Computer Hope
Software => Computer viruses and spyware => Topic started by: nondaj on January 04, 2009, 12:50:15 PM
-
Dell XPS400 Dimension
XP-Pro Version 2002 SP2
Pentium D 2.80 GHz
2.79 GHz, 2.00 GB of Ram
Within last 3-4 days my PC has apparently suddenly begin to slow down until now it is almost impossible to work with it especially online. Downloads which before used to take seconds to minutes now state they will take 1-2 hours. Pictures seem to be the worst offender re downloads either online or in emails.
One recipent's emails are going to the deleted file rather than the inbox.
Have a variety of protection programs but both they and my anti-virus come up with no unusual infections. Have defragged and scanned disc the PC again with no results re the problems I am having.
Can anyone suggest what might be wrong or what I might do to correct the problems?
Am using Obit Pro, Reg Scrub, CCleaner, Spy Hunter, Windows Defender and Windows Malicious Tool Remover all of which were recommended at one time by a PC tech. My anti-virus is ESET NOD32. I continually update all programs in attempt to avoid problems such that am having now.
So what am I doing wrong here? ???
-
Please start here: http://www.computerhope.com/forum/index.php/topic,46313.0.html
-
Have followed the directions clear down to Hi-Jack this but am stuck here. I downloaded Hi-Jack and renamed it to JHT but there is no 'install' button; when I double click on HJT file, it merely opens to programs with which to open the download. What have I missed or done in error?
-
It sounds like you may have removed the file extension when renaming it. Try downloading HijackThis again, but this time, don't rename it. Does it work now?
-
OK will try again and let you know how I do. Thanks for hanging in with me. :o
-
Following is my Hi-Jack log. Could not follow your instructions quite to the letter but was able to still get this Hi-Jack log so hope it is OK. :)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:14 PM, on 1/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\G.H.O.S.T. Hunters\Images\stg_drm.ocx
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.collegeofthedesert.edu/SiteCollectionImages/TitleGraphic.jpg
O24 - Desktop Component 1: (no name) - https://www.verizon.net/central/resources/images/email/emailheader.jpg
--
End of file - 5541 bytes
-
Remove this entry with HijackThis:
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
Simply place a check next to it and click on Fix Checked.
Other than that, not much is showing up in your log. Why were you unable to do the other steps? Could you not download the programs? Did you receive any errors?
-
No I was able to download everything. There were just some directions that you gave that I could not find the steps to follow through exactly. However, continuing on with what I was seeing on my screen I think I arrived at the place where I was supposed to be re your directions.
This might be an example. When I did the log, there were two screens that opened: the log I sent you and the other would have been the 'fix it' screen where I could put a check mark and click on fix it. However, there was no place on this screen to save it, no toolbar at all so when I logged off for the night, it of course disappeared.
Not sure whether to go through process again of developing a log to bring this screen back up again in order to delete the 'string' you indicated. Or is there another way to delete same the string?
My PC continues to malfunction and is getting no better. Does this then mean, if nothing else is found, that I may be having software conflicts?
Some time ago a tech put SpyHunter on my PC - I did not opt for it so do not know anything about it. It has now 'gone down', will not function when I try to use it. Wondering if I can safely let windows delete this program to see if it will help my problems.
I have a couple of entries on the ADD\Remove listing that will not delete.
Error messages are Setup.Ex has encountered a problem and must close - this for a program called Google Earth.
And Logitech Desk Messenger has an error message but it goes by so fast unable to read it; the listing just will not delete.
Found both in the registry but as a novice, hesitate to do anything there! Not sure any of these has anything to do with my PC troubles right now.
I always let windows delete any software program unless the program itself has a deletion option. There are some listings that I do not know anything about but would not dare to delete unless I had advice or knew more about them.
What else can I do to resolve my PC problems or is there something I have missed along the way in your efforts to help me?
Again all the downloads went well but these problems persist:
1 - very very slow downloads particularly if pictures are involved
2 - emails are especially slow to download so that I have advised email correspondents to cease embedding pictures in emails as they seem to stop up the downloads completely. Attachments do not seem to be an issue.
3 - one correspondent's emails go to my deleted box instead of the inbox (am using Outlook Express by the way) so have to continually be aware of this. This person lives in England and is on AOL.
4 - moving about on the internet is so frustrating that I frequently have to give up attaining some sites.
5 - cannot see some sites because IE browser refuses to recognize that I have Flash Player 10 installed. Some of these sites are crucial to my work on the PC so need to resolve this issue eventally.
Do appreciate your efforts thus far and willing to wait and work if such needs to be done to resolve any of my problems.
-
You've certainly got a lot of issues. I don't know if they're all virus-related, but we'll try to find out. For starters...to remove the bold entry I posted above, simply open HijackThis and click on the option that says something along the lines of Scan without saving a log. It will bring up a list of entries. Simply scroll down to the R3 section, place a checkmark next to the entry above, and click on Fix Checked.
Once you have done that, try to follow the instructions below...
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete. Also, keep in mind that the ComboFix log probably won't fit into one post, so you may have to break it up into sections.
-
OK - got down to the link that was to bring up list of protection programs to disable but could not find any list.
All I could find on the screen that came up was ads for spyware removal programs. So where did I miss the boat?
-
Take a look at the image I have attached below. Is that not the page you see? If it is, you are supposed to look for your anti-virus in the list (use Ctrl+F if you have trouble) and it will explain how to disable it. If that's not the page you see, then you may have a browser hijacker. If that's the case...are you able to download ComboFix? If not, let me know. But if you can, go ahead and download it. You are using ESET, correct? You should be able to simply right-click the icon near the bottom-right of your screen, and choose Quit. When asked if you want to quit, click Yes. Then follow the rest of my previous instructions.
Give it a shot and let me know what your results are.
[attachment deleted by admin]
-
Ah ha browser hi-jacker makes sense from what little I know re PCs because it is the internet and email where most of my problems lie. No I do not see that screen you showed, yes I was able to download the Combo file and yes will turn off my ESET NOD32. Keep you posted how I make out.
-
New Hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:03 AM, on 1/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\G.H.O.S.T. Hunters\Images\stg_drm.ocx
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.collegeofthedesert.edu/SiteCollectionImages/TitleGraphic.jpg
O24 - Desktop Component 1: (no name) - https://www.verizon.net/central/resources/images/email/emailheader.jpg
--
End of file - 5443 bytes
-
Combo log
ComboFix 09-01-07.01 - Jean 2009-01-08 9:06:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1409 [GMT -8:00]
Running from: c:\documents and settings\Jean\Desktop\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Jean\Application Data\inst.exe
C:\setup.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\msvrc20.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.
2009-01-05 20:23 . 2009-01-05 20:23 <DIR> d-------- c:\program files\Trend Micro
2009-01-04 20:37 . 2009-01-04 20:37 <DIR> d-------- c:\program files\Java
2009-01-04 20:37 . 2009-01-04 20:37 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-04 20:37 . 2009-01-04 20:37 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-04 18:03 . 2009-01-06 19:57 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-04 18:03 . 2009-01-04 18:03 <DIR> d-------- c:\documents and settings\Jean\Application Data\SUPERAntiSpyware.com
2009-01-04 18:03 . 2009-01-04 18:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-01 22:26 . 2009-01-02 13:51 <DIR> d-------- c:\program files\7-Zip
2009-01-01 15:02 . 2009-01-01 15:02 64,544 --a------ c:\documents and settings\MSSSerif96.fon
2009-01-01 15:02 . 2009-01-01 15:02 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-01 15:02 . 2009-01-01 15:02 1,409 --a------ c:\windows\QTFont.for
2009-01-01 14:45 . 2009-01-01 15:06 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2008-12-30 09:29 . 2008-10-07 12:33 201,157 --a------ c:\windows\system32\nvapps.nvb
2008-12-29 22:25 . 2008-12-29 22:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2008-12-21 18:11 . 2009-01-07 19:01 <DIR> d-------- c:\documents and settings\All Users\Lx_cats
2008-12-21 18:01 . 2008-12-21 18:01 <DIR> d-------- C:\logs
2008-12-21 18:01 . 2008-02-18 20:14 360,448 --a------ c:\windows\system32\lxdxcoin.dll
2008-12-21 18:01 . 2008-02-06 02:24 60,996 --a------ c:\windows\system32\lxdxprpr.chm
2008-12-21 18:01 . 2008-02-27 16:15 40,960 --a------ c:\windows\system32\lxdxvs.dll
2008-12-21 18:00 . 2008-12-21 18:00 <DIR> d-------- c:\program files\Lexmark Toolbar
2008-12-21 18:00 . 2008-02-27 16:11 782,336 --a------ c:\windows\system32\lxdxdrs.dll
2008-12-21 18:00 . 2001-08-17 22:36 87,040 --a------ c:\windows\system32\wiafbdrv.dll
2008-12-21 18:00 . 2001-08-17 22:36 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
2008-12-21 18:00 . 2008-02-27 16:11 81,920 --a------ c:\windows\system32\lxdxcaps.dll
2008-12-21 18:00 . 2008-02-27 16:02 69,632 --a------ c:\windows\system32\lxdxcnv4.dll
2008-12-21 18:00 . 2006-12-06 09:19 44 --a------ c:\windows\system32\lxdxrwrd.ini
2008-12-21 17:59 . 2009-01-03 21:10 <DIR> d-------- c:\program files\Lexmark 3600-4600 Series
2008-12-13 18:15 . 2008-12-13 18:21 22,016 --a------ C:\final grades.doc
2008-12-12 07:44 . 2008-10-03 02:15 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
.
