Jump to content


Photo

Blue Screen


  • This topic is locked This topic is locked
23 replies to this topic

#1 pavlov

pavlov

    Member

  • Full Member
  • Pip
  • 58 posts

Posted 25 January 2010 - 08:40 PM

Windows XP. Was hit with some malware, tried to do a system restore to a previous point and got the blue screen.

Would at least like to get restored enough to get some pictures and other files off of the machine and onto a separate storage drive. Once that's done, I am not opposed to re-installing windows if necessary.

I have the OS boot disk from the manufacturer. How shall I proceed?

Thanks in advance.

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 28 January 2010 - 09:09 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 31 January 2010 - 09:07 AM

Hi,

Boot with the Manufacturers disk.

What are your options?

Any thing that says to restore a previous good installation?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 pavlov

pavlov

    Member

  • Full Member
  • Pip
  • 58 posts

Posted 31 January 2010 - 12:33 PM

Hi,

Boot with the Manufacturers disk.

What are your options?

Any thing that says to restore a previous good installation?


Thanks for the response.

"Boot with the Manufacturers disk" might sound real easy, but I may need a little coaching to do that. I'll noodle around with it and see what I can figure out.

#5 pavlov

pavlov

    Member

  • Full Member
  • Pip
  • 58 posts

Posted 31 January 2010 - 01:15 PM

So, I think I booted properly from the disk.

Here's the three options I got:

To setup windows xp now press enter

To repair a windows xp installation using recovery console press R

To quit setup without installing windows xp press F3

I pressed R for repair.

It took me to a DOS screen which advised me what I was doing and listed the operating system installations on the machine (one) and asked me which one I wanted to log on to. I selected the only option listed as:

1: C:\WINDOWS

It then asked me to type the administrators password. Having never set such a password on the machine I just hit enter. It took me to prompt like this:

C:\WINDOWS>_

No idea what I would do next.

#6 pavlov

pavlov

    Member

  • Full Member
  • Pip
  • 58 posts

Posted 31 January 2010 - 01:29 PM

Will this do the trick and leave files, pics, and other programs untouched? I know something could go wrong, so there's always risk. But is this a viable process/option to completely restore the OS and be bug-free? Or is it possible/likely that the malware is a separate program that will recur?

http://pcsupport.abo...stxprepair1.htm

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 31 January 2010 - 04:44 PM

I have to agree with you there is always some risks.

Look at this link it may give your some additional information, let me know if you need some further help.

http://www.michaelst...pairinstall.htm
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 pavlov

pavlov

    Member

  • Full Member
  • Pip
  • 58 posts

Posted 31 January 2010 - 11:15 PM

I have to agree with you there is always some risks.

Look at this link it may give your some additional information, let me know if you need some further help.

http://www.michaelst...pairinstall.htm

Her's what came up on HJT log. Really struggling with PC. IE won't launch outside of safe mode, machine really slow. Tried to install latest HJT, but not sure it worked. Next steps?

Logfile of HijackThis v1.99.0
Scan saved at 11:06:05 PM, on 1/31/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\RunOnce: [RunNarrator] Narrator.exe
O4 - HKCU\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - https://healthweb.st...w LocalExec.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {473EB4B9-6641-4FE4-9A0D-AB0EFAE34FA8} (ELSReg Class) - http://mobile.mdcons...er/ELSProxy.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish....ishUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1188252694812
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://healthweb.st...perSetupSP1.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia....upv2.0.0.9.cab?
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Juniper Network Connect Service - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 01 February 2010 - 09:16 AM

Try these fixes.

Method 1: Microsoft Internet Explorer 6.x Repair for Windows XP

From the Start menu, select Run.
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.

Method 2: Microsoft Internet Explorer 6.x Repair for Windows XP

From the Start menu, select Search, select All Files and Folders.
Select More Advanced Options and place a checkmark beside Search Hidden Files and Folders option.
Ensure that Search System Folders and Search Subfolders are also checked.
In the All or Part of the File Name box, type ie.inf
In the Look In drop-down menu, select C: or the letter of the hard drive that contains the Windows folder.
Click the Search button.
In the search results pane, find the ie.inf file located in Windows\Inf folder.
Right click the ie.inf file and click Install on the context menu.
Reboot the computer when the file copy process is complete.

========

HijackThis is still an old version.

Can you somehow download, install and run this tool.

Random's System Information Tool (RSIT)

Download random's system information tool (RSIT) by random/random from >>here<< and save it to your desktop.
  • Double click on RSIT.exe to launch program.
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.

