Author Topic: PC slowdown (Read 33204 times)

nondaj · « **on:** January 04, 2009, 12:50:15 PM »

Dell XPS400 Dimension
XP-Pro Version 2002 SP2
Pentium® D 2.80 GHz
2.79 GHz, 2.00 GB of Ram

Within last 3-4 days my PC has apparently suddenly begin to slow down until now it is almost impossible to work with it especially online. Downloads which before used to take seconds to minutes now state they will take 1-2 hours. Pictures seem to be the worst offender re downloads either online or in emails.

One recipent's emails are going to the deleted file rather than the inbox.

Have a variety of protection programs but both they and my anti-virus come up with no unusual infections. Have defragged and scanned disc the PC again with no results re the problems I am having.

Can anyone suggest what might be wrong or what I might do to correct the problems?

Am using Obit Pro, Reg Scrub, CCleaner, Spy Hunter, Windows Defender and Windows Malicious Tool Remover all of which were recommended at one time by a PC tech. My anti-virus is ESET NOD32. I continually update all programs in attempt to avoid problems such that am having now.

So what am I doing wrong here?

CBMatt · « **Reply #1 on:** January 04, 2009, 05:37:44 PM »

Please start here: http://www.computerhope.com/forum/index.php/topic,46313.0.html

nondaj · « **Reply #2 on:** January 04, 2009, 10:42:09 PM »

Have followed the directions clear down to Hi-Jack this but am stuck here. I downloaded Hi-Jack and renamed it to JHT but there is no 'install' button; when I double click on HJT file, it merely opens to programs with which to open the download. What have I missed or done in error?

CBMatt · « **Reply #3 on:** January 05, 2009, 04:35:48 PM »

It sounds like you may have removed the file extension when renaming it. Try downloading HijackThis again, but this time, don't rename it. Does it work now?

nondaj · « **Reply #4 on:** January 05, 2009, 09:15:34 PM »

OK will try again and let you know how I do. Thanks for hanging in with me.

nondaj · « **Reply #5 on:** January 05, 2009, 09:32:00 PM »

Following is my Hi-Jack log. Could not follow your instructions quite to the letter but was able to still get this Hi-Jack log so hope it is OK.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:14 PM, on 1/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\G.H.O.S.T. Hunters\Images\stg_drm.ocx
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.collegeofthedesert.edu/SiteCollectionImages/TitleGraphic.jpg
O24 - Desktop Component 1: (no name) - https://www.verizon.net/central/resources/images/email/emailheader.jpg

--
End of file - 5541 bytes

CBMatt · « **Reply #6 on:** January 06, 2009, 02:09:45 AM »

Remove this entry with HijackThis:

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

Simply place a check next to it and click on Fix Checked.

Other than that, not much is showing up in your log. Why were you unable to do the other steps? Could you not download the programs? Did you receive any errors?

nondaj · « **Reply #7 on:** January 06, 2009, 10:11:46 AM »

No I was able to download everything. There were just some directions that you gave that I could not find the steps to follow through exactly. However, continuing on with what I was seeing on my screen I think I arrived at the place where I was supposed to be re your directions.

This might be an example. When I did the log, there were two screens that opened: the log I sent you and the other would have been the 'fix it' screen where I could put a check mark and click on fix it. However, there was no place on this screen to save it, no toolbar at all so when I logged off for the night, it of course disappeared.

Not sure whether to go through process again of developing a log to bring this screen back up again in order to delete the 'string' you indicated. Or is there another way to delete same the string?

My PC continues to malfunction and is getting no better. Does this then mean, if nothing else is found, that I may be having software conflicts?

Some time ago a tech put SpyHunter on my PC - I did not opt for it so do not know anything about it. It has now 'gone down', will not function when I try to use it. Wondering if I can safely let windows delete this program to see if it will help my problems.

I have a couple of entries on the ADD\Remove listing that will not delete.

Error messages are Setup.Ex has encountered a problem and must close - this for a program called Google Earth.

And Logitech Desk Messenger has an error message but it goes by so fast unable to read it; the listing just will not delete.

Found both in the registry but as a novice, hesitate to do anything there! Not sure any of these has anything to do with my PC troubles right now.

I always let windows delete any software program unless the program itself has a deletion option. There are some listings that I do not know anything about but would not dare to delete unless I had advice or knew more about them.

What else can I do to resolve my PC problems or is there something I have missed along the way in your efforts to help me?

Again all the downloads went well but these problems persist:

1 - very very slow downloads particularly if pictures are involved

2 - emails are especially slow to download so that I have advised email correspondents to cease embedding pictures in emails as they seem to stop up the downloads completely. Attachments do not seem to be an issue.

3 - one correspondent's emails go to my deleted box instead of the inbox (am using Outlook Express by the way) so have to continually be aware of this. This person lives in England and is on AOL.

4 - moving about on the internet is so frustrating that I frequently have to give up attaining some sites.

5 - cannot see some sites because IE browser refuses to recognize that I have Flash Player 10 installed. Some of these sites are crucial to my work on the PC so need to resolve this issue eventally.

Do appreciate your efforts thus far and willing to wait and work if such needs to be done to resolve any of my problems.

CBMatt · « **Reply #8 on:** January 06, 2009, 04:34:54 PM »

You've certainly got a lot of issues. I don't know if they're all virus-related, but we'll try to find out. For starters...to remove the bold entry I posted above, simply open HijackThis and click on the option that says something along the lines of Scan without saving a log. It will bring up a list of entries. Simply scroll down to the R3 section, place a checkmark next to the entry above, and click on Fix Checked.

Once you have done that, try to follow the instructions below...
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete. Also, keep in mind that the ComboFix log probably won't fit into one post, so you may have to break it up into sections.

nondaj · « **Reply #9 on:** January 07, 2009, 07:45:55 PM »

OK - got down to the link that was to bring up list of protection programs to disable but could not find any list.

All I could find on the screen that came up was ads for spyware removal programs. So where did I miss the boat?

CBMatt · « **Reply #10 on:** January 08, 2009, 01:00:27 AM »

Take a look at the image I have attached below. Is that not the page you see? If it is, you are supposed to look for your anti-virus in the list (use Ctrl+F if you have trouble) and it will explain how to disable it. If that's not the page you see, then you may have a browser hijacker. If that's the case...are you able to download ComboFix? If not, let me know. But if you can, go ahead and download it. You are using ESET, correct? You should be able to simply right-click the icon near the bottom-right of your screen, and choose Quit. When asked if you want to quit, click Yes. Then follow the rest of my previous instructions.

Give it a shot and let me know what your results are.

[attachment deleted by admin]

nondaj · « **Reply #11 on:** January 08, 2009, 09:54:45 AM »

Ah ha browser hi-jacker makes sense from what little I know re PCs because it is the internet and email where most of my problems lie. No I do not see that screen you showed, yes I was able to download the Combo file and yes will turn off my ESET NOD32. Keep you posted how I make out.

nondaj · « **Reply #12 on:** January 08, 2009, 10:21:28 AM »

New Hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:03 AM, on 1/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\G.H.O.S.T. Hunters\Images\stg_drm.ocx
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.collegeofthedesert.edu/SiteCollectionImages/TitleGraphic.jpg
O24 - Desktop Component 1: (no name) - https://www.verizon.net/central/resources/images/email/emailheader.jpg

--
End of file - 5443 bytes

nondaj · « **Reply #13 on:** January 08, 2009, 10:23:17 AM »

Combo log

ComboFix 09-01-07.01 - Jean 2009-01-08 9:06:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1409 [GMT -8:00]
Running from: c:\documents and settings\Jean\Desktop\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jean\Application Data\inst.exe
C:\setup.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\msvrc20.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP

((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2009-01-05 20:23 . 2009-01-05 20:23   <DIR>   d--------   c:\program files\Trend Micro
2009-01-04 20:37 . 2009-01-04 20:37   <DIR>   d--------   c:\program files\Java
2009-01-04 20:37 . 2009-01-04 20:37   410,984   --a------   c:\windows\system32\deploytk.dll
2009-01-04 20:37 . 2009-01-04 20:37   73,728   --a------   c:\windows\system32\javacpl.cpl
2009-01-04 18:03 . 2009-01-06 19:57   <DIR>   d--------   c:\program files\SUPERAntiSpyware
2009-01-04 18:03 . 2009-01-04 18:03   <DIR>   d--------   c:\documents and settings\Jean\Application Data\SUPERAntiSpyware.com
2009-01-04 18:03 . 2009-01-04 18:03   <DIR>   d--------   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-01 22:26 . 2009-01-02 13:51   <DIR>   d--------   c:\program files\7-Zip
2009-01-01 15:02 . 2009-01-01 15:02   64,544   --a------   c:\documents and settings\MSSSerif96.fon
2009-01-01 15:02 . 2009-01-01 15:02   54,156   --ah-----   c:\windows\QTFont.qfn
2009-01-01 15:02 . 2009-01-01 15:02   1,409   --a------   c:\windows\QTFont.for
2009-01-01 14:45 . 2009-01-01 15:06   <DIR>   d--------   c:\program files\Common Files\Sonic Shared
2008-12-30 09:29 . 2008-10-07 12:33   201,157   --a------   c:\windows\system32\nvapps.nvb
2008-12-29 22:25 . 2008-12-29 22:28   <DIR>   d--------   c:\documents and settings\All Users\Application Data\nView_Profiles
2008-12-21 18:11 . 2009-01-07 19:01   <DIR>   d--------   c:\documents and settings\All Users\Lx_cats
2008-12-21 18:01 . 2008-12-21 18:01   <DIR>   d--------   C:\logs
2008-12-21 18:01 . 2008-02-18 20:14   360,448   --a------   c:\windows\system32\lxdxcoin.dll
2008-12-21 18:01 . 2008-02-06 02:24   60,996   --a------   c:\windows\system32\lxdxprpr.chm
2008-12-21 18:01 . 2008-02-27 16:15   40,960   --a------   c:\windows\system32\lxdxvs.dll
2008-12-21 18:00 . 2008-12-21 18:00   <DIR>   d--------   c:\program files\Lexmark Toolbar
2008-12-21 18:00 . 2008-02-27 16:11   782,336   --a------   c:\windows\system32\lxdxdrs.dll
2008-12-21 18:00 . 2001-08-17 22:36   87,040   --a------   c:\windows\system32\wiafbdrv.dll
2008-12-21 18:00 . 2001-08-17 22:36   87,040   --a--c---   c:\windows\system32\dllcache\wiafbdrv.dll
2008-12-21 18:00 . 2008-02-27 16:11   81,920   --a------   c:\windows\system32\lxdxcaps.dll
2008-12-21 18:00 . 2008-02-27 16:02   69,632   --a------   c:\windows\system32\lxdxcnv4.dll
2008-12-21 18:00 . 2006-12-06 09:19   44   --a------   c:\windows\system32\lxdxrwrd.ini
2008-12-21 17:59 . 2009-01-03 21:10   <DIR>   d--------   c:\program files\Lexmark 3600-4600 Series
2008-12-13 18:15 . 2008-12-13 18:21   22,016   --a------   C:\final grades.doc
2008-12-12 07:44 . 2008-10-03 02:15   247,326   -----c---   c:\windows\system32\dllcache\strmdll.dll

.
(((((((((((((

nondaj · « **Reply #14 on:** January 08, 2009, 10:25:13 AM »

rest of Combo log

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 04:50   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-01-05 02:02   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-01-03 23:05   ---------   d-----w   c:\program files\RegScrubXP
2009-01-02 23:18   ---------   d-----w   c:\program files\QuickTime
2009-01-02 22:15   ---------   d-----w   c:\documents and settings\Jean\Application Data\GoodSync
2009-01-02 21:57   ---------   d-----w   c:\documents and settings\All Users\Application Data\WinZip
2008-12-30 18:22   ---------   d-----w   c:\documents and settings\Jean\Application Data\MailWasherPro
2008-12-30 07:32   ---------   d-----w   c:\program files\CCleaner
2008-12-23 21:28   ---------   d-----w   c:\documents and settings\Jean\Application Data\UHS Reader
2008-12-08 16:58   ---------   d-----w   c:\program files\Google
2008-12-06 16:57   ---------   d-----w   c:\documents and settings\All Users\Application Data\TuneUp Software
2008-12-04 03:09   ---------   d-----w   c:\program files\Mulawa Dreaming
2008-12-01 22:19   ---------   d-----w   c:\program files\UHS
2008-11-28 23:08   ---------   d-----w   c:\documents and settings\Administrator\Application Data\MailWasherPro
2008-11-27 22:01   ---------   d-----w   c:\program files\SolSuite
2008-11-26 18:19   ---------   d-----w   c:\program files\Lighthouse Interactive
2008-11-25 17:33   94,157   ----a-w   C:\Uninstal.exe
2008-11-24 04:08   ---------   d-----w   c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-24 04:06   ---------   d-----w   c:\documents and settings\Administrator\Application Data\IObit
2008-11-20 03:57   ---------   d-----w   c:\program files\Sierra On-Line
2008-11-20 03:57   ---------   d-----w   c:\program files\Shirleetaire
2008-11-18 01:53   ---------   d-----w   c:\program files\Windows Media Connect 2
2008-11-18 01:53   ---------   d-----w   c:\program files\Verizon
2008-11-18 01:53   ---------   d-----w   c:\program files\TestGen
2008-11-18 01:53   ---------   d-----w   c:\program files\Barrow Hill
2008-11-18 01:53   ---------   d-----w   c:\program files\123 Free Puzzle
2008-11-18 01:53   ---------   d-----w   c:\documents and settings\Jean\Application Data\TestGen
2008-11-18 01:53   ---------   d-----w   c:\documents and settings\Jean\Application Data\SpinTop
2008-11-18 01:46   ---------   d-----w   c:\program files\IObit
2008-11-18 01:46   ---------   d-----w   c:\documents and settings\Jean\Application Data\IObit
2008-11-16 08:34   ---------   d-----w   c:\documents and settings\Jean\Application Data\SolSuite
2008-11-11 07:15   1,441,792   ----a-w   C:\jigsaws.exe
2008-11-08 18:37   ---------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2008-11-04 02:04   8   -c--a-w   c:\documents and settings\Jean\Application Data\usb.dat.bin
2008-11-02 19:51   0   ----a-w   C:\mcs.dat
2007-11-27 06:26   47,360   -c--a-w   c:\documents and settings\Jean\Application Data\pcouffin.sys
2004-07-30 05:38   1,839,040   -c--a-w   c:\program files\VDMSound2[1].1.0.exe
2007-04-06 05:44   1,623,584   -csha-w   c:\windows\system32\drivers\fidbox.dat
2007-04-06 05:44   67,104   -csha-w   c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

nondaj · « **Reply #15 on:** January 08, 2009, 10:26:59 AM »

more combo file

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-04-23 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-06-13 668328]
"EzPrint"="c:\program files\Lexmark 3600-4600 Series\ezprint.exe" [2008-06-13 107176]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^donnajean^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jean^Start Menu^Programs^Startup^Adobe Media Player.lnk]
backup=c:\windows\pss\Adobe Media Player.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smileycons

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2007-03-09 11:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
--a------ 2008-12-21 11:44 2250256 c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-04 04:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
--a--c--- 2002-04-22 09:50 28672 c:\progra~1\Logitech\MOUSEW~1\system\EM_EXEC.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a--c--- 2005-10-12 11:30 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-02-16 15:15 81920 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook]
-ra--c--- 1998-12-16 13:09 57393 c:\progra~1\MICROS~2\Office\OUTLOOK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook118]
-ra--c--- 1998-12-16 13:09 57393 c:\progra~1\MICROS~2\Office\OUTLOOK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook198]
-ra--c--- 1998-12-16 13:09 57393 c:\progra~1\MICROS~2\Office\OUTLOOK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook740]
-ra--c--- 1998-12-16 13:09 57393 c:\progra~1\MICROS~2\Office\OUTLOOK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook893]
-ra--c--- 1998-12-16 13:09 57393 c:\progra~1\MICROS~2\Office\OUTLOOK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 12:33 13574144 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 12:33 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-12-05 10:59 864256 c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-11-26 15:55 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
--a--c--- 2007-03-11 13:37 936960 c:\program files\Verizon\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"SigmatelSysTrayApp"=stsystra.exe
"Verizon_McciTrayApp"=c:\program files\Verizon\McciTrayApp.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\lxdxcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-04-23 33800]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 atinewp2;ATI eHomeWonder, WDM Video CODEC;c:\windows\system32\drivers\atinewp2.sys [2006-05-12 485888]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-04-23 472320]
R4 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R4 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2008-12-21 98984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2009-01-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []

2009-01-08 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2008-12-12 12:17]

2009-01-07 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2008-12-12 12:17]

2009-01-07 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\ [2009-01-08 09:06]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)
Notify-dimsntfy - (no file)
MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-QuickTime Task - c:\program files\riven\qttask.exe
MSConfigStartUp-SmartRAM - c:\program files\IObit\Advanced WindowsCare V2\MemCleaner.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe

.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
Trusted Zone: *.update.microsoft.com
Trusted Zone: update.microsoft.com

