stjohn.org/dana-cached/setup/JuniperSetupSP1.cab

O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O24 - Desktop Component 0: (no name) - http://racing-games.heavygames.com/i/hg_back4.gif

O24 - Desktop Component 1: (no name) - http://scoobydoo.kidswb.com/images/background_tile_r1.jpg

 

--

End of file - 12875 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job

C:\WINDOWS\tasks\Norton Security Scan.job

C:\WINDOWS\tasks\Symantec NetDetect.job

C:\WINDOWS\tasks\WebReg 20071022061614.job

C:\WINDOWS\tasks\{3D461E08-C203-4EE3-822D-C5BFEF2DCD78}_YVONNE_Yvonne.job

C:\WINDOWS\tasks\{AFBD33A0-A3EE-477A-956E-29005FB218DC}_YVONNE_Yvonne.job

C:\WINDOWS\tasks\{ED4DD8A6-EC5B-49E8-8E4C-0B79912B6E30}_YVONNE_Yvonne.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]

SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-04-21 2549368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2010-01-31 764912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

CNavExtBho Class - C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-02-27 102400]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-31 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-31 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

C:\Program Files\Microsoft Money\System\mnyviewer.dll [2001-07-25 143420]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-02-27 102400]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-04-21 2549368]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Dell|Alert"=C:\Program Files\Dell\Support\Alert\bin\DAMon.exe [2002-07-11 270336]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]

"nwiz"=nwiz.exe /install []

"WD Button Manager"=C:\WINDOWS\system32\WDBtnMgr.exe [2007-08-27 364544]

"!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]

""= []

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-08-16 236016]

"QuickFinder Scheduler"=C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE [2003-03-07 77887]

"NAV Agent"=C:\PROGRA~1\NORTON~1\navapw32.exe [2002-02-27 75384]

"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2009-03-18 95960]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-31 149280]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-10-06 5058560]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2004-02-03 401491]

"Mobipocket Web Companion"=C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe [2005-07-13 1859584]

"CTFMONSS"= []

"CSRSSW"= []

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-10-09 68856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2007-09-26 267064]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

C:\Program Files\Microsoft Money\System\Money Express.exe [2001-07-25 184376]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]

C:\Program Files\Microsoft Money\System\Activation.exe [2001-07-25 241714]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]

C:\PROGRA~1\AMERIC~1.0\aoltray.exe [2001-11-26 32839]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

WD Backup Monitor.lnk - C:\Program Files\My Book\WD Backup\uBBMonitor.exe

 

C:\Documents and Settings\Yvonne\Start Menu\Programs\Startup

HotSync Manager.lnk - C:\Program Files\Handspring\Hotsync.exe

SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager"

"C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE"="C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

======List of files/folders created in the last 3 months======

 

2010-02-01 19:50:56 ----D---- C:\Program Files\trend micro

2010-02-01 19:50:50 ----D---- C:\rsit

2010-02-01 19:38:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

2010-02-01 19:37:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2010-02-01 19:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$

2010-02-01 19:23:57 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$

2010-02-01 19:22:04 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$

2010-02-01 19:21:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$

2010-02-01 19:21:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$

2010-02-01 19:20:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

2010-02-01 19:19:37 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$

2010-02-01 19:19:17 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$

2010-02-01 19:18:54 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

2010-02-01 19:17:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$

2010-02-01 19:15:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$

2010-02-01 19:15:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$

2010-02-01 19:14:45 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$

2010-02-01 19:13:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$

2010-02-01 19:12:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$

2010-02-01 19:12:27 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$

2010-02-01 19:10:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$

2010-02-01 19:10:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

2010-02-01 19:10:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2010-02-01 19:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

2010-02-01 19:09:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$

2010-02-01 19:08:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$

2010-02-01 19:08:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

2010-02-01 19:07:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

2010-02-01 19:06:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$

2010-02-01 19:06:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$

2010-02-01 19:06:08 ----HDC---- C:\WINDOWS\$NtUninstallKB885884$

2010-02-01 19:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$

2010-02-01 19:03:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$

2010-02-01 19:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

2010-02-01 19:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2010-02-01 19:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2010-02-01 19:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$

2010-02-01 19:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

2010-02-01 18:59:35 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$

2010-02-01 18:58:53 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$

2010-02-01 18:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

2010-02-01 18:07:34 ----A---- C:\WINDOWS\imsins.BAK

2010-02-01 18:07:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2010-01-31 23:02:08 ----A---- C:\WINDOWS\ntbtlog.txt