(((((((((((((
-
rest of Combo log
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 04:50 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-05 02:02 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-03 23:05 --------- d-----w c:\program files\RegScrubXP
2009-01-02 23:18 --------- d-----w c:\program files\QuickTime
2009-01-02 22:15 --------- d-----w c:\documents and settings\Jean\Application Data\GoodSync
2009-01-02 21:57 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-12-30 18:22 --------- d-----w c:\documents and settings\Jean\Application Data\MailWasherPro
2008-12-30 07:32 --------- d-----w c:\program files\CCleaner
2008-12-23 21:28 --------- d-----w c:\documents and settings\Jean\Application Data\UHS Reader
2008-12-08 16:58 --------- d-----w c:\program files\Google
2008-12-06 16:57 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-12-04 03:09 --------- d-----w c:\program files\Mulawa Dreaming
2008-12-01 22:19 --------- d-----w c:\program files\UHS
2008-11-28 23:08 --------- d-----w c:\documents and settings\Administrator\Application Data\MailWasherPro
2008-11-27 22:01 --------- d-----w c:\program files\SolSuite
2008-11-26 18:19 --------- d-----w c:\program files\Lighthouse Interactive
2008-11-25 17:33 94,157 ----a-w C:\Uninstal.exe
2008-11-24 04:08 --------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-24 04:06 --------- d-----w c:\documents and settings\Administrator\Application Data\IObit
2008-11-20 03:57 --------- d-----w c:\program files\Sierra On-Line
2008-11-20 03:57 --------- d-----w c:\program files\Shirleetaire
2008-11-18 01:53 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-18 01:53 --------- d-----w c:\program files\Verizon
2008-11-18 01:53 --------- d-----w c:\program files\TestGen
2008-11-18 01:53 --------- d-----w c:\program files\Barrow Hill
2008-11-18 01:53 --------- d-----w c:\program files\123 Free Puzzle
2008-11-18 01:53 --------- d-----w c:\documents and settings\Jean\Application Data\TestGen
2008-11-18 01:53 --------- d-----w c:\documents and settings\Jean\Application Data\SpinTop
2008-11-18 01:46 --------- d-----w c:\program files\IObit
2008-11-18 01:46 --------- d-----w c:\documents and settings\Jean\Application Data\IObit
2008-11-16 08:34 --------- d-----w c:\documents and settings\Jean\Application Data\SolSuite
2008-11-11 07:15 1,441,792 ----a-w C:\jigsaws.exe
2008-11-08 18:37 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-04 02:04 8 -c--a-w c:\documents and settings\Jean\Application Data\usb.dat.bin
2008-11-02 19:51 0 ----a-w C:\mcs.dat
2007-11-27 06:26 47,360 -c--a-w c:\documents and settings\Jean\Application Data\pcouffin.sys
2004-07-30 05:38 1,839,040 -c--a-w c:\program files\VDMSound2[1].1.0.exe
2007-04-06 05:44 1,623,584 -csha-w c:\windows\system32\drivers\fidbox.dat
2007-04-06 05:44 67,104 -csha-w c:\windows\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
-
more combo file
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-04-23 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-06-13 668328]
"EzPrint"="c:\program files\Lexmark 3600-4600 Series\ezprint.exe" [2008-06-13 107176]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^donnajean^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Jean^Start Menu^Programs^Startup^Adobe Media Player.lnk]
backup=c:\windows\pss\Adobe Media Player.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smileycons
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2007-03-09 11:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
--a------ 2008-12-21 11:44 2250256 c:\program files\IObit\Advanced SystemCare 3\AWC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-04 04:00 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
--a--c--- 2002-04-22 09:50 28672 c:\progra~1\Logitech\MOUSEW~1\system\EM_EXEC.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a--c--- 2005-10-12 11:30 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-02-16 15:15 81920 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook]
-ra--c--- 1998-12-16 13:09 57393 c:\progra~1\MICROS~2\Office\OUTLOOK.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook118]
-ra--c--- 1998-12-16 13:09 57393 c:\progra~1\MICROS~2\Office\OUTLOOK.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook198]
-ra--c--- 1998-12-16 13:09 57393 c:\progra~1\MICROS~2\Office\OUTLOOK.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook740]
-ra--c--- 1998-12-16 13:09 57393 c:\progra~1\MICROS~2\Office\OUTLOOK.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook893]
-ra--c--- 1998-12-16 13:09 57393 c:\progra~1\MICROS~2\Office\OUTLOOK.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 12:33 13574144 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 12:33 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-12-05 10:59 864256 c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-11-26 15:55 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
--a--c--- 2007-03-11 13:37 936960 c:\program files\Verizon\McciTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"SigmatelSysTrayApp"=stsystra.exe
"Verizon_McciTrayApp"=c:\program files\Verizon\McciTrayApp.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\lxdxcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-04-23 33800]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 atinewp2;ATI eHomeWonder, WDM Video CODEC;c:\windows\system32\drivers\atinewp2.sys [2006-05-12 485888]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-04-23 472320]
R4 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R4 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2008-12-21 98984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
2009-01-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []
2009-01-08 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2008-12-12 12:17]
2009-01-07 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2008-12-12 12:17]
2009-01-07 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\ [2009-01-08 09:06]
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)
Notify-dimsntfy - (no file)
MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-QuickTime Task - c:\program files\riven\qttask.exe
MSConfigStartUp-SmartRAM - c:\program files\IObit\Advanced WindowsCare V2\MemCleaner.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
Trusted Zone: *.update.microsoft.com
Trusted Zone: update.microsoft.com
c:\windows\Downloaded Program Files\stg_drm.ocx - c:\windows\Downloaded Program Files\CONFLICT.1\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.2\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.3\stg_drm.ocx
O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
file://c:\program files\G.H.O.S.T. Hunters\Images\stg_drm.ocx
.