These reports are long, please post the contents of both logs (in separate post) in your next reply.
====
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 pavlov

pavlov

    Member

  • Full Member
  • Pip
  • 58 posts

Posted 01 February 2010 - 07:53 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Yvonne at 2010-02-01 19:50:50
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 9 GB (23%) free of 38 GB
Total RAM: 511 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:31 PM, on 2/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\Handspring\Hotsync.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\update\update.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Yvonne\LOCALS~1\Temp\Google Toolbar\gtb13.tmp.exe
C:\Documents and Settings\Yvonne\Desktop\RSIT.exe
C:\Program Files\trend micro\Yvonne.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.msu.edu:8080
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_0/home.html"); (C:\Documents and Settings\YVONNE\Application Data\Mozilla\Profiles\default\y6i6xdvh.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\YVONNE\Application Data\Mozilla\Profiles\default\y6i6xdvh.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\Hotsync.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://secureaccess.botsford.org
O15 - Trusted Zone: *.dmc.org
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - https://healthweb.st...w LocalExec.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {473EB4B9-6641-4FE4-9A0D-AB0EFAE34FA8} (ELSReg Class) - http://mobile.mdcons...er/ELSProxy.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish....ishUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1188252694812
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://healthweb.st...perSetupSP1.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia....upv2.0.0.9.cab?
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://racing-games..../i/hg_back4.gif
O24 - Desktop Component 1: (no name) - http://scoobydoo.kid...und_tile_r1.jpg

--
End of file - 12875 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Norton Security Scan.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\WebReg 20071022061614.job
C:\WINDOWS\tasks\{3D461E08-C203-4EE3-822D-C5BFEF2DCD78}_YVONNE_Yvonne.job
C:\WINDOWS\tasks\{AFBD33A0-A3EE-477A-956E-29005FB218DC}_YVONNE_Yvonne.job
C:\WINDOWS\tasks\{ED4DD8A6-EC5B-49E8-8E4C-0B79912B6E30}_YVONNE_Yvonne.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-04-21 2549368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2010-01-31 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-02-27 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
C:\Program Files\Microsoft Money\System\mnyviewer.dll [2001-07-25 143420]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-02-27 102400]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-04-21 2549368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Dell|Alert"=C:\Program Files\Dell\Support\Alert\bin\DAMon.exe [2002-07-11 270336]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
"nwiz"=nwiz.exe /install []
"WD Button Manager"=C:\WINDOWS\system32\WDBtnMgr.exe [2007-08-27 364544]
"!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]
""= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-08-16 236016]
"QuickFinder Scheduler"=C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE [2003-03-07 77887]
"NAV Agent"=C:\PROGRA~1\NORTON~1\navapw32.exe [2002-02-27 75384]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2009-03-18 95960]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-31 149280]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-10-06 5058560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2004-02-03 401491]
"Mobipocket Web Companion"=C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe [2005-07-13 1859584]
"CTFMONSS"= []
"CSRSSW"= []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-10-09 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2007-09-26 267064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\Money Express.exe [2001-07-25 184376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
C:\Program Files\Microsoft Money\System\Activation.exe [2001-07-25 241714]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0\aoltray.exe [2001-11-26 32839]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
WD Backup Monitor.lnk - C:\Program Files\My Book\WD Backup\uBBMonitor.exe