2010-01-31 22:47:38 ----D---- C:\Program Files\TrendMicro

2010-01-31 22:43:53 ----A---- C:\WINDOWS\system32\javaws.exe

2010-01-31 22:43:53 ----A---- C:\WINDOWS\system32\javaw.exe

2010-01-31 22:43:53 ----A---- C:\WINDOWS\system32\java.exe

2010-01-31 19:23:17 ----D---- C:\WINDOWS\Prefetch

2010-01-31 19:10:25 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest

2010-01-31 18:44:53 ----A---- C:\WINDOWS\system32\spxcoins.dll

2010-01-31 18:44:53 ----A---- C:\WINDOWS\system32\irclass.dll

2010-01-31 18:44:37 ----RA---- C:\WINDOWS\SET143.tmp

2010-01-31 18:44:37 ----RA---- C:\WINDOWS\SET142.tmp

2010-01-31 18:44:22 ----RA---- C:\WINDOWS\SET10F.tmp

2010-01-31 18:44:18 ----RA---- C:\WINDOWS\SET103.tmp

2010-01-31 18:44:15 ----RA---- C:\WINDOWS\SET100.tmp

2010-01-31 13:31:22 ----D---- C:\WINDOWS\dell

2009-11-08 10:22:59 ----A---- C:\WINDOWS\system32\OLD130.tmp

2009-11-08 10:16:39 ----A---- C:\WINDOWS\system32\OLDD6.tmp

2009-11-08 10:16:38 ----A---- C:\WINDOWS\system32\OLDD3.tmp

2009-11-08 10:16:37 ----A---- C:\WINDOWS\system32\OLDD0.tmp

2009-11-08 10:16:36 ----A---- C:\WINDOWS\system32\OLDCD.tmp

2009-11-08 10:16:35 ----A---- C:\WINDOWS\system32\OLDCA.tmp

2009-11-08 10:16:35 ----A---- C:\WINDOWS\system32\OLDC7.tmp

2009-11-08 10:16:34 ----A---- C:\WINDOWS\system32\OLDC4.tmp

2009-11-08 10:16:33 ----A---- C:\WINDOWS\system32\OLDC1.tmp

2009-11-08 10:16:32 ----A---- C:\WINDOWS\system32\OLDBE.tmp

2009-11-08 10:16:30 ----A---- C:\WINDOWS\system32\OLDBB.tmp

2009-11-08 10:15:23 ----A---- C:\WINDOWS\OLDB8.tmp

2009-11-08 10:14:41 ----D---- C:\WINDOWS\LastGood(3)

2009-11-08 10:10:05 ----D---- C:\WINDOWS\system32\CatRoot_bak

2009-11-08 10:08:58 ----A---- C:\WINDOWS\system32\OLD69.tmp

2009-11-08 10:08:57 ----A---- C:\WINDOWS\system32\OLD66.tmp

2009-11-08 10:08:56 ----A---- C:\WINDOWS\system32\OLD63.tmp

2009-11-08 10:08:55 ----A---- C:\WINDOWS\system32\OLD60.tmp

2009-11-08 10:08:54 ----A---- C:\WINDOWS\system32\OLD5D.tmp

2009-11-08 10:08:53 ----A---- C:\WINDOWS\system32\OLD5A.tmp

2009-11-08 10:08:52 ----A---- C:\WINDOWS\system32\OLD57.tmp

2009-11-08 10:08:51 ----A---- C:\WINDOWS\system32\OLD54.tmp

2009-11-08 10:08:49 ----A---- C:\WINDOWS\system32\OLD51.tmp

2009-11-08 10:08:49 ----A---- C:\WINDOWS\system32\OLD4E.tmp

2009-11-08 10:08:48 ----A---- C:\WINDOWS\system32\OLD4B.tmp

2009-11-08 10:08:47 ----A---- C:\WINDOWS\system32\OLD48.tmp

2009-11-08 10:08:46 ----A---- C:\WINDOWS\system32\OLD45.tmp

2009-11-08 10:08:44 ----A---- C:\WINDOWS\system32\OLD42.tmp

2009-11-08 10:08:43 ----A---- C:\WINDOWS\system32\OLD3F.tmp

2009-11-08 10:08:42 ----A---- C:\WINDOWS\system32\OLD3C.tmp

2009-11-08 10:08:39 ----A---- C:\WINDOWS\system32\OLD39.tmp

2009-11-08 10:08:38 ----A---- C:\WINDOWS\system32\OLD36.tmp

2009-11-08 10:08:37 ----A---- C:\WINDOWS\system32\OLD33.tmp

2009-11-08 10:08:36 ----A---- C:\WINDOWS\system32\OLD30.tmp

2009-11-08 10:08:35 ----A---- C:\WINDOWS\system32\OLD2D.tmp

2009-11-08 10:08:34 ----A---- C:\WINDOWS\system32\OLD2A.tmp

2009-11-08 10:08:33 ----A---- C:\WINDOWS\system32\OLD27.tmp

2009-11-08 10:08:32 ----A---- C:\WINDOWS\system32\OLD24.tmp

2009-11-08 10:08:31 ----A---- C:\WINDOWS\system32\OLD21.tmp

2009-11-08 10:08:30 ----A---- C:\WINDOWS\system32\OLD1E.tmp

2009-11-08 10:08:30 ----A---- C:\WINDOWS\system32\OLD1B.tmp

2009-11-08 10:08:28 ----A---- C:\WINDOWS\OLD18.tmp

2009-11-08 10:06:20 ----D---- C:\WINDOWS\LastGood(2)