c:\windows\Downloaded Program Files\stg_drm.ocx - c:\windows\Downloaded Program Files\CONFLICT.1\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.2\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.3\stg_drm.ocx
O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
file://c:\program files\G.H.O.S.T. Hunters\Images\stg_drm.ocx
.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-436374069-1788223648-839522115-1018\Software\Ultisoft\7poker\Æ*NULL*×*NULL*RSÔ*NULL*È*NULL*Õ*NULL*¹*NULL*¬ : ]
"ÖÓˆÇÙÊ»ƒ"="ÖÓ„ÉÐÌ´…Š‰›Ê´ˆ"
"ÍØŠ˜ÂßÍ"="ÜÓ‚ÓßÓ»—˜Ž“Ì¼"
"†Ñˆ”’ÆÓ¨"="„ØÝƒà×"
"‡Ï‚€™ØÊ²"="†ÙÖ"
"ÆÓŠžËÓ’ã˜˜€"="†“"
"Ö™Ñ˜Õ—¶ÙŒ‚–Óµ"="ƒÜÁ’è"
"ÜÄ‚ÌÐÊ"="†“Ú"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{77DC1A39-F0B6-206E-C977-3FC350D757AC}\InProcServer32*NULL*]
"janagkoppploifhjjabf"=hex:6a,61,6d,66,6b,67,61,6e,65,69,70,62,62,68,6a,69,68,\
6b,69,66,00,66
"ianaakepobcenjagoj"=hex:6a,61,6d,66,62,66,62,6c,6e,6c,63,69,6b,6c,6b,64,70,65,\
6a,69,00,f3
"fbnagkoppploifhjjabfmpcbdpgocolgnikdfng iddop"=hex:6a,61,62,67,6a,63,64,65,65,\
66,63,6d,6f,65,67,66,6d,66,6b,66,00,ef
"nanaihfmhbjdomglmiilgoopnhaf"=hex:6d,61,6d,61,70,63,6f,61,63,6c,67,68,6b,67,\
67,65,70,6f,6e,61,6d,6c,69,6d,63,65,00,00
"nanaihfmhbjdomglmiilgoopbfmd"=hex:6f,61,66,66,63,62,6e,61,6c,61,6c,61,61,68,\
67,6e,6d,6e,6b,65,6a,66,6d,6a,6e,63,65,70,67,63,00,7c
"cbnahijpcalcgcapeglaphjcfladeigmnbdnnn"=hex:66,61,62,64,6a,6f,6e,61,68,63,69,\
64,00,00
"bbnahijpcalcgcapeglabipdfgngmbngdmig"=hex:69,61,66,63,64,6c,6a,6a,6b,68,62,6b,\
63,65,66,6a,70,6e,00,00
"manahijpcalcgcapeglaljpnmm"=hex:66,61,65,66,64,6d,63,67,66,6f,64,66,00,00
"fbnahijpcalcgcapeglamhcognkdjklcppoedci mcpii"=hex:6f,61,6c,63,69,66,68,6c,69,\
66,67,6a,67,70,6c,62,6b,67,6c,68,62,61,6a,70,65,70,64,6b,62,64,00,01
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdxcoms.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-01-08 9:13:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-08 17:13:12

Pre-Run: 222,110,330,880 bytes free
Post-Run: 222,040,010,752 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
309

hope I have followed through correctly. Eagerly awaiting your findings:)

CBMatt · « **Reply #16 on:** January 08, 2009, 03:33:22 PM »

Quote from: nondaj on January 08, 2009, 10:26:59 AM

hope I have followed through correctly.

Yes, you're doing just fine.

There's not a whole lot showing up in your logs. ComboFix did delete a few infections, though, so hopefully that's all there is. How is your computer running now? Is your browser still being redirected? Are you still having issues with your downloads? If so, we may need to dig deeper. Let me know what the current status is and we'll take it from there.

In the meantime, I want you to copy the text below in the code box:

Code: [Select]

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{77DC1A39-F0B6-206E-C977-3FC350D757AC}]

Open up Notepad and paste the text there. Go to File > Save As, then click on Save As Type and select All Files. Save the file to the desktop as remove.reg and close Notepad. Double-click on the file you have just created. If prompted to Run or Cancel, click on Run. When asked if you want to add this to your registry, click on Yes. This will only take a second or two. You can then delete the file.

Follow those steps and then when you can, get back to me with an update on your situation.

nondaj · « **Reply #17 on:** January 08, 2009, 04:39:24 PM »

First of all right after I ran ComboFix file, noted a new icon for IE on my desktop. So deleted the old one on quick start toolbar. Tried the new IE and what a wonder! The internet problem of being so extremely slow has cleared up!!!!!!

Email problems remain
more new emails going to deleted file
not all emails are being downloaded from server when I check there
not sure yet about the ability to download
embedded objects in emails

I also have flash player problems
and cannot view DVD movies on my PC

However, think these two issues may be different post material?

Spy Hunter continues to malfunction and since Combfix turned off Win. Defender and I have been questioning that program all along; I took the risk of deleting it.

So far all as outlined above re the internet continues to work well. Am now thinking of deleting Spy Hunter - does not work anyway and always suspected it also of causing problem - but do not really know.

Accessing the web now is such a pleasure! Thanks to you. What more should I be doing?

nondaj · « **Reply #18 on:** January 08, 2009, 04:41:40 PM »

Forgot to note that I followed your latest instruction re the registry fix and all went well.

CBMatt · « **Reply #19 on:** January 08, 2009, 11:22:11 PM »

I personally don't care for SpyHunter, nor do I really trust it. If I were you, I would stick to using AVG for anti-virus and keeping Malwarebytes' Anti-Malware and SUPERAntiSpyware handy if you ever need them. SpyHunter may be causing some issues, but I doubt it's causing all of them.

You should go ahead and download CCleaner (install without Yahoo! toolbar) and configure it according to this guide. This will clean out your computer some by removing a lot of junk you don't need. Make sure you also let it clear your Temporary Internet Files. Going through this process may help with your internet somewhat.

I'm not sure what to say about your e-mail. It could be a problem with your filters or settings. It's possible that these problems were caused by an infection, but I've honestly never seen this happen. What program do you use for e-mail? Have you tried using a differen program? A lot of people really like Mozilla Thunderbird. If you'd like help with troubleshooting your e-mail problems, I think you would be better off posting over in the Windows or Software section. I don't use any e-mail programs, so I'm not familiar with all of the features. The same goes for your DVD problem.

CCleaner might help with Flash, but if not, you should try updating it to the newest version.

I don't suspect an active infection at this point, but if you would like, we can try digging a little deeper to see if there may be something hiding itself on your computer. If you would to do this, let me know, and I'll give you a couple more programs to scan with.

nondaj · « **Reply #20 on:** January 09, 2009, 10:08:06 AM »

I took it upon myself to delete both Spy Hunter and Windows Defender as for some reason (no real solid proof) just felt they were part of my problem.

Also re Flash Player -since using the 'new' IE icon I do believe that you have resolved that problem also. Went on my server, Verizon, which now demands Flash Player. Though I bet I have installed the silly thing 10 times I tried once more to install and lo and behold it is now working. IE recognizes the Flash Player files and hopefully the next Flash Player demand will be so honored.

Re email, I think I have tried them all GMail, Yahoo, Mozilla Thunderbird, Outlook, Outlook Express. I like the simplicity of OE but it is problematic! I did like Thunderbird very much but had problems in copy/pasting (I never foreward emails), and deleting items in emails especially the red lines. If you can make suggestions how to handle these would be pleased to use Thunderbird. It reminds me of the old Netscape email program.

As for DVD will post on the windows site here and see if I can get a handle on what I need to do.

Re digging deeper to find issues with my PC - hey would love to IF you have the time and inclination. You have no idea how much you have helped me by getting my PC back on track. Is there anyway I can repay for this help as you have saved me quite a bit of money. The desert area of CA where I live is short of resources particularly tech help. What is here either costs the proverbial'arm and a leg' and is offered by people claiming to be techs but are not that well versed in what they are doing.

Does this site accept donations? Guess the workers here do not? but the site must cost someone to keep it active.

And re going on to find more issues on my PC have to tell you I fell in love with PCs when I was in my forties. My son who has is own PC business introduced me to Windows as I was at the time learning computer languages (Basic/Cobalt) to handle programming. After windows I never looked back and the PC industry and its advances has only increased my addiction to the technology.

Am now twice the age as when I started and my PC is my lifeline both for pleasure and for work as I teach at our local college. Your help has aided me in coordinating my work responsibilities with the main frame computer at the college. A necessity for my classes. So again I thank you very much and ready to dig away deeper into my PC:)

nondaj · « **Reply #21 on:** January 09, 2009, 10:25:24 AM »

Rambled on in the last post so now am following your instructions re protection programs to use:

AVG
Malwarebytes
Super AntiSpy
CCleaner

Do you have an opinion on Obit's Advanced System Care (have bought the pro version so would like to keep unless it too causes problems. Also last tech installed RegScrub and Smart Defrag. Really do not need either as far as I am concerned. Have no problems defragging\scan discing on my own. Do I need Windows Malicious Tool Remover?

Think my biggest problem might be the fact I am womanly fanatic re cleaning my PC - almost do it on a daily basis. Also where fools tread, I also clean the registry quite often. Have been told novices should stay clear of Registry tampering:)

In changing antivirus programs want to make sure I do it correctly - is this the method?:

1 - download AVG but do not install
2 - unplug my modem
3 - delete ESET NOD32
4 - install AVG
5 - turn on modem
6 - update AVG
7 - off and running

And last I have 17 icons re all programs you have referred me to so I take it I can now delete all except for the above which you recommended I keep?

CBMatt · « **Reply #22 on:** January 09, 2009, 12:08:43 PM »

I'm very glad I have been able to help some. I appreciate the offer, but it really isn't necessary. After all, you did all of the work. I just showed you how. Because so many people ask, I have a donation link, but I never ask for money in return for my help on here, and neither does the owner of Computer Hope. All we really want is for you to try to keep your computer in good shape.

Now, with that said...if you would like to dig a little deeper, I'd be happy to help. This is going to be a very large log (and the scan may take awhile), so I will also instruct you on uploading the file to a filehost. Because these logs are often so large, I likely won't be able to go through the entire thing, but it will give me a good idea of what's on your computer. Simply follow the below steps if you wish to give it a try...
Download to your desktop ISeeYouXP.exe by ShadowPuterDude
Next double-click on ISeeYouXP.exe on your Desktop.

ISeeYouXP.exe will self-extract ISeeYouXP to C:\ISeeYouXP and place a .bat file on your Desktop.

Double-click ISeeYouXP.bat to run the script.

Once complete a log will be saved to the Desktop named ISeeYouXP.txt.