**************************************************************************
disk not found C:\
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-436374069-1788223648-839522115-1018\Software\Ultisoft\7poker\*NULL**NULL*RS*NULL**NULL**NULL**NULL* : ]
"Ӎʻ"="Ӎ̴ʴ"
"؊"="ӂӻ̼"
"шӨ"="ݏ"
"ςʲ"=""
"ӊӒ㘘"=""
"֙ѝٌӵ"=""
"Ă"=""
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{77DC1A39-F0B6-206E-C977-3FC350D757AC}\InProcServer32*NULL*]
"janagkoppploifhjjabf"=hex:6a,61,6d,66,6b,67,61,6e,65,69,70,62,62,68,6a,69,68,\
6b,69,66,00,66
"ianaakepobcenjagoj"=hex:6a,61,6d,66,62,66,62,6c,6e,6c,63,69,6b,6c,6b,64,70,65,\
6a,69,00,f3
"fbnagkoppploifhjjabfmpcbdpgocolgnikdfng iddop"=hex:6a,61,62,67,6a,63,64,65,65,\
66,63,6d,6f,65,67,66,6d,66,6b,66,00,ef
"nanaihfmhbjdomglmiilgoopnhaf"=hex:6d,61,6d,61,70,63,6f,61,63,6c,67,68,6b,67,\
67,65,70,6f,6e,61,6d,6c,69,6d,63,65,00,00
"nanaihfmhbjdomglmiilgoopbfmd"=hex:6f,61,66,66,63,62,6e,61,6c,61,6c,61,61,68,\
67,6e,6d,6e,6b,65,6a,66,6d,6a,6e,63,65,70,67,63,00,7c
"cbnahijpcalcgcapeglaphjcfladeigmnbdnnn"=hex:66,61,62,64,6a,6f,6e,61,68,63,69,\
64,00,00
"bbnahijpcalcgcapeglabipdfgngmbngdmig"=hex:69,61,66,63,64,6c,6a,6a,6b,68,62,6b,\
63,65,66,6a,70,6e,00,00
"manahijpcalcgcapeglaljpnmm"=hex:66,61,65,66,64,6d,63,67,66,6f,64,66,00,00
"fbnahijpcalcgcapeglamhcognkdjklcppoedci mcpii"=hex:6f,61,6c,63,69,66,68,6c,69,\
66,67,6a,67,70,6c,62,6b,67,6c,68,62,61,6a,70,65,70,64,6b,62,64,00,01
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(800)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdxcoms.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-01-08 9:13:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-08 17:13:12
Pre-Run: 222,110,330,880 bytes free
Post-Run: 222,040,010,752 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
309
hope I have followed through correctly. Eagerly awaiting your findings:)
-
hope I have followed through correctly.
Yes, you're doing just fine.
There's not a whole lot showing up in your logs. ComboFix did delete a few infections, though, so hopefully that's all there is. How is your computer running now? Is your browser still being redirected? Are you still having issues with your downloads? If so, we may need to dig deeper. Let me know what the current status is and we'll take it from there.
In the meantime, I want you to copy the text below in the code box:
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{77DC1A39-F0B6-206E-C977-3FC350D757AC}]
Open up Notepad and paste the text there. Go to File > Save As, then click on Save As Type and select All Files. Save the file to the desktop as remove.reg and close Notepad. Double-click on the file you have just created. If prompted to Run or Cancel, click on Run. When asked if you want to add this to your registry, click on Yes. This will only take a second or two. You can then delete the file.
Follow those steps and then when you can, get back to me with an update on your situation.
-
First of all right after I ran ComboFix file, noted a new icon for IE on my desktop. So deleted the old one on quick start toolbar. Tried the new IE and what a wonder! The internet problem of being so extremely slow has cleared up!!!!!!
Email problems remain
more new emails going to deleted file
not all emails are being downloaded from server when I check there
not sure yet about the ability to download
embedded objects in emails
I also have flash player problems
and cannot view DVD movies on my PC
However, think these two issues may be different post material?
Spy Hunter continues to malfunction and since Combfix turned off Win. Defender and I have been questioning that program all along; I took the risk of deleting it.
So far all as outlined above re the internet continues to work well. Am now thinking of deleting Spy Hunter - does not work anyway and always suspected it also of causing problem - but do not really know.
Accessing the web now is such a pleasure! Thanks to you. What more should I be doing?
-
Forgot to note that I followed your latest instruction re the registry fix and all went well.
-
I personally don't care for SpyHunter, nor do I really trust it. If I were you, I would stick to using AVG for anti-virus and keeping Malwarebytes' Anti-Malware and SUPERAntiSpyware handy if you ever need them. SpyHunter may be causing some issues, but I doubt it's causing all of them.
You should go ahead and download CCleaner (http://www.ccleaner.com) (install without Yahoo! toolbar) and configure it according to this guide (http://www.computerhope.com/forum/index.php/topic,22078.0.html). This will clean out your computer some by removing a lot of junk you don't need. Make sure you also let it clear your Temporary Internet Files. Going through this process may help with your internet somewhat.
I'm not sure what to say about your e-mail. It could be a problem with your filters or settings. It's possible that these problems were caused by an infection, but I've honestly never seen this happen. What program do you use for e-mail? Have you tried using a differen program? A lot of people really like Mozilla Thunderbird. If you'd like help with troubleshooting your e-mail problems, I think you would be better off posting over in the Windows or Software section. I don't use any e-mail programs, so I'm not familiar with all of the features. The same goes for your DVD problem.
CCleaner might help with Flash, but if not, you should try updating it to the newest version.
I don't suspect an active infection at this point, but if you would like, we can try digging a little deeper to see if there may be something hiding itself on your computer. If you would to do this, let me know, and I'll give you a couple more programs to scan with.
-
I took it upon myself to delete both Spy Hunter and Windows Defender as for some reason (no real solid proof) just felt they were part of my problem.
Also re Flash Player -since using the 'new' IE icon I do believe that you have resolved that problem also. Went on my server, Verizon, which now demands Flash Player. Though I bet I have installed the silly thing 10 times I tried once more to install and lo and behold it is now working. IE recognizes the Flash Player files and hopefully the next Flash Player demand will be so honored.
Re email, I think I have tried them all GMail, Yahoo, Mozilla Thunderbird, Outlook, Outlook Express. I like the simplicity of OE but it is problematic! I did like Thunderbird very much but had problems in copy/pasting (I never foreward emails), and deleting items in emails especially the red lines. If you can make suggestions how to handle these would be pleased to use Thunderbird. It reminds me of the old Netscape email program.
As for DVD will post on the windows site here and see if I can get a handle on what I need to do.
Re digging deeper to find issues with my PC - hey would love to IF you have the time and inclination. You have no idea how much you have helped me by getting my PC back on track. Is there anyway I can repay for this help as you have saved me quite a bit of money. The desert area of CA where I live is short of resources particularly tech help. What is here either costs the proverbial'arm and a leg' and is offered by people claiming to be techs but are not that well versed in what they are doing.
Does this site accept donations? Guess the workers here do not? but the site must cost someone to keep it active.
And re going on to find more issues on my PC have to tell you I fell in love with PCs when I was in my forties. My son who has is own PC business introduced me to Windows as I was at the time learning computer languages (Basic/Cobalt) to handle programming. After windows I never looked back and the PC industry and its advances has only increased my addiction to the technology.
Am now twice the age as when I started and my PC is my lifeline both for pleasure and for work as I teach at our local college. Your help has aided me in coordinating my work responsibilities with the main frame computer at the college. A necessity for my classes. So again I thank you very much and ready to dig away deeper into my PC:)
-
Rambled on in the last post so now am following your instructions re protection programs to use:
AVG
Malwarebytes
Super AntiSpy
CCleaner
Do you have an opinion on Obit's Advanced System Care (have bought the pro version so would like to keep unless it too causes problems. Also last tech installed RegScrub and Smart Defrag. Really do not need either as far as I am concerned. Have no problems defragging\scan discing on my own. Do I need Windows Malicious Tool Remover?
Think my biggest problem might be the fact I am womanly fanatic re cleaning my PC - almost do it on a daily basis. Also where fools tread, I also clean the registry quite often. Have been told novices should stay clear of Registry tampering:)
In changing antivirus programs want to make sure I do it correctly - is this the method?:
1 - download AVG but do not install
2 - unplug my modem
3 - delete ESET NOD32
4 - install AVG
5 - turn on modem
6 - update AVG
7 - off and running
And last I have 17 icons re all programs you have referred me to so I take it I can now delete all except for the above which you recommended I keep?
-
I'm very glad I have been able to help some. I appreciate the offer, but it really isn't necessary. After all, you did all of the work. I just showed you how. Because so many people ask, I have a donation link (https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=VZ4ADRD437C62&lc=US&item_name=CBMatt&cn=Add%20a%20special%20comment%20if%20you%20would%20like&no_shipping=1¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_LG%2egif%3aNonHosted), but I never ask for money in return for my help on here, and neither does the owner of Computer Hope. All we really want is for you to try to keep your computer in good shape.