C:\Documents and Settings\Yvonne\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\Handspring\Hotsync.exe
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE"="C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2010-02-01 19:50:56 ----D---- C:\Program Files\trend micro
2010-02-01 19:50:50 ----D---- C:\rsit
2010-02-01 19:38:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-01 19:37:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-02-01 19:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-01 19:23:57 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-02-01 19:22:04 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-02-01 19:21:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-01 19:21:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-01 19:20:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-01 19:19:37 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-02-01 19:19:17 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-01 19:18:54 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-01 19:17:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-01 19:15:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-01 19:15:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-02-01 19:14:45 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2010-02-01 19:13:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-01 19:12:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-01 19:12:27 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-02-01 19:10:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-01 19:10:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-01 19:10:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-02-01 19:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-02-01 19:09:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-01 19:08:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-01 19:08:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-02-01 19:07:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-01 19:06:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-02-01 19:06:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-01 19:06:08 ----HDC---- C:\WINDOWS\$NtUninstallKB885884$
2010-02-01 19:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-02-01 19:03:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-01 19:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-01 19:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-02-01 19:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-02-01 19:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-02-01 19:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-02-01 18:59:35 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-01 18:58:53 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-01 18:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-02-01 18:07:34 ----A---- C:\WINDOWS\imsins.BAK
2010-02-01 18:07:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-01-31 23:02:08 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-31 22:47:38 ----D---- C:\Program Files\TrendMicro
2010-01-31 22:43:53 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-31 22:43:53 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-31 22:43:53 ----A---- C:\WINDOWS\system32\java.exe
2010-01-31 19:23:17 ----D---- C:\WINDOWS\Prefetch
2010-01-31 19:10:25 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-01-31 18:44:53 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-01-31 18:44:53 ----A---- C:\WINDOWS\system32\irclass.dll
2010-01-31 18:44:37 ----RA---- C:\WINDOWS\SET143.tmp
2010-01-31 18:44:37 ----RA---- C:\WINDOWS\SET142.tmp
2010-01-31 18:44:22 ----RA---- C:\WINDOWS\SET10F.tmp
2010-01-31 18:44:18 ----RA---- C:\WINDOWS\SET103.tmp
2010-01-31 18:44:15 ----RA---- C:\WINDOWS\SET100.tmp
2010-01-31 13:31:22 ----D---- C:\WINDOWS\dell
2009-11-08 10:22:59 ----A---- C:\WINDOWS\system32\OLD130.tmp
2009-11-08 10:16:39 ----A---- C:\WINDOWS\system32\OLDD6.tmp
2009-11-08 10:16:38 ----A---- C:\WINDOWS\system32\OLDD3.tmp
2009-11-08 10:16:37 ----A---- C:\WINDOWS\system32\OLDD0.tmp
2009-11-08 10:16:36 ----A---- C:\WINDOWS\system32\OLDCD.tmp
2009-11-08 10:16:35 ----A---- C:\WINDOWS\system32\OLDCA.tmp
2009-11-08 10:16:35 ----A---- C:\WINDOWS\system32\OLDC7.tmp
2009-11-08 10:16:34 ----A---- C:\WINDOWS\system32\OLDC4.tmp
2009-11-08 10:16:33 ----A---- C:\WINDOWS\system32\OLDC1.tmp
2009-11-08 10:16:32 ----A---- C:\WINDOWS\system32\OLDBE.tmp
2009-11-08 10:16:30 ----A---- C:\WINDOWS\system32\OLDBB.tmp
2009-11-08 10:15:23 ----A---- C:\WINDOWS\OLDB8.tmp
2009-11-08 10:14:41 ----D---- C:\WINDOWS\LastGood(3)
2009-11-08 10:10:05 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-11-08 10:08:58 ----A---- C:\WINDOWS\system32\OLD69.tmp
2009-11-08 10:08:57 ----A---- C:\WINDOWS\system32\OLD66.tmp
2009-11-08 10:08:56 ----A---- C:\WINDOWS\system32\OLD63.tmp
2009-11-08 10:08:55 ----A---- C:\WINDOWS\system32\OLD60.tmp
2009-11-08 10:08:54 ----A---- C:\WINDOWS\system32\OLD5D.tmp
2009-11-08 10:08:53 ----A---- C:\WINDOWS\system32\OLD5A.tmp
2009-11-08 10:08:52 ----A---- C:\WINDOWS\system32\OLD57.tmp
2009-11-08 10:08:51 ----A---- C:\WINDOWS\system32\OLD54.tmp
2009-11-08 10:08:49 ----A---- C:\WINDOWS\system32\OLD51.tmp
2009-11-08 10:08:49 ----A---- C:\WINDOWS\system32\OLD4E.tmp
2009-11-08 10:08:48 ----A---- C:\WINDOWS\system32\OLD4B.tmp
2009-11-08 10:08:47 ----A---- C:\WINDOWS\system32\OLD48.tmp
2009-11-08 10:08:46 ----A---- C:\WINDOWS\system32\OLD45.tmp
2009-11-08 10:08:44 ----A---- C:\WINDOWS\system32\OLD42.tmp
2009-11-08 10:08:43 ----A---- C:\WINDOWS\system32\OLD3F.tmp
2009-11-08 10:08:42 ----A---- C:\WINDOWS\system32\OLD3C.tmp
2009-11-08 10:08:39 ----A---- C:\WINDOWS\system32\OLD39.tmp
2009-11-08 10:08:38 ----A---- C:\WINDOWS\system32\OLD36.tmp
2009-11-08 10:08:37 ----A---- C:\WINDOWS\system32\OLD33.tmp
2009-11-08 10:08:36 ----A---- C:\WINDOWS\system32\OLD30.tmp
2009-11-08 10:08:35 ----A---- C:\WINDOWS\system32\OLD2D.tmp
2009-11-08 10:08:34 ----A---- C:\WINDOWS\system32\OLD2A.tmp
2009-11-08 10:08:33 ----A---- C:\WINDOWS\system32\OLD27.tmp
2009-11-08 10:08:32 ----A---- C:\WINDOWS\system32\OLD24.tmp
2009-11-08 10:08:31 ----A---- C:\WINDOWS\system32\OLD21.tmp
2009-11-08 10:08:30 ----A---- C:\WINDOWS\system32\OLD1E.tmp
2009-11-08 10:08:30 ----A---- C:\WINDOWS\system32\OLD1B.tmp
2009-11-08 10:08:28 ----A---- C:\WINDOWS\OLD18.tmp
2009-11-08 10:06:20 ----D---- C:\WINDOWS\LastGood(2)