 

======List of files/folders modified in the last 3 months======

 

2010-02-01 19:50:56 ----RAD---- C:\Program Files

2010-02-01 19:49:40 ----D---- C:\WINDOWS\Microsoft.NET

2010-02-01 19:49:32 ----RSD---- C:\WINDOWS\assembly

2010-02-01 19:47:10 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-02-01 19:46:14 ----D---- C:\WINDOWS\SYSTEM32

2010-02-01 19:46:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-02-01 19:45:55 ----D---- C:\WINDOWS\system32\CatRoot

2010-02-01 19:45:54 ----D---- C:\WINDOWS\system32\CatRoot2

2010-02-01 19:42:34 ----D---- C:\WINDOWS\Temp

2010-02-01 19:42:29 ----HD---- C:\WINDOWS

2010-02-01 19:41:30 ----D---- C:\Program Files\Common Files

2010-02-01 19:40:57 ----RSHDC---- C:\WINDOWS\system32\DLLCACHE

2010-02-01 19:40:57 ----D---- C:\WINDOWS\system32\WBEM

2010-02-01 19:40:57 ----D---- C:\WINDOWS\AppPatch

2010-02-01 19:39:07 ----HD---- C:\WINDOWS\INF

2010-02-01 19:39:02 ----D---- C:\WINDOWS\system32\DRIVERS

2010-02-01 19:35:07 ----SHD---- C:\WINDOWS\Installer

2010-02-01 19:35:06 ----SHD---- C:\Config.Msi

2010-02-01 19:31:24 ----D---- C:\WINDOWS\WinSxS

2010-02-01 19:24:19 ----D---- C:\Program Files\Internet Explorer

2010-02-01 19:22:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$

2010-02-01 19:21:28 ----HD---- C:\WINDOWS\$hf_mig$

2010-02-01 19:18:29 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$

2010-02-01 19:09:15 ----D---- C:\Program Files\Outlook Express

2010-02-01 19:05:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$

2010-02-01 19:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$

2010-02-01 19:01:29 ----D---- C:\WINDOWS\SECURITY

2010-02-01 19:00:00 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

2010-02-01 18:11:50 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$

2010-02-01 18:08:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$

2010-01-31 23:17:39 ----D---- C:\hijackthis

2010-01-31 23:02:36 ----D---- C:\Documents and Settings

2010-01-31 22:43:29 ----A---- C:\WINDOWS\system32\deploytk.dll

2010-01-31 22:43:24 ----D---- C:\Program Files\Java

2010-01-31 22:39:26 ----D---- C:\WINDOWS\Debug

2010-01-31 22:28:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-01-31 22:28:37 ----DC---- C:\WINDOWS\$NtUninstallKB952004$(2)

2010-01-31 19:27:40 ----D---- C:\WINDOWS\Registration

2010-01-31 19:25:05 ----D---- C:\WINDOWS\SoftwareDistribution

2010-01-31 19:25:02 ----D---- C:\WINDOWS\Help

2010-01-31 19:23:24 ----SHD---- C:\System Volume Information

2010-01-31 19:23:24 ----D---- C:\WINDOWS\system32\Restore

2010-01-31 19:22:26 ----D---- C:\WINDOWS\system32\CONFIG

2010-01-31 19:11:44 ----A---- C:\WINDOWS\ODBCINST.INI

2010-01-31 19:11:12 ----D---- C:\WINDOWS\system32\IAS

2010-01-31 19:10:29 ----RD---- C:\WINDOWS\Web

2010-01-31 19:10:15 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest

2010-01-31 19:09:56 ----A---- C:\WINDOWS\WIN.INI

2010-01-31 19:09:48 ----D---- C:\WINDOWS\system32\OOBE

2010-01-31 19:09:47 ----D---- C:\Program Files\Windows Media Player

2010-01-31 19:09:26 ----D---- C:\WINDOWS\system32\Com

2010-01-31 19:06:47 ----SH---- C:\boot.ini

2010-01-31 18:50:53 ----D---- C:\WINDOWS\system32\ReinstallBackups

2010-01-31 18:49:09 ----D---- C:\DRIVERS

2010-01-31 18:45:01 ----A---- C:\WINDOWS\SYSTEM.INI

2010-01-31 18:44:38 ----ASH---- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI

2010-01-31 13:39:13 ----D---- C:\WINDOWS\SYSTEM

2010-01-31 13:39:12 ----D---- C:\WINDOWS\system32\Setup

2010-01-31 13:39:02 ----D---- C:\WINDOWS\system32\USMT

2010-01-31 13:38:49 ----D---- C:\WINDOWS\IME

2010-01-31 13:38:48 ----RSD---- C:\WINDOWS\Fonts

2010-01-31 13:38:48 ----D---- C:\WINDOWS\Media

2010-01-31 13:38:34 ----D---- C:\WINDOWS\peernet

2010-01-31 13:38:17 ----D---- C:\WINDOWS\system32\NPP

2010-01-31 13:38:08 ----D---- C:\WINDOWS\MSAGENT

2010-01-31 13:34:33 ----D---- C:\WINDOWS\TWAIN_32

2010-01-31 13:33:24 ----D---- C:\WINDOWS\system32\ICSXML

2010-01-31 13:32:39 ----D---- C:\WINDOWS\system32\1033

2010-01-31 13:31:22 ----D---- C:\WINDOWS\Driver Cache

2009-12-22 00:42:49 ----A---- C:\WINDOWS\system32\wininet.dll

2009-12-22 00:42:49 ----A---- C:\WINDOWS\system32\urlmon.dll

2009-12-22 00:42:48 ----A---- C:\WINDOWS\system32\shdocvw.dll

2009-12-22 00:42:48 ----A---- C:\WINDOWS\system32\pngfilt.dll

2009-12-22 00:42:48 ----A---- C:\WINDOWS\system32\mstime.dll

2009-12-22 00:42:47 ----A---- C:\WINDOWS\system32\msrating.dll

2009-12-22 00:42:47 ----A---- C:\WINDOWS\system32\mshtmled.dll

2009-12-22 00:42:47 ----A---- C:\WINDOWS\system32\mshtml.dll

2009-12-22 00:42:45 ----A---- C:\WINDOWS\system32\jsproxy.dll

2009-12-22 00:42:45 ----A---- C:\WINDOWS\system32\inseng.dll

2009-12-22 00:42:45 ----A---- C:\WINDOWS\system32\iepeers.dll

2009-12-22 00:42:45 ----A---- C:\WINDOWS\system32\ieencode.dll

2009-12-22 00:42:45 ----A---- C:\WINDOWS\system32\extmgr.dll

2009-12-22 00:42:45 ----A---- C:\WINDOWS\system32\dxtrans.dll

2009-12-22 00:42:44 ----A---- C:\WINDOWS\system32\dxtmsft.dll

2009-12-22 00:42:44 ----A---- C:\WINDOWS\system32\danim.dll

2009-12-22 00:42:43 ----A---- C:\WINDOWS\system32\cdfview.dll

2009-12-22 00:42:43 ----A---- C:\WINDOWS\system32\browseui.dll

2009-12-16 08:33:58 ----A---- C:\WINDOWS\system32\xpsp3res.dll

2009-12-08 04:13:51 ----A---- C:\WINDOWS\system32\shlwapi.dll

2009-11-08 10:23:15 ----D---- C:\Neuroworks

2009-11-08 10:22:48 ----DC---- C:\WINDOWS\$NtUninstallKB969059$

2009-11-08 10:22:34 ----DC---- C:\WINDOWS\$NtUninstallKB974455$

2009-11-08 10:20:05 ----D---- C:\WINDOWS\ehome

2009-11-08 10:15:23 ----D---- C:\Program Files\Common Files\System

2009-11-08 10:14:53 ----D---- C:\Program Files\Windows NT

2009-11-08 10:14:49 ----D---- C:\Program Files\NetMeeting

2009-11-08 10:14:41 ----D---- C:\WINDOWS\SRCHASST

2009-11-08 10:14:30 ----D---- C:\Program Files\Movie Maker

2009-11-08 10:11:03 ----D---- C:\WINDOWS\system32\bits

2009-11-08 10:10:30 ----D---- C:\WINDOWS\network diagnostic

2009-11-08 10:10:24 ----D---- C:\Program Files\Messenger

2009-11-08 10:10:05 ----DC---- C:\WINDOWS\$NtUninstallKB923561$(2)

2009-11-08 10:10:03 ----DC---- C:\WINDOWS\$NtUninstallKB938464$(3)

2009-11-08 10:10:02 ----DC---- C:\WINDOWS\$NtUninstallKB950759$(3)

2009-11-08 10:10:02 ----DC---- C:\WINDOWS\$NtUninstallKB946648$(3)