Now, with that said...if you would like to dig a little deeper, I'd be happy to help. This is going to be a very large log (and the scan may take awhile), so I will also instruct you on uploading the file to a filehost. Because these logs are often so large, I likely won't be able to go through the entire thing, but it will give me a good idea of what's on your computer. Simply follow the below steps if you wish to give it a try...
Download to your desktop ISeeYouXP.exe by ShadowPuterDude (http://downloads.malwareteks.com/ISeeYouXP.exe)
Next double-click on ISeeYouXP.exe on your Desktop.
ISeeYouXP.exe will self-extract ISeeYouXP to C:\ISeeYouXP and place a .bat file on your Desktop.
Double-click ISeeYouXP.bat to run the script.
Once complete a log will be saved to the Desktop named ISeeYouXP.txt.
Post the following logs in your next reply:
ISeeYouXP.txt
If the ISeeYouXP .bat file does not extract to the Desktop. Double-click My Computer on the Desktop and navigate to the ISeeYouXP folder located in the C: drive. Double-click the ISeeYouXP.bat file to run the program.
Upload the file to Savefile.com (http://savefile.com/upload.phpSelect/)
There is no need to Register
Select Browse and locate the file.
Fill in the Title and Description and security code then click Upload
Copy the download link next to Your link to the file: and post the link back here.
Re email, I think I have tried them all GMail, Yahoo, Mozilla Thunderbird, Outlook, Outlook Express. I like the simplicity of OE but it is problematic! I did like Thunderbird very much but had problems in copy/pasting (I never foreward emails), and deleting items in emails especially the red lines. If you can make suggestions how to handle these would be pleased to use Thunderbird. It reminds me of the old Netscape email program.
This is another thing that would be better for one of the other sections because frankly, my experience is limited. I have used AOL exclusively for several years now. The only other program I have sufficient experience with is Microsoft Office Outlook 2007, as I had to take a course on it to go towards my AS degree. I honestly haven't used Outlook Express in about 5-8 years! If I looked hard enough, I could perhaps find the appropriate information online, but someone else may be able to do it quicker.
Do you have an opinion on Obit's Advanced System Care (have bought the pro version so would like to keep unless it too causes problems. Also last tech installed RegScrub and Smart Defrag. Really do not need either as far as I am concerned. Have no problems defragging\scan discing on my own. Do I need Windows Malicious Tool Remover?
I haven't personally used IObit, but I don't normally hear anything bad about it. It has conflicts with certain programs, but it should be fine with everything you have. And feel free to ditch RegScrub and Smart Defrag. CCleaner can take RegScrub's place and I really see no reason to replace the Windows defrag utility. Go ahead and keep the Windows MTR. It's not the most versatile program, but it's good to keep as a backup.
In changing antivirus programs want to make sure I do it correctly - is this the method?:
1 - download AVG but do not install
2 - unplug my modem
3 - delete ESET NOD32
4 - install AVG
5 - turn on modem
6 - update AVG
7 - off and running
Those steps sound good, but forget what I said about AVG. I forgot that you already have ESET installed. It's one of the best programs available. AVG is a great free alternative (it's what I use), but many feel that ESET is better. Either way, you will have sufficient protection. If you wish to switch to AVG, then it looks like you know just how to do it.
And last I have 17 icons re all programs you have referred me to so I take it I can now delete all except for the above which you recommended I keep?
Definitely keep Malwarebytes and SUPERAntiSpyware and CCleaner. If you're worried about desktop clutter, you can simply delete the icons. The programs should be in your Start menu, in the Programs section. Feel free to uninstall HijackThis. And you should uninstall ComboFix. To do this, simply go to Start > Run and type in combofix /u (note the space) and click OK.
You should also clear out your System Restore points by turning it off and then turning it back on...
http://support.microsoft.com/kb/310405
If you want to try ISeeYouXP, post the log whenever you're ready. And if you have any other questions, feel free to ask.
-
Have typed out all your instructions and will be following through. May take me a bit as the semester start is fast approaching and am caught up in lesson planning, syllabus development etc. But will keep you posted.
Re donation will consider Paypal. Do not yet have an account but son said Paypal is quite secure. Just had my ID stolen and so am very careful about online use when it comes to money. Again keep you posted re this matter.
-
The ISeeYouXP.exe file did not self-extract, could not find on my C drive to double click a bat file. But something went right because next thing I knew when I double clicked the exe file, it did its thing and I now have a long log txt to send you.
At this point I got rather lost in the uloading the file to Savefile.com because could not find the bat file.
Am sending the log I do have and awaiting further support as to what to do next.
-
Windows/Browser/Java Versions:
Microsoft Windows XP Professional
Version: 5.1.2600
Service Pack: 2.0
Windows Directory: C:\WINDOWS
Internet Explorer
Version: 6.0.2900.2180
Build: 62900.2180
Language: English (United States)
Path: C:\Program Files\Internet Explorer
Boot State: Normal boot
Scan done at 22:25:22.26, Fri 01/09/2009
------------------------------------------------------------------------------------
ISeeYouXP installation folder and files
"C:\ISeeYouXP\"
bootst~1.vbs May 28 2007 359 "bootstate.vbs"
change.log Jun 8 2008 5012 "change.log"
chodefix.bat Apr 18 2007 5387 "chodefix.bat"
fixchode.reg Apr 18 2007 528 "fixChode.reg"
fixexp~1.bat Feb 24 2007 487 "FixExplorerPolicies.bat"
getunk~1.bat Aug 12 2006 1478 "GetUnKeys.bat"
grep.exe Dec 24 2004 160768 "grep.exe"
hideit.bat Oct 17 2007 1072 "HideIT.bat"
ieinfo.vbs May 28 2007 514 "ieinfo.vbs"
iesecu~1.bat Oct 28 2007 72 "IESecurityZones.bat"
iesecu~1.vbs Nov 8 2007 2399 "IESecurityZones.vbs"
iseeyo~1.bat Jun 8 2008 211377 "ISeeYouXP.bat"
libico~1.dll Mar 16 2004 898048 "libiconv2.dll"
libintl3.dll Oct 9 2004 101888 "libintl3.dll"
locate.com Jan 14 2005 11254 "locate.com"
md5sum.exe Aug 5 2007 49152 "md5sum.exe"
msconf~1.bat Feb 24 2007 578 "MSConfigFix.bat"
osinfo.vbs May 28 2007 598 "osinfo.vbs"
pcbutts.txt Mar 25 2007 5167 "PCBUTTS.TXT"
pcre.dll Nov 14 2004 183313 "pcre.dll"
pv.exe Mar 3 2006 73728 "pv.exe"
regedi~1.bat Mar 30 2007 650 "RegEditFix.bat"
regfix.bat Apr 18 2007 145 "Regfix.bat"
servic~1.vbs May 28 2007 672 "servicesinfo.vbs"
showit.bat Oct 17 2007 1013 "ShowIT.bat"
swreg.exe Apr 5 2007 139776 "swreg.exe"
system~1.bat Feb 28 2007 369 "SystemRestoreFix.bat"
taskmg~1.bat Feb 24 2007 288 "TaskMgrFix.bat"
28 items found: 28 files, 0 directories.
Total of file sizes: 1,856,092 bytes 1.77 M
3 Dir(s) 221,861,486,592 bytes free
------------------------------------------------------------------------------------
System Environment Variables
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jean\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DONNA
ComSpec=C:\WINDOWS\system32\cmd.exe
errcode=0
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jean
LOGONSERVER=\\DONNA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;;C:\Program Files\VDMSound
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0404
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jean\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jean\LOCALS~1\Temp
USERDOMAIN=DONNA
USERNAME=Jean
USERPROFILE=C:\Documents and Settings\Jean
VDMSPath=C:\Program Files\VDMSound
windir=C:\WINDOWS
------------------------------------------------------------------------------------
Showing any Pocket Killbox backup files
No matches found.