======List of files/folders modified in the last 3 months======

2010-02-01 19:50:56 ----RAD---- C:\Program Files
2010-02-01 19:49:40 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-01 19:49:32 ----RSD---- C:\WINDOWS\assembly
2010-02-01 19:47:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-01 19:46:14 ----D---- C:\WINDOWS\SYSTEM32
2010-02-01 19:46:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-01 19:45:55 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-01 19:45:54 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-01 19:42:34 ----D---- C:\WINDOWS\Temp
2010-02-01 19:42:29 ----HD---- C:\WINDOWS
2010-02-01 19:41:30 ----D---- C:\Program Files\Common Files
2010-02-01 19:40:57 ----RSHDC---- C:\WINDOWS\system32\DLLCACHE
2010-02-01 19:40:57 ----D---- C:\WINDOWS\system32\WBEM
2010-02-01 19:40:57 ----D---- C:\WINDOWS\AppPatch
2010-02-01 19:39:07 ----HD---- C:\WINDOWS\INF
2010-02-01 19:39:02 ----D---- C:\WINDOWS\system32\DRIVERS
2010-02-01 19:35:07 ----SHD---- C:\WINDOWS\Installer
2010-02-01 19:35:06 ----SHD---- C:\Config.Msi
2010-02-01 19:31:24 ----D---- C:\WINDOWS\WinSxS
2010-02-01 19:24:19 ----D---- C:\Program Files\Internet Explorer
2010-02-01 19:22:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-02-01 19:21:28 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-01 19:18:29 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-01 19:09:15 ----D---- C:\Program Files\Outlook Express
2010-02-01 19:05:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-02-01 19:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-02-01 19:01:29 ----D---- C:\WINDOWS\SECURITY
2010-02-01 19:00:00 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-01 18:11:50 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-02-01 18:08:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-31 23:17:39 ----D---- C:\hijackthis
2010-01-31 23:02:36 ----D---- C:\Documents and Settings
2010-01-31 22:43:29 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-31 22:43:24 ----D---- C:\Program Files\Java
2010-01-31 22:39:26 ----D---- C:\WINDOWS\Debug
2010-01-31 22:28:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-31 22:28:37 ----DC---- C:\WINDOWS\$NtUninstallKB952004$(2)
2010-01-31 19:27:40 ----D---- C:\WINDOWS\Registration
2010-01-31 19:25:05 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-31 19:25:02 ----D---- C:\WINDOWS\Help
2010-01-31 19:23:24 ----SHD---- C:\System Volume Information
2010-01-31 19:23:24 ----D---- C:\WINDOWS\system32\Restore
2010-01-31 19:22:26 ----D---- C:\WINDOWS\system32\CONFIG
2010-01-31 19:11:44 ----A---- C:\WINDOWS\ODBCINST.INI
2010-01-31 19:11:12 ----D---- C:\WINDOWS\system32\IAS
2010-01-31 19:10:29 ----RD---- C:\WINDOWS\Web
2010-01-31 19:10:15 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-01-31 19:09:56 ----A---- C:\WINDOWS\WIN.INI
2010-01-31 19:09:48 ----D---- C:\WINDOWS\system32\OOBE
2010-01-31 19:09:47 ----D---- C:\Program Files\Windows Media Player
2010-01-31 19:09:26 ----D---- C:\WINDOWS\system32\Com
2010-01-31 19:06:47 ----SH---- C:\boot.ini
2010-01-31 18:50:53 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-01-31 18:49:09 ----D---- C:\DRIVERS
2010-01-31 18:45:01 ----A---- C:\WINDOWS\SYSTEM.INI
2010-01-31 18:44:38 ----ASH---- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
2010-01-31 13:39:13 ----D---- C:\WINDOWS\SYSTEM
2010-01-31 13:39:12 ----D---- C:\WINDOWS\system32\Setup
2010-01-31 13:39:02 ----D---- C:\WINDOWS\system32\USMT
2010-01-31 13:38:49 ----D---- C:\WINDOWS\IME
2010-01-31 13:38:48 ----RSD---- C:\WINDOWS\Fonts
2010-01-31 13:38:48 ----D---- C:\WINDOWS\Media
2010-01-31 13:38:34 ----D---- C:\WINDOWS\peernet
2010-01-31 13:38:17 ----D---- C:\WINDOWS\system32\NPP
2010-01-31 13:38:08 ----D---- C:\WINDOWS\MSAGENT
2010-01-31 13:34:33 ----D---- C:\WINDOWS\TWAIN_32
2010-01-31 13:33:24 ----D---- C:\WINDOWS\system32\ICSXML
2010-01-31 13:32:39 ----D---- C:\WINDOWS\system32\1033
2010-01-31 13:31:22 ----D---- C:\WINDOWS\Driver Cache
2009-12-22 00:42:49 ----A---- C:\WINDOWS\system32\wininet.dll
2009-12-22 00:42:49 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-12-22 00:42:48 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-12-22 00:42:48 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-12-22 00:42:48 ----A---- C:\WINDOWS\system32\mstime.dll
2009-12-22 00:42:47 ----A---- C:\WINDOWS\system32\msrating.dll
2009-12-22 00:42:47 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-12-22 00:42:47 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-12-22 00:42:45 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-12-22 00:42:45 ----A---- C:\WINDOWS\system32\inseng.dll
2009-12-22 00:42:45 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-12-22 00:42:45 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-12-22 00:42:45 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-12-22 00:42:45 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-12-22 00:42:44 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-12-22 00:42:44 ----A---- C:\WINDOWS\system32\danim.dll
2009-12-22 00:42:43 ----A---- C:\WINDOWS\system32\cdfview.dll
2009-12-22 00:42:43 ----A---- C:\WINDOWS\system32\browseui.dll
2009-12-16 08:33:58 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-12-08 04:13:51 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-11-08 10:23:15 ----D---- C:\Neuroworks
2009-11-08 10:22:48 ----DC---- C:\WINDOWS\$NtUninstallKB969059$
2009-11-08 10:22:34 ----DC---- C:\WINDOWS\$NtUninstallKB974455$
2009-11-08 10:20:05 ----D---- C:\WINDOWS\ehome
2009-11-08 10:15:23 ----D---- C:\Program Files\Common Files\System
2009-11-08 10:14:53 ----D---- C:\Program Files\Windows NT
2009-11-08 10:14:49 ----D---- C:\Program Files\NetMeeting
2009-11-08 10:14:41 ----D---- C:\WINDOWS\SRCHASST
2009-11-08 10:14:30 ----D---- C:\Program Files\Movie Maker
2009-11-08 10:11:03 ----D---- C:\WINDOWS\system32\bits
2009-11-08 10:10:30 ----D---- C:\WINDOWS\network diagnostic
2009-11-08 10:10:24 ----D---- C:\Program Files\Messenger
2009-11-08 10:10:05 ----DC---- C:\WINDOWS\$NtUninstallKB923561$(2)
2009-11-08 10:10:03 ----DC---- C:\WINDOWS\$NtUninstallKB938464$(3)
2009-11-08 10:10:02 ----DC---- C:\WINDOWS\$NtUninstallKB950759$(3)
2009-11-08 10:10:02 ----DC---- C:\WINDOWS\$NtUninstallKB946648$(3)
2009-11-08 10:09:59 ----DC---- C:\WINDOWS\$NtUninstallKB950762$(3)
2009-11-08 10:09:57 ----DC---- C:\WINDOWS\$NtUninstallKB950974$(3)
2009-11-08 10:09:54 ----DC---- C:\WINDOWS\$NtUninstallKB951066$(3)
2009-11-08 10:09:53 ----DC---- C:\WINDOWS\$NtUninstallKB951376-v2$(3)
2009-11-08 10:09:53 ----DC---- C:\WINDOWS\$NtUninstallKB951376$(3)
2009-11-08 10:09:51 ----DC---- C:\WINDOWS\$NtUninstallKB951698$(3)
2009-11-08 10:09:50 ----DC---- C:\WINDOWS\$NtUninstallKB951748$(3)
2009-11-08 10:09:48 ----DC---- C:\WINDOWS\$NtUninstallKB952287$(3)
2009-11-08 10:09:47 ----DC---- C:\WINDOWS\$NtUninstallKB952954$(3)