2009-11-08 10:09:59 ----DC---- C:\WINDOWS\$NtUninstallKB950762$(3)

2009-11-08 10:09:57 ----DC---- C:\WINDOWS\$NtUninstallKB950974$(3)

2009-11-08 10:09:54 ----DC---- C:\WINDOWS\$NtUninstallKB951066$(3)

2009-11-08 10:09:53 ----DC---- C:\WINDOWS\$NtUninstallKB951376-v2$(3)

2009-11-08 10:09:53 ----DC---- C:\WINDOWS\$NtUninstallKB951376$(3)

2009-11-08 10:09:51 ----DC---- C:\WINDOWS\$NtUninstallKB951698$(3)

2009-11-08 10:09:50 ----DC---- C:\WINDOWS\$NtUninstallKB951748$(3)

2009-11-08 10:09:48 ----DC---- C:\WINDOWS\$NtUninstallKB952287$(3)

2009-11-08 10:09:47 ----DC---- C:\WINDOWS\$NtUninstallKB952954$(3)

2009-11-08 10:09:46 ----DC---- C:\WINDOWS\$NtUninstallKB953838$(3)

2009-11-08 10:09:45 ----DC---- C:\WINDOWS\$NtUninstallKB954211$(3)

2009-11-08 10:09:43 ----DC---- C:\WINDOWS\$NtUninstallKB954600$(3)

2009-11-08 10:09:42 ----DC---- C:\WINDOWS\$NtUninstallKB974112$(3)

2009-11-08 10:09:40 ----DC---- C:\WINDOWS\$NtUninstallKB955069$(3)

2009-11-08 10:09:39 ----DC---- C:\WINDOWS\$NtUninstallKB956390$(3)

2009-11-08 10:09:38 ----DC---- C:\WINDOWS\$NtUninstallKB956572$(2)

2009-11-08 10:09:34 ----DC---- C:\WINDOWS\$NtUninstallKB956802$(3)

2009-11-08 10:09:33 ----DC---- C:\WINDOWS\$NtUninstallKB956803$(3)

2009-11-08 10:09:32 ----DC---- C:\WINDOWS\$NtUninstallKB956844$(2)

2009-11-08 10:09:32 ----DC---- C:\WINDOWS\$NtUninstallKB956841$(3)

2009-11-08 10:09:31 ----DC---- C:\WINDOWS\$NtUninstallKB957095$(3)

2009-11-08 10:09:30 ----DC---- C:\WINDOWS\$NtUninstallKB957097$(3)

2009-11-08 10:09:29 ----DC---- C:\WINDOWS\$NtUninstallKB958215$(3)

2009-11-08 10:09:26 ----DC---- C:\WINDOWS\$NtUninstallKB958644$(3)

2009-11-08 10:09:25 ----DC---- C:\WINDOWS\$NtUninstallKB958687$(2)

2009-11-08 10:09:24 ----DC---- C:\WINDOWS\$NtUninstallKB958690$(2)

2009-11-08 10:09:23 ----DC---- C:\WINDOWS\$NtUninstallKB959426$(2)

2009-11-08 10:09:21 ----DC---- C:\WINDOWS\$NtUninstallKB960225$(2)

2009-11-08 10:09:19 ----DC---- C:\WINDOWS\$NtUninstallKB960714$(3)

2009-11-08 10:09:18 ----DC---- C:\WINDOWS\$NtUninstallKB960803$(2)

2009-11-08 10:09:17 ----DC---- C:\WINDOWS\$NtUninstallKB961118$(2)

2009-11-08 10:09:17 ----DC---- C:\WINDOWS\$NtUninstallKB960859$(2)

2009-11-08 10:09:16 ----DC---- C:\WINDOWS\$NtUninstallKB961371$(2)

2009-11-08 10:09:15 ----DC---- C:\WINDOWS\$NtUninstallKB961373$(2)

2009-11-08 10:09:14 ----DC---- C:\WINDOWS\$NtUninstallKB961501$(2)

2009-11-08 10:09:13 ----DC---- C:\WINDOWS\$NtUninstallKB963027$(2)

2009-11-08 10:09:11 ----DC---- C:\WINDOWS\$NtUninstallKB974455$(3)

2009-11-08 10:09:07 ----DC---- C:\WINDOWS\$NtUninstallKB967715$(2)

2009-11-08 10:09:02 ----DC---- C:\WINDOWS\$NtUninstallKB968389$(2)

2009-11-08 10:08:57 ----DC---- C:\WINDOWS\$NtUninstallKB968537$(2)

2009-11-08 10:08:52 ----DC---- C:\WINDOWS\$NtUninstallKB969059$(2)