Post the following logs in your next reply:
ISeeYouXP.txt

If the ISeeYouXP .bat file does not extract to the Desktop. Double-click My Computer on the Desktop and navigate to the ISeeYouXP folder located in the C: drive. Double-click the ISeeYouXP.bat file to run the program.

Upload the file to Savefile.com
There is no need to Register
Select Browse and locate the file.
Fill in the Title and Description and security code then click Upload
Copy the download link next to Your link to the file: and post the link back here.

Quote

Re email, I think I have tried them all GMail, Yahoo, Mozilla Thunderbird, Outlook, Outlook Express. I like the simplicity of OE but it is problematic! I did like Thunderbird very much but had problems in copy/pasting (I never foreward emails), and deleting items in emails especially the red lines. If you can make suggestions how to handle these would be pleased to use Thunderbird. It reminds me of the old Netscape email program.

This is another thing that would be better for one of the other sections because frankly, my experience is limited. I have used AOL exclusively for several years now. The only other program I have sufficient experience with is Microsoft Office Outlook 2007, as I had to take a course on it to go towards my AS degree. I honestly haven't used Outlook Express in about 5-8 years! If I looked hard enough, I could perhaps find the appropriate information online, but someone else may be able to do it quicker.

Quote

Do you have an opinion on Obit's Advanced System Care (have bought the pro version so would like to keep unless it too causes problems. Also last tech installed RegScrub and Smart Defrag. Really do not need either as far as I am concerned. Have no problems defragging\scan discing on my own. Do I need Windows Malicious Tool Remover?

I haven't personally used IObit, but I don't normally hear anything bad about it. It has conflicts with certain programs, but it should be fine with everything you have. And feel free to ditch RegScrub and Smart Defrag. CCleaner can take RegScrub's place and I really see no reason to replace the Windows defrag utility. Go ahead and keep the Windows MTR. It's not the most versatile program, but it's good to keep as a backup.

Quote

In changing antivirus programs want to make sure I do it correctly - is this the method?:

1 - download AVG but do not install
2 - unplug my modem
3 - delete ESET NOD32
4 - install AVG
5 - turn on modem
6 - update AVG
7 - off and running

Those steps sound good, but forget what I said about AVG. I forgot that you already have ESET installed. It's one of the best programs available. AVG is a great free alternative (it's what I use), but many feel that ESET is better. Either way, you will have sufficient protection. If you wish to switch to AVG, then it looks like you know just how to do it.

Quote

And last I have 17 icons re all programs you have referred me to so I take it I can now delete all except for the above which you recommended I keep?

Definitely keep Malwarebytes and SUPERAntiSpyware and CCleaner. If you're worried about desktop clutter, you can simply delete the icons. The programs should be in your Start menu, in the Programs section. Feel free to uninstall HijackThis. And you should uninstall ComboFix. To do this, simply go to Start > Run and type in combofix /u (note the space) and click OK.

You should also clear out your System Restore points by turning it off and then turning it back on...
http://support.microsoft.com/kb/310405

If you want to try ISeeYouXP, post the log whenever you're ready. And if you have any other questions, feel free to ask.

nondaj · « **Reply #23 on:** January 09, 2009, 12:24:01 PM »

Have typed out all your instructions and will be following through. May take me a bit as the semester start is fast approaching and am caught up in lesson planning, syllabus development etc. But will keep you posted.

Re donation will consider Paypal. Do not yet have an account but son said Paypal is quite secure. Just had my ID stolen and so am very careful about online use when it comes to money. Again keep you posted re this matter.

nondaj · « **Reply #24 on:** January 09, 2009, 11:31:55 PM »

The ISeeYouXP.exe file did not self-extract, could not find on my C drive to double click a bat file. But something went right because next thing I knew when I double clicked the exe file, it did its thing and I now have a long log txt to send you.

At this point I got rather lost in the uloading the file to Savefile.com because could not find the bat file.

Am sending the log I do have and awaiting further support as to what to do next.

nondaj · « **Reply #25 on:** January 09, 2009, 11:38:50 PM »

Windows/Browser/Java Versions:

Microsoft Windows XP Professional
Version:    5.1.2600
Service Pack: 2.0
Windows Directory: C:\WINDOWS

Internet Explorer
Version: 6.0.2900.2180
Build: 62900.2180
Language: English (United States)
Path:    C:\Program Files\Internet Explorer

Boot State: Normal boot

Scan done at 22:25:22.26, Fri 01/09/2009

------------------------------------------------------------------------------------

ISeeYouXP installation folder and files

"C:\ISeeYouXP\"
bootst~1.vbs May 28 2007    359 "bootstate.vbs"
change.log Jun 8 2008 5012 "change.log"
chodefix.bat Apr 18 2007 5387 "chodefix.bat"
fixchode.reg Apr 18 2007    528 "fixChode.reg"
fixexp~1.bat Feb 24 2007    487 "FixExplorerPolicies.bat"
getunk~1.bat Aug 12 2006 1478 "GetUnKeys.bat"
grep.exe Dec 24 2004 160768 "grep.exe"
hideit.bat Oct 17 2007 1072 "HideIT.bat"
ieinfo.vbs May 28 2007    514 "ieinfo.vbs"
iesecu~1.bat Oct 28 2007 72 "IESecurityZones.bat"
iesecu~1.vbs Nov 8 2007 2399 "IESecurityZones.vbs"
iseeyo~1.bat Jun 8 2008 211377 "ISeeYouXP.bat"
libico~1.dll Mar 16 2004 898048 "libiconv2.dll"
libintl3.dll Oct 9 2004 101888 "libintl3.dll"
locate.com Jan 14 2005    11254 "locate.com"
md5sum.exe Aug 5 2007    49152 "md5sum.exe"
msconf~1.bat Feb 24 2007    578 "MSConfigFix.bat"
osinfo.vbs May 28 2007    598 "osinfo.vbs"
pcbutts.txt   Mar 25 2007 5167 "PCBUTTS.TXT"
pcre.dll Nov 14 2004 183313 "pcre.dll"
pv.exe Mar 3 2006    73728 "pv.exe"
regedi~1.bat Mar 30 2007    650 "RegEditFix.bat"
regfix.bat Apr 18 2007    145 "Regfix.bat"
servic~1.vbs May 28 2007    672 "servicesinfo.vbs"
showit.bat Oct 17 2007 1013 "ShowIT.bat"
swreg.exe    Apr 5 2007 139776 "swreg.exe"
system~1.bat Feb 28 2007    369 "SystemRestoreFix.bat"
taskmg~1.bat Feb 24 2007    288 "TaskMgrFix.bat"

28 items found: 28 files, 0 directories.
   Total of file sizes: 1,856,092 bytes 1.77 M
   3 Dir(s) 221,861,486,592 bytes free

------------------------------------------------------------------------------------

System Environment Variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jean\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DONNA
ComSpec=C:\WINDOWS\system32\cmd.exe
errcode=0
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jean
LOGONSERVER=\\DONNA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;;C:\Program Files\VDMSound
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0404
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jean\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jean\LOCALS~1\Temp
USERDOMAIN=DONNA
USERNAME=Jean
USERPROFILE=C:\Documents and Settings\Jean
VDMSPath=C:\Program Files\VDMSound
windir=C:\WINDOWS

------------------------------------------------------------------------------------

Showing any Pocket Killbox backup files

No matches found.

------------------------------------------------------------------------------------

Displaying BOOT.INI:

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

------------------------------------------------------------------------------------

Displaying SYSTEM.INI:

[driver32]
[WINRECWINDSP]
Driver=windspli.dll
Address=345
[WINRECWIN32DSP]
Driver=windspli.dll
Address=666
[386enh]
device=DVA.386
woafont=dosapp.FON
CGA40WOA.FON=CGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
EGA80WOA.FON=EGA80WOA.FON

------------------------------------------------------------------------------------

Displaying WIN.INI:

[I.R.I.S.]
reg_n=30000
[Readiris]
Scanner32=Twaino38,23
[DPE]
Toolbar=1
SN75=43011702
[MCI Extensions.BAK]
m2v=MPEGVideo
mod=MPEGVideo
[drawdib]
vga.drv 1024x768x32(BGR 0)=0,0,0,0
[personal data removed]
MAPI=1
CMC=1
CMCDLLNAME32=mapi32.dll
CMCDLLNAME=mapi.dll
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1
[PowerUp]
PowerUp=C:\WINDOWS\POWERUP.INI
[IRIS_IPE]
menu=1
[CybDefKeepSafe]
ClientID={CDAEC88F-1D60-4237-AEBA-F2A1610A6BC1}

------------------------------------------------------------------------------------

Displaying AUTOEXEC.BAT:

------------------------------------------------------------------------------------

Displaying CONFIG.SYS:

nondaj · « **Reply #26 on:** January 09, 2009, 11:39:29 PM »

Displaying Running Processes:

PROCESS PID PRIO PATH
smss.exe 724 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 772 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 796 High C:\WINDOWS\system32\winlogon.exe
services.exe 840 Normal C:\WINDOWS\system32\services.exe
lsass.exe 852 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 1024 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1092 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1192 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1284 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1388 Normal C:\WINDOWS\system32\svchost.exe
spoolsv.exe 1552 Normal C:\WINDOWS\system32\spoolsv.exe
ekrn.exe 1668 Normal C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
GoogleUpdaterService.exe 1704 Normal C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
iaantmon.exe 1744 Normal C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
jqs.exe 1792 Idle C:\Program Files\Java\jre6\bin\jqs.exe
lxdxserv.exe 1852 Normal C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
lxdxcoms.exe 1880 Normal C:\WINDOWS\system32\lxdxcoms.exe
nvsvc32.exe 1908 Normal C:\WINDOWS\system32\nvsvc32.exe
tcpsvcs.exe 232 Normal C:\WINDOWS\system32\tcpsvcs.exe
MsPMSPSv.exe 284 Normal C:\WINDOWS\system32\MsPMSPSv.exe
Explorer.EXE 1168 Normal C:\WINDOWS\Explorer.EXE
egui.exe 1724 Normal C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
rundll32.exe 1816 Normal C:\WINDOWS\system32\rundll32.exe
lxdxmon.exe 1840 Normal C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
ezprint.exe 2028 Normal C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe
RUNDLL32.EXE 1328 Normal C:\WINDOWS\system32\RUNDLL32.EXE
jusched.exe 328 Normal C:\Program Files\Java\jre6\bin\jusched.exe
SUPERAntiSpyware.exe 432 Normal C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
svchost.exe 1640 Normal C:\WINDOWS\system32\svchost.exe
alg.exe 2224 Normal C:\WINDOWS\System32\alg.exe
wuauclt.exe 3932 Normal C:\WINDOWS\system32\wuauclt.exe
ntvdm.exe 444 Normal C:\WINDOWS\system32\ntvdm.exe
iexplore.exe 3864 Normal C:\Program Files\internet explorer\iexplore.exe
cmd.exe 1304 Normal C:\WINDOWS\system32\cmd.exe
ntvdm.exe 2140 Normal C:\WINDOWS\system32\ntvdm.exe
wmiprvse.exe 3952 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe
pv.exe 2484 Normal C:\ISEEYO~1\pv.exe
WOWEXEC.EXE 2260 --- C:\WINDOWS\SYSTEM32\WOWEXEC.EXE

------------------------------------------------------------------------------------

Displaying Windows Services:

nondaj · « **Reply #27 on:** January 09, 2009, 11:41:28 PM »

Displaying Windows Services:

Name: 6to4
Display Name: IPv6 Helper Service
Description: Provides DDNS name registration and automatic IPv6 connectivity over an IPv4 network. If this service is stopped, other computers may not be able to reach it by name and the machine will only have IPv6 connectivity if it is connected to a native IPv6 network. If this service is disabled, any other services that explicitly depend on this service will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: Alerter
Display Name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Disabled
State: Stopped

Name: ALG
Display Name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Path Name: C:\WINDOWS\System32\alg.exe
Start Mode: Manual
State: Running

Name: AppMgmt
Display Name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: aspnet_state
Display Name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Start Mode: Manual
State: Stopped

Name: AudioSrv
Display Name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: BITS
Display Name: Background Intelligent Transfer Service
Description: Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: Browser
Display Name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Stopped

Name: CiSvc
Display Name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Path Name: C:\WINDOWS\system32\cisvc.exe
Start Mode: Manual
State: Stopped

Name: ClipSrv
Display Name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\clipsrv.exe
Start Mode: Disabled
State: Stopped

Name: clr_optimization_v2.0.50727_32
Display Name: .NET Runtime Optimization Service v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Path Name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Start Mode: Manual
State: Stopped

Name: COMSysApp
Display Name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Start Mode: Manual
State: Stopped

Name: CryptSvc
Display Name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: DcomLaunch
Display Name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Path Name: C:\WINDOWS\system32\svchost -k DcomLaunch
Start Mode: Auto
State: Running

Name: Dhcp
Display Name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: dmadmin
Display Name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Path Name: C:\WINDOWS\System32\dmadmin.exe /com
Start Mode: Manual
State: Stopped

Name: dmserver
Display Name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: Dnscache
Display Name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k NetworkService
Start Mode: Auto
State: Running

Name: EhttpSrv
Display Name: Eset HTTP Server
Description: Eset HTTP Server
Path Name: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
Start Mode: Manual
State: Stopped

Name: ekrn
Display Name: Eset Service
Description: Eset Service
Path Name: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
Start Mode: Auto
State: Running

Name: ERSvc
Display Name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: Eventlog
Display Name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Path Name: C:\WINDOWS\system32\services.exe
Start Mode: Auto
State: Running

Name: EventSystem
Display Name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: FastUserSwitchingCompatibility
Display Name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: gusvc
Display Name: Google Updater Service
Description:
Path Name: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
Start Mode: Auto
State: Running

Name: helpsvc
Display Name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: HidServ
Display Name: HID Input Service
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: HTTPFilter
Display Name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k HTTPFilter
Start Mode: Manual
State: Stopped

Name: IAANTMon
Display Name: Intel(R) Matrix Storage Event Monitor
Description:
Path Name: C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
Start Mode: Auto
State: Running

Name: ImapiService
Display Name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\imapi.exe
Start Mode: Manual
State: Stopped

Name: JavaQuickStarterService
Display Name: Java Quick Starter
Description: Prefetches JRE files for faster startup of Java applets and applications
Path Name: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Start Mode: Auto
State: Running

Name: lanmanserver
Display Name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: lanmanworkstation

nondaj · « **Reply #28 on:** January 09, 2009, 11:43:36 PM »

Name: lanmanworkstation
Display Name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: LmHosts
Display Name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Auto
State: Running

Name: lxdxCATSCustConnectService
Display Name: lxdxCATSCustConnectService
Description:
Path Name: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
Start Mode: Auto
State: Running

Name: lxdx_device
Display Name: lxdx_device
Description:
Path Name: C:\WINDOWS\system32\lxdxcoms.exe -service
Start Mode: Auto
State: Running

Name: Messenger
Display Name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Disabled
State: Stopped

Name: mnmsrvc
Display Name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\mnmsrvc.exe
Start Mode: Disabled
State: Stopped

Name: MSDTC
Display Name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\msdtc.exe
Start Mode: Manual
State: Stopped

Name: MSIServer
Display Name: Windows installer
Description:
Path Name: C:\WINDOWS\system32\msiexec.exe /V
Start Mode: Manual
State: Stopped

Name: NetDDE
Display Name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\netdde.exe
Start Mode: Disabled
State: Stopped

Name: NetDDEdsdm
Display Name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\netdde.exe
Start Mode: Disabled
State: Stopped

Name: Netlogon
Display Name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Manual
State: Stopped

Name: Netman
Display Name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: Nla
Display Name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: NtLmSsp
Display Name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Disabled
State: Stopped

Name: NtmsSvc
Display Name: Removable Storage
Description:
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: NVSvc
Display Name: NVIDIA Display Driver Service
Description: Provides system and desktop level support to the NVIDIA display driver
Path Name: C:\WINDOWS\system32\nvsvc32.exe
Start Mode: Auto
State: Running

Name: p2pgasvc
Display Name: Peer Networking Group Authentication
Description: Provides Network Authentication for Peer Group Members.
Path Name: C:\WINDOWS\system32\svchost.exe -k p2psvc
Start Mode: Manual
State: Stopped

Name: p2pimsvc
Display Name: Peer Networking Identity Manager
Description: Provides Identity service for Peer Networking
Path Name: C:\WINDOWS\system32\svchost.exe -k p2psvc
Start Mode: Manual
State: Stopped

Name: p2psvc
Display Name: Peer Networking
Description: Provides Peer Networking services
Path Name: C:\WINDOWS\system32\svchost.exe -k p2psvc
Start Mode: Manual
State: Stopped

Name: PlugPlay
Display Name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Path Name: C:\WINDOWS\system32\services.exe
Start Mode: Auto
State: Running

Name: Pml Driver HPZ12
Display Name: Pml Driver HPZ12
Description:
Path Name: C:\WINDOWS\system32\HPZipm12.exe
Start Mode: Manual
State: Stopped

Name: PNRPSvc
Display Name: Peer Name Resolution Protocol
Description: Enables Serverless Peer Name Resolution over the Internet
Path Name: C:\WINDOWS\system32\svchost.exe -k p2psvc
Start Mode: Manual
State: Stopped

Name: PolicyAgent
Display Name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Manual
State: Stopped

Name: ProtectedStorage
Display Name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running

Name: RasAuto
Display Name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: RasMan
Display Name: Remote Access Connection Manager
Description: Creates a network connection.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manua

nondaj · « **Reply #29 on:** January 09, 2009, 11:47:14 PM »

Name: RasMan
Display Name: Remote Access Connection Manager
Description: Creates a network connection.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: RDSessMgr
Display Name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Path Name: C:\WINDOWS\system32\sessmgr.exe
Start Mode: Manual
State: Stopped

Name: RemoteAccess
Display Name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: RemoteRegistry
Display Name: Remote Registry
Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Disabled
State: Stopped

Name: RpcLocator
Display Name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Path Name: C:\WINDOWS\system32\locator.exe
Start Mode: Manual
State: Stopped

Name: RpcSs
Display Name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Path Name: C:\WINDOWS\system32\svchost -k rpcss
Start Mode: Auto
State: Running

Name: RSVP
Display Name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Path Name: C:\WINDOWS\system32\rsvp.exe
Start Mode: Manual
State: Stopped

Name: SamSs
Display Name: Security Accounts Manager
Description: Stores security information for local user accounts.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running

Name: SCardSvr
Display Name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\SCardSvr.exe
Start Mode: Manual
State: Stopped