------------------------------------------------------------------------------------
Displaying BOOT.INI:
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
------------------------------------------------------------------------------------
Displaying SYSTEM.INI:
[driver32]
[WINRECWINDSP]
Driver=windspli.dll
Address=345
[WINRECWIN32DSP]
Driver=windspli.dll
Address=666
[386enh]
device=DVA.386
woafont=dosapp.FON
CGA40WOA.FON=CGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
EGA80WOA.FON=EGA80WOA.FON
------------------------------------------------------------------------------------
Displaying WIN.INI:
[I.R.I.S.]
reg_n=30000
[Readiris]
Scanner32=Twaino38,23
[DPE]
Toolbar=1
SN75=43011702
[MCI Extensions.BAK]
m2v=MPEGVideo
mod=MPEGVideo
[drawdib]
vga.drv 1024x768x32(BGR 0)=0,0,0,0
[personal data removed]
MAPI=1
CMC=1
CMCDLLNAME32=mapi32.dll
CMCDLLNAME=mapi.dll
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1
[PowerUp]
PowerUp=C:\WINDOWS\POWERUP.INI
[IRIS_IPE]
menu=1
[CybDefKeepSafe]
ClientID={CDAEC88F-1D60-4237-AEBA-F2A1610A6BC1}
------------------------------------------------------------------------------------
Displaying AUTOEXEC.BAT:
------------------------------------------------------------------------------------
Displaying CONFIG.SYS:
-
Displaying Running Processes:
PROCESS PID PRIO PATH
smss.exe 724 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 772 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 796 High C:\WINDOWS\system32\winlogon.exe
services.exe 840 Normal C:\WINDOWS\system32\services.exe
lsass.exe 852 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 1024 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1092 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1192 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1284 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1388 Normal C:\WINDOWS\system32\svchost.exe
spoolsv.exe 1552 Normal C:\WINDOWS\system32\spoolsv.exe
ekrn.exe 1668 Normal C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
GoogleUpdaterService.exe 1704 Normal C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
iaantmon.exe 1744 Normal C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
jqs.exe 1792 Idle C:\Program Files\Java\jre6\bin\jqs.exe
lxdxserv.exe 1852 Normal C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
lxdxcoms.exe 1880 Normal C:\WINDOWS\system32\lxdxcoms.exe
nvsvc32.exe 1908 Normal C:\WINDOWS\system32\nvsvc32.exe
tcpsvcs.exe 232 Normal C:\WINDOWS\system32\tcpsvcs.exe
MsPMSPSv.exe 284 Normal C:\WINDOWS\system32\MsPMSPSv.exe
Explorer.EXE 1168 Normal C:\WINDOWS\Explorer.EXE
egui.exe 1724 Normal C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
rundll32.exe 1816 Normal C:\WINDOWS\system32\rundll32.exe
lxdxmon.exe 1840 Normal C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
ezprint.exe 2028 Normal C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe
RUNDLL32.EXE 1328 Normal C:\WINDOWS\system32\RUNDLL32.EXE
jusched.exe 328 Normal C:\Program Files\Java\jre6\bin\jusched.exe
SUPERAntiSpyware.exe 432 Normal C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
svchost.exe 1640 Normal C:\WINDOWS\system32\svchost.exe
alg.exe 2224 Normal C:\WINDOWS\System32\alg.exe
wuauclt.exe 3932 Normal C:\WINDOWS\system32\wuauclt.exe
ntvdm.exe 444 Normal C:\WINDOWS\system32\ntvdm.exe
iexplore.exe 3864 Normal C:\Program Files\internet explorer\iexplore.exe
cmd.exe 1304 Normal C:\WINDOWS\system32\cmd.exe
ntvdm.exe 2140 Normal C:\WINDOWS\system32\ntvdm.exe
wmiprvse.exe 3952 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe
pv.exe 2484 Normal C:\ISEEYO~1\pv.exe
WOWEXEC.EXE 2260 --- C:\WINDOWS\SYSTEM32\WOWEXEC.EXE
------------------------------------------------------------------------------------
Displaying Windows Services:
-
Displaying Windows Services:
Name: 6to4
Display Name: IPv6 Helper Service
Description: Provides DDNS name registration and automatic IPv6 connectivity over an IPv4 network. If this service is stopped, other computers may not be able to reach it by name and the machine will only have IPv6 connectivity if it is connected to a native IPv6 network. If this service is disabled, any other services that explicitly depend on this service will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: Alerter
Display Name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Disabled
State: Stopped
Name: ALG
Display Name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Path Name: C:\WINDOWS\System32\alg.exe
Start Mode: Manual
State: Running
Name: AppMgmt
Display Name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: aspnet_state
Display Name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Start Mode: Manual
State: Stopped
Name: AudioSrv
Display Name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: BITS
Display Name: Background Intelligent Transfer Service
Description: Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: Browser
Display Name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Stopped
Name: CiSvc
Display Name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Path Name: C:\WINDOWS\system32\cisvc.exe
Start Mode: Manual
State: Stopped
Name: ClipSrv
Display Name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\clipsrv.exe
Start Mode: Disabled
State: Stopped
Name: clr_optimization_v2.0.50727_32
Display Name: .NET Runtime Optimization Service v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Path Name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Start Mode: Manual
State: Stopped
Name: COMSysApp
Display Name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Start Mode: Manual
State: Stopped
Name: CryptSvc
Display Name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: DcomLaunch
Display Name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Path Name: C:\WINDOWS\system32\svchost -k DcomLaunch
Start Mode: Auto
State: Running
Name: Dhcp
Display Name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: dmadmin
Display Name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Path Name: C:\WINDOWS\System32\dmadmin.exe /com
Start Mode: Manual
State: Stopped
Name: dmserver
Display Name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: Dnscache
Display Name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k NetworkService
Start Mode: Auto
State: Running
Name: EhttpSrv
Display Name: Eset HTTP Server
Description: Eset HTTP Server
Path Name: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
Start Mode: Manual
State: Stopped
Name: ekrn
Display Name: Eset Service
Description: Eset Service
Path Name: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
Start Mode: Auto
State: Running
Name: ERSvc
Display Name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: Eventlog
Display Name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Path Name: C:\WINDOWS\system32\services.exe
Start Mode: Auto
State: Running
Name: EventSystem
Display Name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: FastUserSwitchingCompatibility
Display Name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: gusvc
Display Name: Google Updater Service
Description:
Path Name: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
Start Mode: Auto
State: Running
Name: helpsvc
Display Name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: HidServ
Display Name: HID Input Service
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: HTTPFilter
Display Name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k HTTPFilter
Start Mode: Manual
State: Stopped
Name: IAANTMon
Display Name: Intel(R) Matrix Storage Event Monitor
Description:
Path Name: C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
Start Mode: Auto
State: Running
Name: ImapiService
Display Name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\imapi.exe
Start Mode: Manual
State: Stopped
Name: JavaQuickStarterService
Display Name: Java Quick Starter
Description: Prefetches JRE files for faster startup of Java applets and applications
Path Name: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Start Mode: Auto
State: Running
Name: lanmanserver
Display Name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: lanmanworkstation
-
Name: lanmanworkstation
Display Name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: LmHosts
Display Name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Auto
State: Running
Name: lxdxCATSCustConnectService
Display Name: lxdxCATSCustConnectService
Description:
Path Name: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
Start Mode: Auto
State: Running
Name: lxdx_device
Display Name: lxdx_device
Description:
Path Name: C:\WINDOWS\system32\lxdxcoms.exe -service
Start Mode: Auto
State: Running
Name: Messenger
Display Name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Disabled
State: Stopped
Name: mnmsrvc
Display Name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\mnmsrvc.exe
Start Mode: Disabled
State: Stopped
Name: MSDTC
Display Name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\msdtc.exe
Start Mode: Manual
State: Stopped
Name: MSIServer
Display Name: Windows installer
Description:
Path Name: C:\WINDOWS\system32\msiexec.exe /V
Start Mode: Manual
State: Stopped
Name: NetDDE
Display Name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\netdde.exe
Start Mode: Disabled
State: Stopped
Name: NetDDEdsdm
Display Name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\netdde.exe
Start Mode: Disabled
State: Stopped
Name: Netlogon
Display Name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Manual
State: Stopped
Name: Netman
Display Name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: Nla
Display Name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: NtLmSsp
Display Name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Disabled
State: Stopped
Name: NtmsSvc
Display Name: Removable Storage
Description:
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: NVSvc
Display Name: NVIDIA Display Driver Service
Description: Provides system and desktop level support to the NVIDIA display driver
Path Name: C:\WINDOWS\system32\nvsvc32.exe
Start Mode: Auto
State: Running
Name: p2pgasvc
Display Name: Peer Networking Group Authentication
Description: Provides Network Authentication for Peer Group Members.