2009-11-08 10:08:49 ----DC---- C:\WINDOWS\$NtUninstallKB969897$(2)

2009-11-08 10:08:47 ----DC---- C:\WINDOWS\$NtUninstallKB970238$(2)

2009-11-08 10:08:43 ----DC---- C:\WINDOWS\$NtUninstallKB971486$(2)

2009-11-08 10:08:35 ----DC---- C:\WINDOWS\$NtUninstallKB971557$(2)

2009-11-08 10:08:33 ----DC---- C:\WINDOWS\$NtUninstallKB971633$(2)

2009-11-08 10:08:30 ----DC---- C:\WINDOWS\$NtUninstallKB971657$(2)

2009-11-08 10:08:28 ----DC---- C:\WINDOWS\$NtUninstallKB972260$(2)

2009-11-08 10:08:26 ----DC---- C:\WINDOWS\$NtUninstallKB973354$(2)

2009-11-08 10:08:22 ----DC---- C:\WINDOWS\$NtUninstallKB973507$(2)

2009-11-08 10:08:20 ----DC---- C:\WINDOWS\$NtUninstallKB973815$(2)

2009-11-08 10:08:18 ----DC---- C:\WINDOWS\$NtUninstallKB973869$(2)

2009-11-08 10:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$(2)

2009-11-08 10:08:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$(2)

2009-11-08 10:08:10 ----DC---- C:\WINDOWS\$NtUninstallKB974571$(2)

2009-11-08 10:08:07 ----DC---- C:\WINDOWS\$NtUninstallKB975025$(2)

2009-11-08 10:08:05 ----DC---- C:\WINDOWS\$NtUninstallKB975467$(2)

2009-11-08 10:06:35 ----D---- C:\Program Files\Google

2009-11-08 10:06:28 ----DC---- C:\WINDOWS\$NtUninstallKB954459$

2009-11-08 10:06:27 ----DC---- C:\WINDOWS\$NtUninstallKB973540_WM9$

2009-11-08 10:06:24 ----DC---- C:\WINDOWS\$NtUninstallKB956744$

2009-11-08 10:06:23 ----DC---- C:\WINDOWS\$NtUninstallKB951978$

2009-11-08 10:06:19 ----D---- C:\wallpaper and screensavers

2009-11-08 10:06:16 ----DC---- C:\WINDOWS\ie8

2009-11-04 03:01:41 ----D---- C:\WINDOWS\ie8updates

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []

R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]

R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-01-21 267384]

R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-07-17 8552]

R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\fallback.sys [2001-07-18 310899]

R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\fsksnt.sys [2001-07-18 127405]

R2 K56;K56; C:\WINDOWS\System32\DRIVERS\k56nt.sys [2001-07-18 426783]

R2 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2002-11-11 28100]

R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [1996-10-08 64000]

R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\faxnt.sys [2001-07-18 217019]

R2 SpeakerPhone;SpeakerPhone; C:\WINDOWS\System32\DRIVERS\spkpnt.sys [2001-07-18 80449]

R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\tonesnt.sys [2001-07-18 56607]

R2 V124;V124; C:\WINDOWS\System32\DRIVERS\v124nt.sys [2001-07-18 534125]

R3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [2001-07-18 77426]

R3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696]

R3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2008-07-21 23552]

R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]

R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2004-08-04 12160]

R3 NAVAP;NAVAP; \??\C:\WINDOWS\System32\Drivers\NAVAP.SYS []

R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20021113.004\NAVENG.Sys []

R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20021113.004\NavEx15.Sys []

R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-03-08 13780]

R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]

R3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\rksample.sys [2001-07-18 67654]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-04-04 459944]

R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []

R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-01-21 26424]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]

R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2001-09-27 28396]

R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2001-07-25 584336]

S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496]

S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]

S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [2001-06-20 4272]

S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []

S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]

S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-13 85969]

S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]

S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]

S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2002-06-27 16509]

S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S3 VisorUsb;Handspring USB; C:\WINDOWS\System32\DRIVERS\VisorUsb.sys []

S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2004-08-04 31744]

S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]

S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]

S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]

S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2004-08-04 13952]

S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-04 5504]

S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]

S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]

R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]

R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

R2 dsNcService;Juniper Network Connect Service; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [2008-07-21 423280]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-31 153376]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]

R2 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2002-02-27 116344]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2003-10-06 81920]

R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2001-11-26 65536]

S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-07-24 358896]

S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-08-16 309744]

S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-08-16 166384]

S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-09 138168]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]

S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-07-24 88560]

S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-08-16 1092080]

S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-01-21 206552]

S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

 

info.txt logfile of random's system information tool 1.06 2010-02-01 19:51:41

 

======Uninstall list======

 