Name: Schedule
Display Name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: seclogon
Display Name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: SENS
Display Name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: SharedAccess
Display Name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: ShellHWDetection
Display Name: Shell Hardware Detection
Description: Provides notifications for AutoPlay hardware events.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: SimpTcp
Display Name: Simple TCP/IP Services
Description: Supports the following TCP/IP services: Character Generator, Daytime, Discard, Echo, and Quote of the Day.
Path Name: C:\WINDOWS\system32\tcpsvcs.exe
Start Mode: Auto
State: Running

Name: SNMP
Display Name: SNMP Service
Description: Includes agents that monitor the activity in network devices and report to the network console workstation.
Path Name: C:\WINDOWS\System32\snmp.exe
Start Mode: Manual
State: Stopped

Name: SNMPTRAP
Display Name: SNMP Trap Service
Description: Receives trap messages generated by local or remote SNMP agents and forwards the messages to SNMP management programs running on this computer.
Path Name: C:\WINDOWS\System32\snmptrap.exe
Start Mode: Manual
State: Stopped

Name: Spooler
Display Name: Print Spooler
Description: Loads files to memory for later printing.
Path Name: C:\WINDOWS\system32\spoolsv.exe
Start Mode: Auto
State: Running

Name: srservice
Display Name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: SSDPSRV
Display Name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Disabled
State: Stopped

Name: stisvc
Display Name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Path Name: C:\WINDOWS\system32\svchost.exe -k imgsvc
Start Mode: Manual
State: Running

Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\dllhost.exe /Processid:{C60638D9-AFD7-4998-B499-46E70492E0B0}
Start Mode: Manual
State: Stopped

Name: SysmonLog
Display Name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\smlogsvc.exe
Start Mode: Disabled
State: Stopped

Name: TapiSrv
Display Name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: TermService
Display Name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Path Name: C:\WINDOWS\System32\svchost -k DComLaunch
Start Mode: Manual
State: Running

Name: Themes
Display Name: Themes
Description: Provides user experience theme management.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: TlntSvr
Display Name: Telnet
Description: Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\tlntsvr.exe
Start Mode: Disabled
State: Stopped

Name: TrkWks
Display Name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: uploadmgr
Display Name: Upload Manager
Description: Manages synchronous and asynchronous file transfers between clients and servers on the network. If this service is stopped, synchronous and asynchronous file transfers between clients and servers on the network will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: upnphost
Display Name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Disabled
State: Stopped

Name: UPS
Display Name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Path Name: C:\WINDOWS\System32\ups.exe
Start Mode: Manual
State: Stopped

Name: VSS
Display Name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\vssvc.exe
Start Mode: Manual
State: Stopped

Name: W32Time
Display Name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: WebClient
Display Name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Manual
State: Stopped

Name: WinDefend
Display Name: Windows Defender
Description: Helps protect users from malicious software, spyware, and other potentially unwanted software
Path Name: "C:\Program Files\Windows Defender\MsMpEng.exe"
Start Mode: Auto
State: Stopped

Name: winmgmt
Display Name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: WMDM PMSP Service
Display Name: WMDM PMSP Service
Description:
Path Name: C:\WINDOWS\system32\MsPMSPSv.exe
Start Mode: Auto
State: Running

nondaj · « **Reply #30 on:** January 09, 2009, 11:50:47 PM »

Name: WmdmPmSN
Display Name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Disabled
State: Stopped

Name: Wmi
Display Name: Windows Management Instrumentation Driver Extensions
Description: Provides systems management information to and from drivers.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: WmiApSrv
Display Name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Path Name: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Start Mode: Manual
State: Stopped

Name: WMPNetworkSvc
Display Name: Windows Media Player Network Sharing Service
Description: Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
Path Name: "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Start Mode: Manual
State: Stopped

Name: wscsvc
Display Name: Security Center
Description: Monitors system security settings and configurations.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: wuauserv
Display Name: Automatic Updates
Description: Enables the download and installati

nondaj · « **Reply #31 on:** January 09, 2009, 11:56:12 PM »

Name: WmdmPmSN
Display Name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Disabled
State: Stopped

Name: Wmi
Display Name: Windows Management Instrumentation Driver Extensions
Description: Provides systems management information to and from drivers.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: WmiApSrv
Display Name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Path Name: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Start Mode: Manual
State: Stopped

Name: WMPNetworkSvc
Display Name: Windows Media Player Network Sharing Service
Description: Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
Path Name: "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Start Mode: Manual
State: Stopped

Name: wscsvc
Display Name: Security Center
Description: Monitors system security settings and configurations.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: wuauserv
Display Name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: WudfSvc
Display Name: Windows Driver Foundation - User-mode Driver Framework
Description: Manages user-mode driver host processes
Path Name: C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Start Mode: Manual
State: Stopped

Name: WZCSVC
Display Name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: xmlprov
Display Name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

------------------------------------------------------------------------------------

Displaying LOG for Microsoft Windows Malicious Software Removal Tool:
*** Microsoft Windows MRT Log NOT Found! ****
----------------------------------------------------------------------------
Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys
if Hidden = 0 then Hidden Files and Folders are not shown
if SuperHidden = 1 is the desired default value.
if ShowSuperHidden = 0 then System Files are not shown
if HideFileExt = 1 then File Extension are not shown
We want their values to be (from top to bottom) 1,1,1,0
----------------------------------------------------------------------------

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced
Hidden   REG_DWORD    1 (0x1)
SuperHidden   REG_DWORD    1 (0x1)
ShowSuperHidden   REG_DWORD    1 (0x1)
HideFileExt   REG_DWORD    0 (0x0)

************************************************************************************

Examining Select Windows Registry Keys
------------------------------------------------------------------------------------

--------------------------------------------------------------------------
Items Found in ZoneMap\Domains:
--------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains
<NO NAME>   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\msn.com

----------------------------------------------------------------------------
Current User ZoneMap ProtocolDefaults
----------------------------------------------------------------------------

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\protocoldefaults
<NO NAME>   REG_SZ
http   REG_DWORD    3 (0x3)
https   REG_DWORD    3 (0x3)
ftp   REG_DWORD    3 (0x3)
file   REG_DWORD    3 (0x3)
@ivt   REG_DWORD    1 (0x1)
shell   REG_DWORD    0 (0x0)

----------------------------------------------------------------------------
Default URL Prefix Keys
----------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url

nondaj · « **Reply #32 on:** January 09, 2009, 11:58:29 PM »

Default URL Prefix Keys
----------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\DefaultPrefix
<NO NAME>   REG_SZ     http://

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\Prefixes
ftp   REG_SZ     ftp://
gopher   REG_SZ     gopher://
home   REG_SZ     http://
mosaic   REG_SZ     http://
www   REG_SZ     http://

--------------------------------------------------------------------------
Startup Items Disabled via MSCONFIG:
--------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\ExpandFrom

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\ExpandTo

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
backup   REG_SZ     C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location   REG_SZ     Common Startup
item   REG_SZ     Adobe Reader Speed Launch

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk
backup   REG_SZ     C:\WINDOWS\pss\Google Updater.lnkCommon Startup
location   REG_SZ     Common Startup
command   REG_SZ     C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE -systray -startup
item   REG_SZ     Google Updater

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk
backup   REG_SZ     C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location   REG_SZ     Common Startup
command   REG_SZ     C:\PROGRA~1\HP\Digital Imaging\bin\hpqtra08.exe
item   REG_SZ     HP Digital Imaging Monitor

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk
backup   REG_SZ     C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location   REG_SZ     Common Startup
command   REG_SZ     C:\PROGRA~1\HP\Digital Imaging\bin\hpqthb08.exe -s
item   REG_SZ     HP Image Zone Fast Start

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk
backup   REG_SZ     C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
location   REG_SZ     Common Startup
command   REG_SZ     C:\PROGRA~1\DESKTO~1\8876480\Program\LDMConf.exe /start
item   REG_SZ     Logitech Desktop Messenger

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk
backup   REG_SZ     C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup
location   REG_SZ     Common Startup
command   REG_SZ     C:\PROGRA~1\PANASO~1\LUMIXS~1\PHLEAU~1.EXE
item   REG_SZ     LUMIX Simple Viewer

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
backup   REG_SZ     C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location   REG_SZ     Common Startup
command   REG_SZ     C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l
item   REG_SZ     Microsoft Office

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk
backup   REG_SZ     C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
location   REG_SZ     Common Startup
item   REG_SZ     WinZip Quick Pick

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^donnajean^Start Menu^Programs^Startup^PowerReg Scheduler.exe
backup   REG_SZ     C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
location   REG_SZ     Startup
item   REG_SZ     PowerReg Scheduler

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jean^Start Menu^Programs^Startup^Adobe Media Player.lnk
backup   REG_SZ     C:\WINDOWS\pss\Adobe Media Player.lnkStartup
location   REG_SZ     Startup
item   REG_SZ     Adobe Media Player