2009-11-08 10:09:46 ----DC---- C:\WINDOWS\$NtUninstallKB953838$(3)
2009-11-08 10:09:45 ----DC---- C:\WINDOWS\$NtUninstallKB954211$(3)
2009-11-08 10:09:43 ----DC---- C:\WINDOWS\$NtUninstallKB954600$(3)
2009-11-08 10:09:42 ----DC---- C:\WINDOWS\$NtUninstallKB974112$(3)
2009-11-08 10:09:40 ----DC---- C:\WINDOWS\$NtUninstallKB955069$(3)
2009-11-08 10:09:39 ----DC---- C:\WINDOWS\$NtUninstallKB956390$(3)
2009-11-08 10:09:38 ----DC---- C:\WINDOWS\$NtUninstallKB956572$(2)
2009-11-08 10:09:34 ----DC---- C:\WINDOWS\$NtUninstallKB956802$(3)
2009-11-08 10:09:33 ----DC---- C:\WINDOWS\$NtUninstallKB956803$(3)
2009-11-08 10:09:32 ----DC---- C:\WINDOWS\$NtUninstallKB956844$(2)
2009-11-08 10:09:32 ----DC---- C:\WINDOWS\$NtUninstallKB956841$(3)
2009-11-08 10:09:31 ----DC---- C:\WINDOWS\$NtUninstallKB957095$(3)
2009-11-08 10:09:30 ----DC---- C:\WINDOWS\$NtUninstallKB957097$(3)
2009-11-08 10:09:29 ----DC---- C:\WINDOWS\$NtUninstallKB958215$(3)
2009-11-08 10:09:26 ----DC---- C:\WINDOWS\$NtUninstallKB958644$(3)
2009-11-08 10:09:25 ----DC---- C:\WINDOWS\$NtUninstallKB958687$(2)
2009-11-08 10:09:24 ----DC---- C:\WINDOWS\$NtUninstallKB958690$(2)
2009-11-08 10:09:23 ----DC---- C:\WINDOWS\$NtUninstallKB959426$(2)
2009-11-08 10:09:21 ----DC---- C:\WINDOWS\$NtUninstallKB960225$(2)
2009-11-08 10:09:19 ----DC---- C:\WINDOWS\$NtUninstallKB960714$(3)
2009-11-08 10:09:18 ----DC---- C:\WINDOWS\$NtUninstallKB960803$(2)
2009-11-08 10:09:17 ----DC---- C:\WINDOWS\$NtUninstallKB961118$(2)
2009-11-08 10:09:17 ----DC---- C:\WINDOWS\$NtUninstallKB960859$(2)
2009-11-08 10:09:16 ----DC---- C:\WINDOWS\$NtUninstallKB961371$(2)
2009-11-08 10:09:15 ----DC---- C:\WINDOWS\$NtUninstallKB961373$(2)
2009-11-08 10:09:14 ----DC---- C:\WINDOWS\$NtUninstallKB961501$(2)
2009-11-08 10:09:13 ----DC---- C:\WINDOWS\$NtUninstallKB963027$(2)
2009-11-08 10:09:11 ----DC---- C:\WINDOWS\$NtUninstallKB974455$(3)
2009-11-08 10:09:07 ----DC---- C:\WINDOWS\$NtUninstallKB967715$(2)
2009-11-08 10:09:02 ----DC---- C:\WINDOWS\$NtUninstallKB968389$(2)
2009-11-08 10:08:57 ----DC---- C:\WINDOWS\$NtUninstallKB968537$(2)
2009-11-08 10:08:52 ----DC---- C:\WINDOWS\$NtUninstallKB969059$(2)
2009-11-08 10:08:49 ----DC---- C:\WINDOWS\$NtUninstallKB969897$(2)
2009-11-08 10:08:47 ----DC---- C:\WINDOWS\$NtUninstallKB970238$(2)
2009-11-08 10:08:43 ----DC---- C:\WINDOWS\$NtUninstallKB971486$(2)
2009-11-08 10:08:35 ----DC---- C:\WINDOWS\$NtUninstallKB971557$(2)
2009-11-08 10:08:33 ----DC---- C:\WINDOWS\$NtUninstallKB971633$(2)
2009-11-08 10:08:30 ----DC---- C:\WINDOWS\$NtUninstallKB971657$(2)
2009-11-08 10:08:28 ----DC---- C:\WINDOWS\$NtUninstallKB972260$(2)
2009-11-08 10:08:26 ----DC---- C:\WINDOWS\$NtUninstallKB973354$(2)
2009-11-08 10:08:22 ----DC---- C:\WINDOWS\$NtUninstallKB973507$(2)
2009-11-08 10:08:20 ----DC---- C:\WINDOWS\$NtUninstallKB973815$(2)
2009-11-08 10:08:18 ----DC---- C:\WINDOWS\$NtUninstallKB973869$(2)
2009-11-08 10:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$(2)
2009-11-08 10:08:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$(2)
2009-11-08 10:08:10 ----DC---- C:\WINDOWS\$NtUninstallKB974571$(2)
2009-11-08 10:08:07 ----DC---- C:\WINDOWS\$NtUninstallKB975025$(2)
2009-11-08 10:08:05 ----DC---- C:\WINDOWS\$NtUninstallKB975467$(2)
2009-11-08 10:06:35 ----D---- C:\Program Files\Google
2009-11-08 10:06:28 ----DC---- C:\WINDOWS\$NtUninstallKB954459$
2009-11-08 10:06:27 ----DC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-11-08 10:06:24 ----DC---- C:\WINDOWS\$NtUninstallKB956744$
2009-11-08 10:06:23 ----DC---- C:\WINDOWS\$NtUninstallKB951978$
2009-11-08 10:06:19 ----D---- C:\wallpaper and screensavers
2009-11-08 10:06:16 ----DC---- C:\WINDOWS\ie8
2009-11-04 03:01:41 ----D---- C:\WINDOWS\ie8updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-01-21 267384]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-07-17 8552]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\fallback.sys [2001-07-18 310899]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\fsksnt.sys [2001-07-18 127405]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\k56nt.sys [2001-07-18 426783]
R2 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2002-11-11 28100]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [1996-10-08 64000]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\faxnt.sys [2001-07-18 217019]
R2 SpeakerPhone;SpeakerPhone; C:\WINDOWS\System32\DRIVERS\spkpnt.sys [2001-07-18 80449]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\tonesnt.sys [2001-07-18 56607]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\v124nt.sys [2001-07-18 534125]
R3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [2001-07-18 77426]
R3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696]
R3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2008-07-21 23552]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NAVAP;NAVAP; \??\C:\WINDOWS\System32\Drivers\NAVAP.SYS []
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20021113.004\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20021113.004\NavEx15.Sys []
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-03-08 13780]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\rksample.sys [2001-07-18 67654]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-04-04 459944]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-01-21 26424]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2001-09-27 28396]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2001-07-25 584336]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [2001-06-20 4272]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-13 85969]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2002-06-27 16509]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 VisorUsb;Handspring USB; C:\WINDOWS\System32\DRIVERS\VisorUsb.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2004-08-04 31744]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2004-08-04 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
R2 dsNcService;Juniper Network Connect Service; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [2008-07-21 423280]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-31 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2002-02-27 116344]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2003-10-06 81920]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2001-11-26 65536]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-07-24 358896]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-08-16 309744]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-08-16 166384]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-09 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-07-24 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-08-16 1092080]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-01-21 206552]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-02-01 19:51:41