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

-->MsiExec.exe /I{0ADEA8E1-B211-41B8-8DD4-D9A5FB04A5FA}

-->MsiExec.exe /I{267D350E-51AB-40B8-AF9F-DA7ED5687044}

-->MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}

-->MsiExec.exe /I{85BD5F12-49EF-4B40-B1E0-77D85F6E99BF}

-->MsiExec.exe /I{EA9741F6-A7F2-497B-BBE4-2ED0136649BE}

-->MsiExec.exe /X{C628EC93-8E17-4114-BCE7-2D181B93FA0F}

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{33AE85D9-0386-41AD-BD99-FDF3ABC19DBB}\Setup.exe" -l0x9 -L0x9anything

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55251924-B51C-4E66-8199-5258672518C5}\Setup.exe" -u -uninst -fUninst.isu -c"C:\Program Files\Epocrates\EssentialsPPC\Win32\Win32_Dll\AupdUnInstall.dll"

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

3D Groove Playback Engine-->RunDll32 C:\WINDOWS\DOWNLO~1\CONFLICT.1\GrooveAX.dll,_RemoveGroove@16

3DVIA player 4.1-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}

Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"

Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}

Adobe Reader 8.1.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}

Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\Install.log

America Online-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe

AOL Coach Version 1.0(Build:20011028.1)-->C:\WINDOWS\AolCInUn.exe

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe

BlackBerry Desktop Software 4.3-->MsiExec.exe /I{0D048BE8-AE02-4CB5-A428-616B9848E4A7}

BlackBerry Desktop Software 4.3-->MsiExec.exe /i{0D048BE8-AE02-4CB5-A428-616B9848E4A7}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

Citrix XenApp Web Plugin-->MsiExec.exe /X{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}

Conexant HSF V92 56K RTAD Speakerphone PCI Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0\HxFSETUP.EXE -U -IVEN_14F1&DEV_2016&SUBSYS_021913E0

Dell | Support-->MsiExec.exe /X{91E8A85F-2960-40ED-BA84-7F4567BB00C0}

Dell Picture Studio - Dell Image Expert-->MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}

Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}

Epocrates Essentials for Pocket PC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55251924-B51C-4E66-8199-5258672518C5}\Setup.exe" -u

Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly

Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF2

Share this post


Link to post
Share on other sites

The two previous steps you suggested, I did both. First one completed but IE would still not open, and system very sluggish. Second one completed and upon shutting down the XP installed 50 system upgrades. Maybe my re-install set me back a few years on windows updates. System still very sluggish. Getting notice of CPU usage at 100%. And getting Windows update notice icon.

 

However, had success with install of RSIT and success with the 2 logs posted above.

Share this post


Link to post
Share on other sites

; Purpose: Remove traces in the registry.

;

; Instructions: Copy and paste this text IN BOLD into a text editor such as Notepad.

;

; Save this text as Fix.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

""=-

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMONSS"=-

"CSRSSW"=-

 

; Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.

 

Delete the Fix.reg file when done.

===

 

Open HijackThis

Click: None of the above, just start the program.

Click: Config

Click: Misc Tools

Click: Open Process Manager. Look for both these processes in bold and click on Kill Process.

 

C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\update\update.exe

C:\DOCUME~1\Yvonne\LOCALS~1\Temp\Google Toolbar\gtb13.tmp.exe

 

Restart the computer normally.

 

Let me know what problem persists.

Share this post


Link to post
Share on other sites

Done. Seems to be working fine albeit a bit slow. Maybe it's because I'm not real used to this machine, but it seems slow. Fifteen seconds or so to launch IE or Firefox and have the home page (google) paint with a high speed cable modem connection.

 

Still getting windows message "updates are ready" including what appears to be SP3. Shall I allow it? The OS boot disk is SP2, and my fear is if I have to use it again in the very near future I may find myself needing to uninstall SP3 to use the boot disk. Thoughts?

 

Anything else from a "better safe than sorry" perspective?

 

Once we're done here, I'll load up on some anti-virus and firewall protection.

Share this post


Link to post
Share on other sites
Still getting windows message "updates are ready" including what appears to be SP3. Shall I allow it? The OS boot disk is SP2, and my fear is if I have to use it again in the very near future I may find myself needing to uninstall SP3 to use the boot disk. Thoughts?

 

Wait to install SP 3. When all is well you I suggest you do. Some security issues have been patched and you should install it when all is going well.

 

Now I have teatimer.exe using 124,348 k of memory and CPU Usage spiking to 100%, down to 5% and back up.

Please disable TeaTimer for now by doing the following:

  • Run Spybot-S&D
  • Go to the Mode menu , and make sure "Advanced Mode " is selected
  • On the left hand side, choose Tools -> Resident
  • Uncheck "Resident TeaTimer " and OK any prompts
  • Restart your computer.