Path Name: C:\WINDOWS\system32\svchost.exe -k p2psvc
Start Mode: Manual
State: Stopped
Name: p2pimsvc
Display Name: Peer Networking Identity Manager
Description: Provides Identity service for Peer Networking
Path Name: C:\WINDOWS\system32\svchost.exe -k p2psvc
Start Mode: Manual
State: Stopped
Name: p2psvc
Display Name: Peer Networking
Description: Provides Peer Networking services
Path Name: C:\WINDOWS\system32\svchost.exe -k p2psvc
Start Mode: Manual
State: Stopped
Name: PlugPlay
Display Name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Path Name: C:\WINDOWS\system32\services.exe
Start Mode: Auto
State: Running
Name: Pml Driver HPZ12
Display Name: Pml Driver HPZ12
Description:
Path Name: C:\WINDOWS\system32\HPZipm12.exe
Start Mode: Manual
State: Stopped
Name: PNRPSvc
Display Name: Peer Name Resolution Protocol
Description: Enables Serverless Peer Name Resolution over the Internet
Path Name: C:\WINDOWS\system32\svchost.exe -k p2psvc
Start Mode: Manual
State: Stopped
Name: PolicyAgent
Display Name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Manual
State: Stopped
Name: ProtectedStorage
Display Name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running
Name: RasAuto
Display Name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: RasMan
Display Name: Remote Access Connection Manager
Description: Creates a network connection.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manua
-
Name: RasMan
Display Name: Remote Access Connection Manager
Description: Creates a network connection.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: RDSessMgr
Display Name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Path Name: C:\WINDOWS\system32\sessmgr.exe
Start Mode: Manual
State: Stopped
Name: RemoteAccess
Display Name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: RemoteRegistry
Display Name: Remote Registry
Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Disabled
State: Stopped
Name: RpcLocator
Display Name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Path Name: C:\WINDOWS\system32\locator.exe
Start Mode: Manual
State: Stopped
Name: RpcSs
Display Name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Path Name: C:\WINDOWS\system32\svchost -k rpcss
Start Mode: Auto
State: Running
Name: RSVP
Display Name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Path Name: C:\WINDOWS\system32\rsvp.exe
Start Mode: Manual
State: Stopped
Name: SamSs
Display Name: Security Accounts Manager
Description: Stores security information for local user accounts.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running
Name: SCardSvr
Display Name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\SCardSvr.exe
Start Mode: Manual
State: Stopped
Name: Schedule
Display Name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: seclogon
Display Name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: SENS
Display Name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: SharedAccess
Display Name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: ShellHWDetection
Display Name: Shell Hardware Detection
Description: Provides notifications for AutoPlay hardware events.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: SimpTcp
Display Name: Simple TCP/IP Services
Description: Supports the following TCP/IP services: Character Generator, Daytime, Discard, Echo, and Quote of the Day.
Path Name: C:\WINDOWS\system32\tcpsvcs.exe
Start Mode: Auto
State: Running
Name: SNMP
Display Name: SNMP Service
Description: Includes agents that monitor the activity in network devices and report to the network console workstation.
Path Name: C:\WINDOWS\System32\snmp.exe
Start Mode: Manual
State: Stopped
Name: SNMPTRAP
Display Name: SNMP Trap Service
Description: Receives trap messages generated by local or remote SNMP agents and forwards the messages to SNMP management programs running on this computer.
Path Name: C:\WINDOWS\System32\snmptrap.exe
Start Mode: Manual
State: Stopped
Name: Spooler
Display Name: Print Spooler
Description: Loads files to memory for later printing.
Path Name: C:\WINDOWS\system32\spoolsv.exe
Start Mode: Auto
State: Running
Name: srservice
Display Name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: SSDPSRV
Display Name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Disabled
State: Stopped
Name: stisvc
Display Name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Path Name: C:\WINDOWS\system32\svchost.exe -k imgsvc
Start Mode: Manual
State: Running
Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\dllhost.exe /Processid:{C60638D9-AFD7-4998-B499-46E70492E0B0}
Start Mode: Manual
State: Stopped
Name: SysmonLog
Display Name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\smlogsvc.exe
Start Mode: Disabled
State: Stopped
Name: TapiSrv
Display Name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: TermService
Display Name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Path Name: C:\WINDOWS\System32\svchost -k DComLaunch
Start Mode: Manual
State: Running
Name: Themes
Display Name: Themes
Description: Provides user experience theme management.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: TlntSvr
Display Name: Telnet
Description: Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\tlntsvr.exe
Start Mode: Disabled
State: Stopped
Name: TrkWks
Display Name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: uploadmgr
Display Name: Upload Manager
Description: Manages synchronous and asynchronous file transfers between clients and servers on the network. If this service is stopped, synchronous and asynchronous file transfers between clients and servers on the network will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: upnphost
Display Name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Disabled
State: Stopped
Name: UPS
Display Name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Path Name: C:\WINDOWS\System32\ups.exe
Start Mode: Manual
State: Stopped
Name: VSS
Display Name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\vssvc.exe
Start Mode: Manual
State: Stopped
Name: W32Time
Display Name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: WebClient
Display Name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Manual
State: Stopped
Name: WinDefend
Display Name: Windows Defender
Description: Helps protect users from malicious software, spyware, and other potentially unwanted software
Path Name: "C:\Program Files\Windows Defender\MsMpEng.exe"
Start Mode: Auto
State: Stopped
Name: winmgmt
Display Name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: WMDM PMSP Service
Display Name: WMDM PMSP Service
Description:
Path Name: C:\WINDOWS\system32\MsPMSPSv.exe
Start Mode: Auto
State: Running
-
Name: WmdmPmSN
Display Name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Disabled
State: Stopped
Name: Wmi
Display Name: Windows Management Instrumentation Driver Extensions
Description: Provides systems management information to and from drivers.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: WmiApSrv
Display Name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Path Name: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Start Mode: Manual
State: Stopped
Name: WMPNetworkSvc
Display Name: Windows Media Player Network Sharing Service
Description: Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
Path Name: "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Start Mode: Manual
State: Stopped
Name: wscsvc
Display Name: Security Center
Description: Monitors system security settings and configurations.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: wuauserv
Display Name: Automatic Updates
Description: Enables the download and installati
-
Name: WmdmPmSN
Display Name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Disabled
State: Stopped
Name: Wmi
Display Name: Windows Management Instrumentation Driver Extensions
Description: Provides systems management information to and from drivers.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: WmiApSrv
Display Name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Path Name: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Start Mode: Manual
State: Stopped
Name: WMPNetworkSvc
Display Name: Windows Media Player Network Sharing Service
Description: Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
Path Name: "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Start Mode: Manual
State: Stopped
Name: wscsvc
Display Name: Security Center
Description: Monitors system security settings and configurations.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: wuauserv
Display Name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: WudfSvc
Display Name: Windows Driver Foundation - User-mode Driver Framework
Description: Manages user-mode driver host processes
Path Name: C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Start Mode: Manual
State: Stopped
Name: WZCSVC
Display Name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: xmlprov
Display Name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
------------------------------------------------------------------------------------
Displaying LOG for Microsoft Windows Malicious Software Removal Tool:
*** Microsoft Windows MRT Log NOT Found! ****
----------------------------------------------------------------------------
Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys
if Hidden = 0 then Hidden Files and Folders are not shown
if SuperHidden = 1 is the desired default value.