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{0ADEA8E1-B211-41B8-8DD4-D9A5FB04A5FA}
-->MsiExec.exe /I{267D350E-51AB-40B8-AF9F-DA7ED5687044}
-->MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}
-->MsiExec.exe /I{85BD5F12-49EF-4B40-B1E0-77D85F6E99BF}
-->MsiExec.exe /I{EA9741F6-A7F2-497B-BBE4-2ED0136649BE}
-->MsiExec.exe /X{C628EC93-8E17-4114-BCE7-2D181B93FA0F}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{33AE85D9-0386-41AD-BD99-FDF3ABC19DBB}\Setup.exe" -l0x9 -L0x9anything
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55251924-B51C-4E66-8199-5258672518C5}\Setup.exe" -u -uninst -fUninst.isu -c"C:\Program Files\Epocrates\EssentialsPPC\Win32\Win32_Dll\AupdUnInstall.dll"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Groove Playback Engine-->RunDll32 C:\WINDOWS\DOWNLO~1\CONFLICT.1\GrooveAX.dll,_RemoveGroove@16
3DVIA player 4.1-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 8.1.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\Install.log
America Online-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20011028.1)-->C:\WINDOWS\AolCInUn.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BlackBerry Desktop Software 4.3-->MsiExec.exe /I{0D048BE8-AE02-4CB5-A428-616B9848E4A7}
BlackBerry Desktop Software 4.3-->MsiExec.exe /i{0D048BE8-AE02-4CB5-A428-616B9848E4A7}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Citrix XenApp Web Plugin-->MsiExec.exe /X{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}
Conexant HSF V92 56K RTAD Speakerphone PCI Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0\HxFSETUP.EXE -U -IVEN_14F1&DEV_2016&SUBSYS_021913E0
Dell | Support-->MsiExec.exe /X{91E8A85F-2960-40ED-BA84-7F4567BB00C0}
Dell Picture Studio - Dell Image Expert-->MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Epocrates Essentials for Pocket PC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55251924-B51C-4E66-8199-5258672518C5}\Setup.exe" -u
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF2