When everything is done and your log is clean again, you can enable it again.

If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

 

May be some bad processes will show it's ugly head.

===

 

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

 

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Share this post


Link to post
Share on other sites

Despite my previous concern, I believe some Windows updates ran overnight including SP3. Hope that isn't too big of a deal.

 

Unless that changes your specified direction, I will disable tea-timer, and run the DrWeb-CureIt process you describe tonight when I get back home.

 

Thanks again for your help.

Share this post


Link to post
Share on other sites

As of 7:00 am (EST) still scanning the second Dr Web scan.

 

First scan found just one item to cure. But at the end of that first scan, I got a dialog box that said "HOSTS files modified". I clicked yes to restore the defaults.

Share this post


Link to post
Share on other sites

Stop it. It should not take more than a few hours.

 

Let me know what problems remains.

Share this post


Link to post
Share on other sites

Stop it. It should not take more than a few hours.

 

Let me know what problems remains.

 

I left the scan running when I left the house for work this morning. I won't be home again until after 6pm local time. Problem with the scan is that when it finds something to cure, you get the dialog box with the "yes/yes_to_all/no" options. I clicked "yes to all" early in the scan, but when I looked at it at 7:00 this morning that dialog box was back up as it found something again, and the scan pauses awaiting action. It may have been sitting like that all night long. I hit "yes to all" again, the scan re-started and I left for work.

 

As for remaining problem, it's just still very slow. The wife confirmed that it is way slower than it ever has been before. I doubt this scan will measurably improve that. What do you think?

Share this post


Link to post
Share on other sites

Here's the DrWeb log. I'll tinker with the machine a bit now and see how it's performing.

 

atofbyor.exe;C:\WINDOWS\system32\CONFIG\systemprofile\Favorites\Dell;Trojan.Packed.2923;Deleted.;

RegUBP2b-Yvonne.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;

A0007994.reg;C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP17;Trojan.StartPage.1505;Deleted.;

A0008012.reg;C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP17;Trojan.StartPage.1505;Deleted.;

battyhalloween-awp.exe\data015;C:\wallpaper and screensavers\battyhalloween-awp.exe;Adware.SideFind;;

battyhalloween-awp.exe;C:\wallpaper and screensavers;Archive contains infected objects;Moved.;

beminev10.exe\data015;C:\wallpaper and screensavers\beminev10.exe;Adware.Ezula;;

beminev10.exe;C:\wallpaper and screensavers;Archive contains infected objects;Moved.;

eerie_night.exe\data015;C:\wallpaper and screensavers\eerie_night.exe;Adware.Ezula;;

eerie_night.exe\data016;C:\wallpaper and screensavers\eerie_night.exe;Adware.SideFind;;

eerie_night.exe\data017;C:\wallpaper and screensavers\eerie_night.exe;Adware.IGetNet;;

eerie_night.exe;C:\wallpaper and screensavers;Archive contains infected objects;Moved.;

So_Glad.exe\data016;C:\wallpaper and screensavers\So_Glad.exe;Adware.Gator;;

So_Glad.exe;C:\wallpaper and screensavers;Archive contains infected objects;Moved.;

Share this post


Link to post
Share on other sites

Machines runs well now as long as TeaTimer is disabled. No problems I can detect.

 

But when I re-enabled tea-timer, it was a memory hog again. Teatimer used ~111,000k of memory and machine slowed considerably.

Share this post


Link to post
Share on other sites

Remove Spybot and destroy and TeaTimer via the Add/Remove programs list.

 

Reinstall if you still want.

 

  1. Download the latest version of Spybot from either:

[*]Install spybot and by default is should install into C:\Program Files\Spybot - Search & Destroy.

[*]Run Spybot by clicking on "Start" => "Programs" => "Spybot - Search & Destroy" => "Spybot - Search & Destroy".

[*]The first time you run it, allow it to create a backup of your registry when prompted. This will take a few minutes to complete.

[*]Click on "Search for Updates".

[*]If any updates are found, place a check mark next to each and click on "Download Updates".

[*]Click on "Immunize" and once it detect what has or has not been blocked, block all remaining items by clicking on the green plus sign next to immunize at the top.

[*]Click on "Search & Destroy" => "Check for Problems".

[*]If any problems are found, be sure to click on "Fix Selected Problems."

===================

 

 

If it still gives you some difficulties I suggest you check their forum for advice.

Share this post


Link to post
Share on other sites

Un-installed Spybot, system works like a champ from what I can tell. I installed McAfee Security Center so I will leave Spybot off for now.

 

If I have any short term problems, I'll request this thread be re-opened. But for now, I think we can close it.

 

You guys ROCK. Thanks a million.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0