if ShowSuperHidden = 0 then System Files are not shown
if HideFileExt = 1 then File Extension are not shown
We want their values to be (from top to bottom) 1,1,1,0
----------------------------------------------------------------------------
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced
Hidden REG_DWORD 1 (0x1)
SuperHidden REG_DWORD 1 (0x1)
ShowSuperHidden REG_DWORD 1 (0x1)
HideFileExt REG_DWORD 0 (0x0)
************************************************************************************
Examining Select Windows Registry Keys
------------------------------------------------------------------------------------
--------------------------------------------------------------------------
Items Found in ZoneMap\Domains:
--------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\msn.com
----------------------------------------------------------------------------
Current User ZoneMap ProtocolDefaults
----------------------------------------------------------------------------
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\protocoldefaults
<NO NAME> REG_SZ
http REG_DWORD 3 (0x3)
https REG_DWORD 3 (0x3)
ftp REG_DWORD 3 (0x3)
file REG_DWORD 3 (0x3)
@ivt REG_DWORD 1 (0x1)
shell REG_DWORD 0 (0x0)
----------------------------------------------------------------------------
Default URL Prefix Keys
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url
-
Default URL Prefix Keys
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\DefaultPrefix
<NO NAME> REG_SZ http://
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\Prefixes
ftp REG_SZ ftp://
gopher REG_SZ gopher://
home REG_SZ http://
mosaic REG_SZ http://
www REG_SZ http://
--------------------------------------------------------------------------
Startup Items Disabled via MSCONFIG:
--------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\ExpandFrom
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\ExpandTo
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
backup REG_SZ C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location REG_SZ Common Startup
item REG_SZ Adobe Reader Speed Launch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk
backup REG_SZ C:\WINDOWS\pss\Google Updater.lnkCommon Startup
location REG_SZ Common Startup
command REG_SZ C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE -systray -startup
item REG_SZ Google Updater
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk
backup REG_SZ C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location REG_SZ Common Startup
command REG_SZ C:\PROGRA~1\HP\Digital Imaging\bin\hpqtra08.exe
item REG_SZ HP Digital Imaging Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk
backup REG_SZ C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location REG_SZ Common Startup
command REG_SZ C:\PROGRA~1\HP\Digital Imaging\bin\hpqthb08.exe -s
item REG_SZ HP Image Zone Fast Start
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk
backup REG_SZ C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
location REG_SZ Common Startup
command REG_SZ C:\PROGRA~1\DESKTO~1\8876480\Program\LDMConf.exe /start
item REG_SZ Logitech Desktop Messenger
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk
backup REG_SZ C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup
location REG_SZ Common Startup
command REG_SZ C:\PROGRA~1\PANASO~1\LUMIXS~1\PHLEAU~1.EXE
item REG_SZ LUMIX Simple Viewer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
backup REG_SZ C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location REG_SZ Common Startup
command REG_SZ C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l
item REG_SZ Microsoft Office
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk
backup REG_SZ C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
location REG_SZ Common Startup
item REG_SZ WinZip Quick Pick
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^donnajean^Start Menu^Programs^Startup^PowerReg Scheduler.exe
backup REG_SZ C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
location REG_SZ Startup
item REG_SZ PowerReg Scheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jean^Start Menu^Programs^Startup^Adobe Media Player.lnk
backup REG_SZ C:\WINDOWS\pss\Adobe Media Player.lnkStartup
location REG_SZ Startup
item REG_SZ Adobe Media Player
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ apdproxy
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ AWC
hkey REG_SZ HKCU
command REG_SZ "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ ctfmon
hkey REG_SZ HKCU
command REG_SZ C:\WINDOWS\system32\ctfmon.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ EM_EXEC
hkey REG_SZ HKLM
command REG_SZ C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ iaanotif
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ issch
hkey REG_SZ HKLM
command REG_SZ "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ dumprep 0 -k
hkey REG_SZ HKLM
command REG_SZ %systemroot%\system32\dumprep 0 -k
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ OUTLOOK
hkey REG_SZ HKCU
command REG_SZ C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE Outlook:Inbox /recycle
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook118
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ OUTLOOK
hkey REG_SZ HKCU
command REG_SZ C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE Outlook:Inbox /recycle
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook198
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ OUTLOOK
hkey REG_SZ HKCU
command REG_SZ C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE Outlook:Inbox /recycle
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook740
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ OUTLOOK
hkey REG_SZ HKCU
command REG_SZ C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE Outlook:Inbox /recycle
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook893
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ OUTLOOK
hkey REG_SZ HKCU
command REG_SZ C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE Outlook:Calendar
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ NeroCheck
hkey REG_SZ HKLM
command REG_SZ C:\WINDOWS\system32\NeroCheck.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ NvCpl
hkey REG_SZ HKLM
command REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ NvMcTray
hkey REG_SZ HKLM
command REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ SpyHunter3
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ GoogleToolbarNotifier
hkey REG_SZ HKCU
command REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ McciTrayApp
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\Verizon\McciTrayApp.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\state
system.ini REG_DWORD 0 (0x0)
win.ini REG_DWORD 0 (0x0)
bootini REG_DWORD 2 (0x2)
services REG_DWORD 0 (0x0)
startup REG_DWORD 2 (0x2)
--------------------------------------------------------------------------
Select AutoRun Registry Keys:
--------------------------------------------------------------------------
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
SUPERAntiSpyware REG_SZ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonceex
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
egui REG_SZ "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
nwiz REG_SZ nwiz.exe /install
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
lxdxmon.exe REG_SZ "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
EzPrint REG_SZ "C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe"
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesonce
HKEY_USERS\.default\software\microsoft\windows\currentversion\run
HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce
Error: Key: s-1-5-19\software\microsoft\windows\currentversion\run does not exist!
--------------------------------------------------------------------------
WinLogon Notify Registry Key:
--------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
DllName REG_SZ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
Logon REG_SZ SABWINLOLogon
Logoff REG_SZ SABWINLOLogoff
Startup REG_SZ SABWINLOStartup
Shutdown REG_SZ SABWINLOShutdown
Asynchronous REG_DWORD 0 (0x0)
Impersonate REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
Asynchronous REG_DWORD 0 (0x0)
Impersonate REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ crypt32.dll
Logoff REG_SZ ChainWlxLogoffEvent
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
Asynchronous REG_DWORD 0 (0x0)
Impersonate REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ cryptnet.dll
Logoff REG_SZ CryptnetWlxLogoffEvent
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
DLLName REG_SZ cscdll.dll
Logon REG_SZ WinlogonLogonEvent
Logoff REG_SZ WinlogonLogoffEvent
ScreenSaver REG_SZ WinlogonScreenSaverEvent
Startup REG_SZ WinlogonStartupEvent
Shutdown REG_SZ WinlogonShutdownEvent
StartShell REG_SZ WinlogonStartShellEvent
Impersonate REG_DWORD 0 (0x0)
Asynchronous REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
DLLName REG_SZ wlnotify.dll
Logon REG_SZ SCardStartCertProp
Logoff REG_SZ SCardStopCertProp
Lock REG_SZ SCardSuspendCertProp
Unlock REG_SZ SCardResumeCertProp
Enabled REG_DWORD 1 (0x1)
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
Asynchronous REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ wlnotify.dll
Impersonate REG_DWORD 0 (0x0)
StartShell REG_SZ SchedStartShell
Logoff REG_SZ SchedEventLogOff
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
Logoff REG_SZ WLEventLogoff
Impersonate REG_DWORD 0 (0x0)
Asynchronous REG_DWORD 1 (0x1)
DllName REG_EXPAND_SZ sclgntfy.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
DLLName REG_SZ WlNotify.dll
Lock REG_SZ SensLockEvent
Logon REG_SZ SensLogonEvent
Logoff REG_SZ SensLogoffEvent
Safe REG_DWORD 1 (0x1)
MaxWait REG_DWORD 600 (0x258)
StartScreenSaver REG_SZ SensStartScreenSaverEvent
StopScreenSaver REG_SZ SensStopScreenSaverEvent
Startup REG_SZ SensStartupEvent
Shutdown REG_SZ SensShutdownEvent
StartShell REG_SZ SensStartShellEvent
PostShell REG_SZ SensPostShellEvent
Disconnect REG_SZ SensDisconnectEvent
Reconnect REG_SZ SensReconnectEvent
Unlock REG_SZ SensUnlockEvent
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
Asynchronous REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ wlnotify.dll
Impersonate REG_DWORD 0 (0x0)
Logoff REG_SZ TSEventLogoff
Logon REG_SZ TSEventLogon
PostShell REG_SZ TSEventPostShell
Shutdown REG_SZ TSEventShutdown
StartShell REG_SZ TSEventStartShell
Startup REG_SZ TSEventStartup
MaxWait REG_DWORD 600 (0x258)
Reconnect REG_SZ TSEventReconnect
Disconnect REG_SZ TSEventDisconnect
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon
Logon REG_SZ WLEventLogon
Logoff REG_SZ WLEventLogoff
Startup REG_SZ WLEventStartup
Shutdown REG_SZ WLEventShutdown
StartScreenSaver REG_SZ WLEventStartScreenSaver
StopScreenSaver REG_SZ WLEventStopScreenSaver
Lock REG_SZ WLEventLock
Unlock REG_SZ WLEventUnlock
StartShell REG_SZ WLEventStartShell
PostShell REG_SZ WLEventPostShell
Disconnect REG_SZ WLEventDisconnect
Reconnect REG_SZ WLEventReconnect
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 0 (0x0)
SafeMode REG_DWORD 1 (0x1)
MaxWait REG_DWORD -1 (0xffffffff)
DllName REG_EXPAND_SZ WgaLogon.dll
Event REG_DWORD 3 (0x3)
EulaAccepted REG_DWORD 1 (0x1)
InstallEvent REG_SZ 1.8.0031.9
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Settings
<NO NAME> REG_SZ
-
I see what you mean by work! By the time I finished posting this log my eyes were crossed, brain fried and lost track of time :P
Am not at all sure I got it all and in correct sequence. Let me know and will try again when it is early in the AM and I am clicking on all fours :-\
Keeping my fingers crossed.