#11 pavlov

pavlov

    Member

  • Full Member
  • Pip
  • 58 posts

Posted 01 February 2010 - 08:07 PM

The two previous steps you suggested, I did both. First one completed but IE would still not open, and system very sluggish. Second one completed and upon shutting down the XP installed 50 system upgrades. Maybe my re-install set me back a few years on windows updates. System still very sluggish. Getting notice of CPU usage at 100%. And getting Windows update notice icon.

However, had success with install of RSIT and success with the 2 logs posted above.

#12 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 02 February 2010 - 10:39 AM

; Purpose: Remove traces in the registry.
;
; Instructions: Copy and paste this text IN BOLD into a text editor such as Notepad.
;
; Save this text as Fix.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMONSS"=-
"CSRSSW"=-



; Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.

Delete the Fix.reg file when done.
===

Open HijackThis
Click: None of the above, just start the program.
Click: Config
Click: Misc Tools
Click: Open Process Manager. Look for both these processes in bold and click on Kill Process.

C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\update\update.exe
C:\DOCUME~1\Yvonne\LOCALS~1\Temp\Google Toolbar\gtb13.tmp.exe

Restart the computer normally.

Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#13 pavlov

pavlov

    Member

  • Full Member
  • Pip
  • 58 posts

Posted 02 February 2010 - 06:45 PM

Done. Seems to be working fine albeit a bit slow. Maybe it's because I'm not real used to this machine, but it seems slow. Fifteen seconds or so to launch IE or Firefox and have the home page (google) paint with a high speed cable modem connection.

Still getting windows message "updates are ready" including what appears to be SP3. Shall I allow it? The OS boot disk is SP2, and my fear is if I have to use it again in the very near future I may find myself needing to uninstall SP3 to use the boot disk. Thoughts?

Anything else from a "better safe than sorry" perspective?

Once we're done here, I'll load up on some anti-virus and firewall protection.

#14 pavlov

pavlov

    Member

  • Full Member
  • Pip
  • 58 posts

Posted 02 February 2010 - 08:08 PM

Now I have teatimer.exe using 124,348 k of memory and CPU Usage spiking to 100%, down to 5% and back up.

#15 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 03 February 2010 - 09:54 AM

Still getting windows message "updates are ready" including what appears to be SP3. Shall I allow it? The OS boot disk is SP2, and my fear is if I have to use it again in the very near future I may find myself needing to uninstall SP3 to use the boot disk. Thoughts?


Wait to install SP 3. When all is well you I suggest you do. Some security issues have been patched and you should install it when all is going well.

Now I have teatimer.exe using 124,348 k of memory and CPU Usage spiking to 100%, down to 5% and back up.

Please disable TeaTimer for now by doing the following:
  • Run Spybot-S&D
  • Go to the Mode menu , and make sure "Advanced Mode " is selected
  • On the left hand side, choose Tools -> Resident
  • Uncheck "Resident TeaTimer " and OK any prompts
  • Restart your computer.
When everything is done and your log is clean again, you can enable it again.
If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

May be some bad processes will show it's ugly head.
===

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#16 pavlov

pavlov

    Member

  • Full Member
  • Pip
  • 58 posts

Posted 03 February 2010 - 10:34 AM

Despite my previous concern, I believe some Windows updates ran overnight including SP3. Hope that isn't too big of a deal.