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
key   REG_SZ     SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item   REG_SZ     apdproxy
hkey   REG_SZ     HKLM
command   REG_SZ     "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
inimapping   REG_SZ     0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3
key   REG_SZ     SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item   REG_SZ     AWC
hkey   REG_SZ     HKCU
command   REG_SZ     "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
inimapping   REG_SZ     0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe
key   REG_SZ     SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item   REG_SZ     ctfmon
hkey   REG_SZ     HKCU
command   REG_SZ     C:\WINDOWS\system32\ctfmon.exe
inimapping   REG_SZ     0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC
key   REG_SZ     SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item   REG_SZ     EM_EXEC
hkey   REG_SZ     HKLM
command   REG_SZ     C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
inimapping   REG_SZ     0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif
key   REG_SZ     SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item   REG_SZ     iaanotif
hkey   REG_SZ     HKLM
command   REG_SZ     C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
inimapping   REG_SZ     0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
key   REG_SZ     SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item   REG_SZ     issch
hkey   REG_SZ     HKLM
command   REG_SZ     "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
inimapping   REG_SZ     0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
key   REG_SZ     SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item   REG_SZ     dumprep 0 -k
hkey   REG_SZ     HKLM
command   REG_SZ     %systemroot%\system32\dumprep 0 -k
inimapping   REG_SZ     0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook
key   REG_SZ     SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item   REG_SZ     OUTLOOK
hkey   REG_SZ     HKCU
command   REG_SZ     C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE Outlook:Inbox /recycle
inimapping   REG_SZ     0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook118
key   REG_SZ     SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item   REG_SZ     OUTLOOK
hkey   REG_SZ     HKCU
command   REG_SZ     C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE Outlook:Inbox /recycle
inimapping   REG_SZ     0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook198
key   REG_SZ     SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item   REG_SZ     OUTLOOK
hkey   REG_SZ     HKCU
command   REG_SZ     C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE Outlook:Inbox /recycle
inimapping   REG_SZ     0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook740
key   REG_SZ     SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item   REG_SZ     OUTLOOK
hkey   REG_SZ     HKCU
command   REG_SZ     C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE Outlook:Inbox /recycle
inimapping   REG_SZ     0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook893
key   REG_SZ     SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item   REG_SZ     OUTLOOK
hkey   REG_SZ     HKCU
command   REG_SZ     C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE Outlook:Calendar
inimapping   REG_SZ     0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
key   REG_SZ     SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item   REG_SZ     NeroCheck
hkey   REG_SZ     HKLM
command   REG_SZ     C:\WINDOWS\system32\NeroCheck.exe
inimapping   REG_SZ     0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
key   REG_SZ     SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item   REG_SZ     NvCpl
hkey   REG_SZ     HKLM
command   REG_SZ     RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
inimapping   REG_SZ     0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter
key   REG_SZ     SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item   REG_SZ     NvMcTray
hkey   REG_SZ     HKLM
command   REG_SZ     RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
inimapping   REG_SZ     0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite
key   REG_SZ     SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item   REG_SZ     SpyHunter3
hkey   REG_SZ     HKLM
command   REG_SZ     C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
inimapping   REG_SZ     0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
key   REG_SZ     SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item   REG_SZ     GoogleToolbarNotifier
hkey   REG_SZ     HKCU
command   REG_SZ     C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
inimapping   REG_SZ     0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp
key   REG_SZ     SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item   REG_SZ     McciTrayApp
hkey   REG_SZ     HKLM
command   REG_SZ     C:\Program Files\Verizon\McciTrayApp.exe
inimapping   REG_SZ     0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\state
system.ini   REG_DWORD    0 (0x0)
win.ini   REG_DWORD    0 (0x0)
bootini   REG_DWORD    2 (0x2)
services   REG_DWORD    0 (0x0)
startup   REG_DWORD    2 (0x2)

--------------------------------------------------------------------------
Select AutoRun Registry Keys:
--------------------------------------------------------------------------

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
SUPERAntiSpyware   REG_SZ     C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonceex

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
egui   REG_SZ     "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
nwiz   REG_SZ     nwiz.exe /install
NvCplDaemon   REG_SZ     RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
lxdxmon.exe   REG_SZ     "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
EzPrint   REG_SZ     "C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe"
NvMediaCenter   REG_SZ     RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
SunJavaUpdateSched   REG_SZ     "C:\Program Files\Java\jre6\bin\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesonce

HKEY_USERS\.default\software\microsoft\windows\currentversion\run

HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce

HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run

HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce

Error: Key: s-1-5-19\software\microsoft\windows\currentversion\run does not exist!

--------------------------------------------------------------------------
WinLogon Notify Registry Key:
--------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
DllName   REG_SZ     C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
Logon   REG_SZ     SABWINLOLogon
Logoff   REG_SZ     SABWINLOLogoff
Startup   REG_SZ     SABWINLOStartup
Shutdown   REG_SZ     SABWINLOShutdown
Asynchronous   REG_DWORD    0 (0x0)
Impersonate   REG_DWORD    0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
Asynchronous   REG_DWORD    0 (0x0)
Impersonate   REG_DWORD    0 (0x0)
DllName   REG_EXPAND_SZ    crypt32.dll
Logoff   REG_SZ     ChainWlxLogoffEvent

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
Asynchronous   REG_DWORD    0 (0x0)
Impersonate   REG_DWORD    0 (0x0)
DllName   REG_EXPAND_SZ    cryptnet.dll
Logoff   REG_SZ     CryptnetWlxLogoffEvent

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
DLLName   REG_SZ     cscdll.dll
Logon   REG_SZ     WinlogonLogonEvent
Logoff   REG_SZ     WinlogonLogoffEvent
ScreenSaver   REG_SZ     WinlogonScreenSaverEvent
Startup   REG_SZ     WinlogonStartupEvent
Shutdown   REG_SZ     WinlogonShutdownEvent
StartShell   REG_SZ     WinlogonStartShellEvent
Impersonate   REG_DWORD    0 (0x0)
Asynchronous   REG_DWORD    1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
DLLName   REG_SZ     wlnotify.dll
Logon   REG_SZ     SCardStartCertProp
Logoff   REG_SZ     SCardStopCertProp
Lock   REG_SZ     SCardSuspendCertProp
Unlock   REG_SZ     SCardResumeCertProp
Enabled   REG_DWORD    1 (0x1)
Impersonate   REG_DWORD    1 (0x1)
Asynchronous   REG_DWORD    1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
Asynchronous   REG_DWORD    0 (0x0)
DllName   REG_EXPAND_SZ    wlnotify.dll
Impersonate   REG_DWORD    0 (0x0)
StartShell   REG_SZ     SchedStartShell
Logoff   REG_SZ     SchedEventLogOff

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
Logoff   REG_SZ     WLEventLogoff
Impersonate   REG_DWORD    0 (0x0)
Asynchronous   REG_DWORD    1 (0x1)
DllName   REG_EXPAND_SZ    sclgntfy.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
DLLName   REG_SZ     WlNotify.dll
Lock   REG_SZ     SensLockEvent
Logon   REG_SZ     SensLogonEvent
Logoff   REG_SZ     SensLogoffEvent
Safe   REG_DWORD    1 (0x1)
MaxWait   REG_DWORD    600 (0x258)
StartScreenSaver   REG_SZ     SensStartScreenSaverEvent
StopScreenSaver   REG_SZ     SensStopScreenSaverEvent
Startup   REG_SZ     SensStartupEvent
Shutdown   REG_SZ     SensShutdownEvent
StartShell   REG_SZ     SensStartShellEvent
PostShell   REG_SZ     SensPostShellEvent
Disconnect   REG_SZ     SensDisconnectEvent
Reconnect   REG_SZ     SensReconnectEvent
Unlock   REG_SZ     SensUnlockEvent
Impersonate   REG_DWORD    1 (0x1)
Asynchronous   REG_DWORD    1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
Asynchronous   REG_DWORD    0 (0x0)
DllName   REG_EXPAND_SZ    wlnotify.dll
Impersonate   REG_DWORD    0 (0x0)
Logoff   REG_SZ     TSEventLogoff
Logon   REG_SZ     TSEventLogon
PostShell   REG_SZ     TSEventPostShell
Shutdown   REG_SZ     TSEventShutdown
StartShell   REG_SZ     TSEventStartShell
Startup   REG_SZ     TSEventStartup
MaxWait   REG_DWORD    600 (0x258)
Reconnect   REG_SZ     TSEventReconnect
Disconnect   REG_SZ     TSEventDisconnect

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon
Logon   REG_SZ     WLEventLogon
Logoff   REG_SZ     WLEventLogoff
Startup   REG_SZ     WLEventStartup
Shutdown   REG_SZ     WLEventShutdown
StartScreenSaver   REG_SZ     WLEventStartScreenSaver
StopScreenSaver   REG_SZ     WLEventStopScreenSaver
Lock   REG_SZ     WLEventLock
Unlock   REG_SZ     WLEventUnlock
StartShell   REG_SZ     WLEventStartShell
PostShell   REG_SZ     WLEventPostShell
Disconnect   REG_SZ     WLEventDisconnect
Reconnect   REG_SZ     WLEventReconnect
Impersonate   REG_DWORD    1 (0x1)
Asynchronous   REG_DWORD    0 (0x0)
SafeMode   REG_DWORD    1 (0x1)
MaxWait   REG_DWORD    -1 (0xffffffff)
DllName   REG_EXPAND_SZ    WgaLogon.dll
Event   REG_DWORD    3 (0x3)
EulaAccepted   REG_DWORD    1 (0x1)
InstallEvent   REG_SZ     1.8.0031.9

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Settings
<NO NAME>   REG_SZ

nondaj · « **Reply #33 on:** January 10, 2009, 12:07:51 AM »

I see what you mean by work! By the time I finished posting this log my eyes were crossed, brain fried and lost track of time

Am not at all sure I got it all and in correct sequence. Let me know and will try again when it is early in the AM and I am clicking on all fours $:-\$

Keeping my fingers crossed.