-
Re donation will consider Paypal. Do not yet have an account but son said Paypal is quite secure. Just had my ID stolen and so am very careful about online use when it comes to money. Again keep you posted re this matter.
Like I said, it's really don't necessary, so don't feel obligated. I really don't feel like I deserve it. Heh.
I have to imagine that posting the log this way was a pain and I apologize, but I promise I won't make you do it again anytime soon. Ha. It's difficult to be super thorough with one of these, but from I can see, nothing strikes me as being out of the ordinary. As far as active infections go, I'd say you're in the clear. As long as you can get your other issues worked out, you should be good to go.
-
Good to hear and have recovered from log posting. Old saying - no pains no gains so it was worth hearing I am fairly clean re PC issues. ;D
Last questions before you go:
I run CCleaner daily; any problem running the registry option daily also?
and just curious - have heard pros and cons about cleaning out prefetch files weekly; so far have not noticed that it reaches a limit and does so automatically as some claim.
Again thanks for all your help; it is so nice to sit at the PC and enjoy it as pleasure now much less be working on it and not being so frustrated. Have posted my DVD Win. Med. problem on I hope the appropriate site. When that is clear then all my issues will have been attended to.
If I have further like issues I take it I can return to this forum and hopefully get you? Been a pleasure working with you.
-
You shouldn't have to run the registry scanner daily, but I see no harm in doing so. It basically just looks for registry entries that don't work properly and removes them. Nothing too invasive.
As for prefetch files, I generally don't bother. You may want to remove any that look like they belong to suspicious files. But as long as they all belong to your normal programs, then removing them isn't worth your time. They're harmless and they take up very little space. And besides, they help open your programs faster.
You can most definitely come back anytime if you have any further problems. I get busy from time to time, but I'm usually here and I'm always happy to help.
-
My last question - really :P I just noticed I still have some three JavaRa files yet that you had me download. I also have Jave 6 TM update 11 installed . Not sure if they are the same OR which to delete if need be.
-
1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.
Did you follow all 4 of the steps above? If so, then you can go ahead and remove JavaRa. Be sure to keep Java 6 Update 11.
-
Yes, I did - all four steps so will go ahead and delete the JavaRa. Thanks so much - again ::)
-
No problem! And you are always welcome to come back if you have more questions or any other problems.
-
Will remember your offer ;D and not that I do not like you but hope I do not have to come back too soon. Means will be having more problems. :o
-
Ha, believe me, I understand.
-
Just knew you would ;D ;D ;D
-
Just happened to run your log through the new processor tool I'm working on and noticed you're running Windows XP SP2, I'd also recommend if your system is going smoothly now to update to Windows XP SP3.
-
Just posted another issue and the reply I got was here. Did not know you had suggested SP3. I tried this once and had problems with it - there were some sites I could not get to work and they were related to my college work so that plus other issues I had caused me to uninstall it and stay away from it.
Should perhaps try again and then 'lean on you' for support when things go wrong? :P
I think there were some configuration issues I was told that caused the problems with SP3. What say you?
-
Although some minor issues were discovered upon the initial release of SP3 most issues caused by SP3 were due to malware and other software configurations that conflicted with the installation. Personally I'd always recommend keeping fully up-to-date with all software updates. It's ok to withhold upgrading when first released because often big updates like a service pack can have issues. However, there has been plenty of time for Microsoft to work out any of the bugs.
-
OK good reasoning - will give it a try. I guess if worst comes to worst, can one uninstall SP3 going back to SP2? Or is that not an option?
I use my PC in my work and since the semester has just strted do not need any issues right at this time.
-
SP3 can be uninstalled if necessary. I really wouldn't worry, though. There were a few issues when it first came out, but it seems to be smooth sailing now. It's generally a good idea to have the latest service packs, but if you're worried, you could just avoid it for now. Although it should be perfectly safe, SP3 isn't nearly as vital as SP2 was.
-
When I have more time might give it a try as long as I know you are there to console the jittery nerves if I run into trouble ::) ;D
-
Heh, whenever you're ready, we'll be here with cocoa and kittens.
-
Rayyyyyyy when the water is right - will jump in so have that life saver ready ;D Keep you posted.
-
Just now got back to your post re SP3. I plan to do so but am waiting until I have a day when I can cope with what might ever happen. When I installed the SP3 in the past, it caused several problems about accessing some sites which I needed due to working on PC.
But have made several changes in PC configuration so will try SP3 again. Hopefully this week sometime. CBMatt has said if I have any problems he would stand by:)
Will attempt tomorrow re installation as I do not work that day. :)
-
to CB Matt: You probably do not remember me but you gave me excellent help around my PC slowdown and further advocated I put on SP3. You also said if I needed further help re the SP3 to return here.
Have added SP2 without and reprocussions. However have two minor issues that I could use help with:
1 - PC has notably slowed down in all aread
2 - when I boot up and my desktop appears, I have to wait some period of time for the icons to appear.
Not big issues but would like some way to correct if possible.
-
Hope I am doing this correctly by posting the results of my Add/Remove screen here:
list of unknown programs from Add/Remove is lengthy as I am a novice re PCs and so do not recognize many of the programs so noted. Probably many are quite legitimate.
Programs not recognized, did not order, not sure I need
AGEIA PhysX v6.10.25
Apple Software Update
Dell Resource Disc (PC is a Dell and I have CDs for most all programs
Image Resizer Powertoy for Windows XP (can resize pictures, not sure is a non-infected program)
Intervideo Win DVD
Java 6 Update 11 (most things needing Java get message it has been disabled or needs Updating)
LUMIX Simple Viewer ( have great many pictures so not sure if this is needed; unaware of just what the program is)
MD easy and MD plus (do not know these two programs
AL Open AL unknown
Sigma Tel Audio believe it is my sound system
(am confused by all the adobe/acrobat programs installed all necessary?)
Spelling dictionary for adobe reader 9
Acrobat. Com
Adobe Acrobat Reader 3.0
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
ABBYY FineReader 6.0 Sprint
Adobe Photoshop Album Starter Edition 3.2
System Requirements Lab
UHS reader ver. 6.10
VDM Sound
Who Crashed 1.01
Windows Essentials Media Codec Pack 2.2b
Windows live OneCare Safety scanner
Windows Media Format 11 runtime
Windows Media Player (can never use, get message program has problem needs to close)
Windows Search 4.0
Windows Support Tools
Windows Vista Upgrade Advisor (need?)
These two programs will not uninstall
Goggle Earth
Logiteck Desktop Manager
Logitech Users Guide (no longer have Logitech mouse/keyboard)
Microsoft Intellitype Pro 5.3 (have MS Organomic Keyboard
MSW
MSW Music Assistant
Many files denoting SP1 SP2 SP3