Unless that changes your specified direction, I will disable tea-timer, and run the DrWeb-CureIt process you describe tonight when I get back home.

Thanks again for your help.

#17 pavlov

pavlov

    Member

  • Full Member
  • Pip
  • 58 posts

Posted 04 February 2010 - 06:59 AM

As of 7:00 am (EST) still scanning the second Dr Web scan.

First scan found just one item to cure. But at the end of that first scan, I got a dialog box that said "HOSTS files modified". I clicked yes to restore the defaults.

#18 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 04 February 2010 - 09:35 AM

Stop it. It should not take more than a few hours.

Let me know what problems remains.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#19 pavlov

pavlov

    Member

  • Full Member
  • Pip
  • 58 posts

Posted 04 February 2010 - 10:05 AM

Stop it. It should not take more than a few hours.

Let me know what problems remains.


I left the scan running when I left the house for work this morning. I won't be home again until after 6pm local time. Problem with the scan is that when it finds something to cure, you get the dialog box with the "yes/yes_to_all/no" options. I clicked "yes to all" early in the scan, but when I looked at it at 7:00 this morning that dialog box was back up as it found something again, and the scan pauses awaiting action. It may have been sitting like that all night long. I hit "yes to all" again, the scan re-started and I left for work.

As for remaining problem, it's just still very slow. The wife confirmed that it is way slower than it ever has been before. I doubt this scan will measurably improve that. What do you think?

#20 pavlov

pavlov

    Member

  • Full Member
  • Pip
  • 58 posts

Posted 04 February 2010 - 06:25 PM

Here's the DrWeb log. I'll tinker with the machine a bit now and see how it's performing.

atofbyor.exe;C:\WINDOWS\system32\CONFIG\systemprofile\Favorites\Dell;Trojan.Packed.2923;Deleted.;
RegUBP2b-Yvonne.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
A0007994.reg;C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP17;Trojan.StartPage.1505;Deleted.;
A0008012.reg;C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP17;Trojan.StartPage.1505;Deleted.;
battyhalloween-awp.exe\data015;C:\wallpaper and screensavers\battyhalloween-awp.exe;Adware.SideFind;;
battyhalloween-awp.exe;C:\wallpaper and screensavers;Archive contains infected objects;Moved.;
beminev10.exe\data015;C:\wallpaper and screensavers\beminev10.exe;Adware.Ezula;;
beminev10.exe;C:\wallpaper and screensavers;Archive contains infected objects;Moved.;
eerie_night.exe\data015;C:\wallpaper and screensavers\eerie_night.exe;Adware.Ezula;;
eerie_night.exe\data016;C:\wallpaper and screensavers\eerie_night.exe;Adware.SideFind;;
eerie_night.exe\data017;C:\wallpaper and screensavers\eerie_night.exe;Adware.IGetNet;;
eerie_night.exe;C:\wallpaper and screensavers;Archive contains infected objects;Moved.;
So_Glad.exe\data016;C:\wallpaper and screensavers\So_Glad.exe;Adware.Gator;;
So_Glad.exe;C:\wallpaper and screensavers;Archive contains infected objects;Moved.;

#21 pavlov

pavlov

    Member

  • Full Member
  • Pip
  • 58 posts

Posted 04 February 2010 - 07:03 PM

Machines runs well now as long as TeaTimer is disabled. No problems I can detect.

But when I re-enabled tea-timer, it was a memory hog again. Teatimer used ~111,000k of memory and machine slowed considerably.

#22 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 05 February 2010 - 08:07 AM

Remove Spybot and destroy and TeaTimer via the Add/Remove programs list.

Reinstall if you still want.

  • Download the latest version of Spybot from either:
  • Install spybot and by default is should install into C:\Program Files\Spybot - Search & Destroy.
  • Run Spybot by clicking on "Start" => "Programs" => "Spybot - Search & Destroy" => "Spybot - Search & Destroy".
  • The first time you run it, allow it to create a backup of your registry when prompted. This will take a few minutes to complete.
  • Click on "Search for Updates".
  • If any updates are found, place a check mark next to each and click on "Download Updates".
  • Click on "Immunize" and once it detect what has or has not been blocked, block all remaining items by clicking on the green plus sign next to immunize at the top.
  • Click on "Search & Destroy" => "Check for Problems".
  • If any problems are found, be sure to click on "Fix Selected Problems."
===================


If it still gives you some difficulties I suggest you check their forum for advice.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#23 pavlov

pavlov

    Member

  • Full Member
  • Pip
  • 58 posts

Posted 07 February 2010 - 03:35 PM

Un-installed Spybot, system works like a champ from what I can tell. I installed McAfee Security Center so I will leave Spybot off for now.

If I have any short term problems, I'll request this thread be re-opened. But for now, I think we can close it.

You guys ROCK. Thanks a million.

#24 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 21 February 2010 - 09:35 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button