CBMatt · « **Reply #34 on:** January 11, 2009, 04:20:06 AM »

Quote from: nondaj on January 09, 2009, 12:24:01 PM

Re donation will consider Paypal. Do not yet have an account but son said Paypal is quite secure. Just had my ID stolen and so am very careful about online use when it comes to money. Again keep you posted re this matter.

Like I said, it's really don't necessary, so don't feel obligated. I really don't feel like I deserve it. Heh.

I have to imagine that posting the log this way was a pain and I apologize, but I promise I won't make you do it again anytime soon. Ha. It's difficult to be super thorough with one of these, but from I can see, nothing strikes me as being out of the ordinary. As far as active infections go, I'd say you're in the clear. As long as you can get your other issues worked out, you should be good to go.

nondaj · « **Reply #35 on:** January 11, 2009, 12:35:02 PM »

Good to hear and have recovered from log posting. Old saying - no pains no gains so it was worth hearing I am fairly clean re PC issues.

Last questions before you go:

I run CCleaner daily; any problem running the registry option daily also?

and just curious - have heard pros and cons about cleaning out prefetch files weekly; so far have not noticed that it reaches a limit and does so automatically as some claim.

Again thanks for all your help; it is so nice to sit at the PC and enjoy it as pleasure now much less be working on it and not being so frustrated. Have posted my DVD Win. Med. problem on I hope the appropriate site. When that is clear then all my issues will have been attended to.

If I have further like issues I take it I can return to this forum and hopefully get you? Been a pleasure working with you.

CBMatt · « **Reply #36 on:** January 11, 2009, 09:54:38 PM »

You shouldn't have to run the registry scanner daily, but I see no harm in doing so. It basically just looks for registry entries that don't work properly and removes them. Nothing too invasive.

As for prefetch files, I generally don't bother. You may want to remove any that look like they belong to suspicious files. But as long as they all belong to your normal programs, then removing them isn't worth your time. They're harmless and they take up very little space. And besides, they help open your programs faster.

You can most definitely come back anytime if you have any further problems. I get busy from time to time, but I'm usually here and I'm always happy to help.

nondaj · « **Reply #37 on:** January 11, 2009, 10:36:18 PM »

My last question - really

I just noticed I still have some three JavaRa files yet that you had me download. I also have Jave 6 TM update 11 installed . Not sure if they are the same OR which to delete if need be.

CBMatt · « **Reply #38 on:** January 12, 2009, 12:06:11 PM »

Quote

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Did you follow all 4 of the steps above? If so, then you can go ahead and remove JavaRa. Be sure to keep Java 6 Update 11.

nondaj · « **Reply #39 on:** January 12, 2009, 04:31:00 PM »

Yes, I did - all four steps so will go ahead and delete the JavaRa. Thanks so much - again

CBMatt · « **Reply #40 on:** January 13, 2009, 02:05:21 AM »

No problem! And you are always welcome to come back if you have more questions or any other problems.

nondaj · « **Reply #41 on:** January 13, 2009, 12:00:04 PM »

Will remember your offer

and not that I do not like you but hope I do not have to come back too soon. Means will be having more problems.

CBMatt · « **Reply #42 on:** January 13, 2009, 05:58:47 PM »

Ha, believe me, I understand.

nondaj · « **Reply #43 on:** January 13, 2009, 06:43:39 PM »

Just knew you would

Computer Hope Admin · « **Reply #44 on:** January 27, 2009, 11:41:37 PM »

Just happened to run your log through the new processor tool I'm working on and noticed you're running Windows XP SP2, I'd also recommend if your system is going smoothly now to update to Windows XP SP3.

nondaj · « **Reply #45 on:** January 28, 2009, 11:41:57 AM »

Just posted another issue and the reply I got was here. Did not know you had suggested SP3. I tried this once and had problems with it - there were some sites I could not get to work and they were related to my college work so that plus other issues I had caused me to uninstall it and stay away from it.

Should perhaps try again and then 'lean on you' for support when things go wrong?

I think there were some configuration issues I was told that caused the problems with SP3. What say you?

Computer Hope Admin · « **Reply #46 on:** January 28, 2009, 02:26:34 PM »

Although some minor issues were discovered upon the initial release of SP3 most issues caused by SP3 were due to malware and other software configurations that conflicted with the installation. Personally I'd always recommend keeping fully up-to-date with all software updates. It's ok to withhold upgrading when first released because often big updates like a service pack can have issues. However, there has been plenty of time for Microsoft to work out any of the bugs.

nondaj · « **Reply #47 on:** January 28, 2009, 03:27:25 PM »

OK good reasoning - will give it a try. I guess if worst comes to worst, can one uninstall SP3 going back to SP2? Or is that not an option?

I use my PC in my work and since the semester has just strted do not need any issues right at this time.

CBMatt · « **Reply #48 on:** January 28, 2009, 08:01:21 PM »

SP3 can be uninstalled if necessary. I really wouldn't worry, though. There were a few issues when it first came out, but it seems to be smooth sailing now. It's generally a good idea to have the latest service packs, but if you're worried, you could just avoid it for now. Although it should be perfectly safe, SP3 isn't nearly as vital as SP2 was.

nondaj · « **Reply #49 on:** January 28, 2009, 09:47:53 PM »

When I have more time might give it a try as long as I know you are there to console the jittery nerves if I run into trouble

CBMatt · « **Reply #50 on:** January 30, 2009, 03:08:26 AM »

Heh, whenever you're ready, we'll be here with cocoa and kittens.

nondaj · « **Reply #51 on:** January 30, 2009, 10:09:05 AM »

Rayyyyyyy when the water is right - will jump in so have that life saver ready

Keep you posted.

nondaj · « **Reply #52 on:** April 20, 2009, 09:04:25 AM »

Just now got back to your post re SP3. I plan to do so but am waiting until I have a day when I can cope with what might ever happen. When I installed the SP3 in the past, it caused several problems about accessing some sites which I needed due to working on PC.

But have made several changes in PC configuration so will try SP3 again. Hopefully this week sometime. CBMatt has said if I have any problems he would stand by:)

Will attempt tomorrow re installation as I do not work that day.

nondaj · « **Reply #53 on:** April 28, 2009, 04:09:09 PM »

to CB Matt: You probably do not remember me but you gave me excellent help around my PC slowdown and further advocated I put on SP3. You also said if I needed further help re the SP3 to return here.

Have added SP2 without and reprocussions. However have two minor issues that I could use help with:

1 - PC has notably slowed down in all aread

2 - when I boot up and my desktop appears, I have to wait some period of time for the icons to appear.

Not big issues but would like some way to correct if possible.

nondaj · « **Reply #54 on:** April 30, 2009, 01:01:06 PM »

Hope I am doing this correctly by posting the results of my Add/Remove screen here:

list of unknown programs from Add/Remove is lengthy as I am a novice re PCs and so do not recognize many of the programs so noted. Probably many are quite legitimate.

Programs not recognized, did not order, not sure I need
AGEIA PhysX v6.10.25
Apple Software Update
Dell Resource Disc (PC is a Dell and I have CDs for most all programs
Image Resizer Powertoy for Windows XP (can resize pictures, not sure is a non-infected program)
Intervideo Win DVD
Java™ 6 Update 11 (most things needing Java get message it has been disabled or needs Updating)
LUMIX Simple Viewer ( have great many pictures so not sure if this is needed; unaware of just what the program is)
MD easy and MD plus (do not know these two programs
AL Open AL – unknown
Sigma Tel Audio – believe it is my sound system

(am confused by all the adobe/acrobat programs installed – all necessary?)
Spelling dictionary for adobe reader 9
Acrobat. Com
Adobe Acrobat Reader 3.0
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
ABBYY FineReader 6.0 Sprint
Adobe Photoshop Album Starter Edition 3.2

System Requirements Lab
UHS reader ver. 6.10
VDM Sound
Who Crashed 1.01
Windows Essentials Media Codec Pack 2.2b
Windows live OneCare Safety scanner
Windows Media Format 11 runtime
Windows Media Player (can never use, get message program has problem needs to close)
Windows Search 4.0
Windows Support Tools
Windows Vista Upgrade Advisor (need?)

These two programs will not uninstall
Goggle Earth
Logiteck Desktop Manager
Logitech Users Guide (no longer have Logitech mouse/keyboard)

Microsoft Intellitype Pro 5.3 (have MS Organomic Keyboard

MSW
MSW Music Assistant
Many files denoting SP1 SP2 SP3

Computer Hope Forum

News:

Author Topic: PC slowdown (Read 33204 times)

nondaj

CBMatt

nondaj

CBMatt

nondaj

nondaj

CBMatt

nondaj

CBMatt

nondaj

CBMatt

nondaj

nondaj

nondaj

nondaj

nondaj

CBMatt

nondaj

nondaj

CBMatt

nondaj

nondaj

CBMatt

nondaj

nondaj

nondaj

nondaj

nondaj

nondaj

nondaj

nondaj

nondaj

nondaj

nondaj

CBMatt

nondaj

CBMatt

nondaj

CBMatt

nondaj

CBMatt

nondaj

CBMatt

nondaj

Computer Hope Admin

nondaj

Computer Hope Admin

nondaj

CBMatt

nondaj

CBMatt

nondaj

nondaj

nondaj

nondaj