View Full Version : Malware/Trojan problems continuing
Hi everyone,
I was hoping NOT to have to contact you. :-)
It appears that I have ALSO been infected by *multiple* Trojans from VUNDO to Virtumonde. (they appear to be creating themselves though. I am NOT virus/trojan savvy so I am not sure what is going on with this).
There is a bit of history with this problem and I *thought* I had it cleared but to no avail. Here are the overall steps that I have taken already:
1) 3 weeks ago the laptop computer would not boot up. It would only get to "Loading PBR...done". It would not start in safe mode and would not boot from the XP Pro CD. I thought I had a dead drive. It is only 2 years old and I was pretty upset. I ran the system scans through F12 on startup to discover bad sectors on the drive.
2) Long story, short... I connected the laptop HD to the desktop machine, ran multiple scans (Symantec, Spybot, HijackThis and others) to discover a boatload of problems/Trojans (41?) on the HD. (I can list them if you like). I cleaned the drive, put it back in the laptop and was finally able to boot the machine - but only in safe mode (but no internet access).
3) I am simplifying an exhausting process and realize I should have just contacted you guys FIRST!!!! :-(
4) I have run hours of scans on the laptop and it *appears* to be clear but there are still problems. The problems are as follows:
- I can still only start in safe mode, but now have internet access.
- I had it so the laptop would boot all the way to the desktop, but could not click on anything. The screen was locked even though I could move the mouse around. The taskbar icons wouldn't load and if I put my cursor over the taskbar, it would turn into the hourglass. I had to do a hard restart and use F8 to get it running. I attempted to put a shortcut of systray.exe in my startup folder but that only worked for 1 restart.
- currently I cannot get the laptop to boot unless in safe mode. I get a black screen. I DID do a REPAIR reinstall of the XP PRO operating system. Related?
- I *cannot* run Kaspersky. It will not run an online scan - I get a message that the online scan has expired? I cannot install it either - message is something like administrator (me) has it set to not allow installs? Sorry for not giving exact wording.
- I have run HijackThis and have removed some items in the past that appeared to be related to the infection. I was pretty careful to leave anything that I wasn't ABSOLUTELY sure about. Hopefully i did not inadvertently do something stupid. But this possibility exists.
- I also removed the original offending file. It wasn't caught until DEEP into several scans but I found the BAD utorrent file that I downloaded that started all of this. :-( IT has been removed.
I have probably done TOO much on my own but thought that I could handle this after reading all the related posts on your forum. I was so excited to know that I didn't lose ALL of my data due to a bad drive that I started cleaning.
Anyway, here is the current HijackThis log. I would appreciate any and all help you can offer. THANK YOU SO MUCH in advance for your help.
Karen
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:12 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8968] command /c del "C:\WINDOWS\wt\WDInUsePlugin.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1769] cmd /c del "C:\WINDOWS\wt\WDInUsePlugin.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2048] command /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2969] cmd /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1842] command /c del "C:\WINDOWS\wt\info.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6318] cmd /c del "C:\WINDOWS\wt\info.txt"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Shortcut to systray.lnk = C:\WINDOWS\system32\systray.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.5.1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154751377421
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11809 bytes
Just thought of this.
The other strange thing that continues to occur:
Internet Explorer 'appears' as an icon on my desktop after restart. For seemingly no reason.
In general I use Firefox. The only time I have opened IE is to do an online Kaspersky scan - which didn't work. And I have never kept IE's icon on the desktop. It doesn't appear to be a shortcut either. But I have the regular IE program in my program files folder in the C: drive.
One other note - in my efforts to get my taskbar working correctly -- during the restart that WORKED when I copied the shortcut to systray.exe in the startup folder -- I right clicked on the taskbar -- went to properties and it locked up giving me an error saying 'end now' or 'cancel' explorer.exe.
little eagle
2008-03-07, 02:52
Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) or Here (http://subs.geekstogo.com/ComboFix.exe) to your Desktop.
In the event you already have Combofix, this is a new version that I need you to download.
It must be saved directly to your desktop.
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re enable the protection again afterwards before connecting to the net
2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
IF you have not already done so Combofix will disconnect your machine from the Internet when it starts.
If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
3. Now double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.
Hi Little Eagle!
Thank you for your help. :) I did as you asked and ran each program. I do believe I had the same version of Combofix but I deleted it anyway and reinstalled from the location you gave me. Here is EXACTLY what I did:
one side note - my date is wrong on the computer so the properties of the logfile may look like Saturday March 8th. Is this a leap year thing? Is there a fix? and also for DST? I didn't realize that it would be an issue.
Anyway -
- I installed new Combofix version. I restarted in safe mode (I can't run regular mode) without networking and made sure nothing antivirus was running.
- I ran Combofix as per site instructions, dropping the Windows XP Pro icon onto it. Then ran Combofix to get a log. I noticed as it was running that it said that 'the system cannot find the file AWF'.
- after closing combofix, there was no longer any desktop icons. Only the words 'safe mode' were in all 4 corners and the headline of 'windows XP' info. So I restarted in safe mode without networking again. I then ran HJT.
- After saving the file, I restarted in safe mode WITH networking so I could send you these files.
OK, so here goes:
Combofix Log from the C: drive:
ComboFix 08-03-07.1 - Administrator 2008-03-08 15:21:23.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.775 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMcf2e9f25.xml
C:\WINDOWS\pskt.ini
.
((((((((((((((((((((((((( Files Created from 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))))
.
2008-03-08 15:07 . 2008-03-08 15:07 <DIR> d-------- C:\ComboFix(2)
2008-03-01 22:38 . 2008-03-01 22:38 <DIR> d-------- C:\Deckard
2008-03-01 21:42 . 2008-03-02 12:02 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-01 21:34 . 2008-03-01 21:34 <DIR> d-------- C:\Program Files\Safer Networking
2008-03-01 19:49 . 2008-03-01 19:49 <DIR> d-------- C:\Documents and Settings\Dr. Karen\DoctorWeb
2008-02-29 17:24 . 2005-10-14 21:45 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2008-02-29 16:10 . 2004-08-04 05:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-02-29 16:09 . 2004-08-04 05:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-02-29 16:08 . 2004-08-04 05:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-29 16:07 . 2004-08-04 05:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-02-29 16:06 . 2004-08-04 05:00 290,816 --a--c--- C:\WINDOWS\system32\dllcache\adsiis51.dll
2008-02-29 16:03 . 2008-02-29 16:03 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-02-29 16:03 . 2008-02-29 16:03 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-02-29 16:03 . 2008-02-29 16:03 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-02-29 16:03 . 2008-02-29 16:03 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-02-29 16:03 . 2008-02-29 16:03 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-02-29 16:03 . 2008-02-29 16:03 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-02-29 16:02 . 2004-08-04 05:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-02-29 10:06 . 2008-02-29 10:06 <DIR> d-------- C:\WINDOWS\dell
2008-02-28 23:05 . 2008-02-28 23:07 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-28 23:05 . 2008-02-29 00:36 19,755 --a------ C:\WINDOWS\setupapi.old
2008-02-25 00:25 . 2008-02-25 00:25 <DIR> d-------- C:\Documents and Settings\Dr. Karen\Application Data\Grisoft
2008-02-24 20:11 . 2008-03-04 18:37 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-24 19:39 . 2008-02-24 19:39 <DIR> d-------- C:\kav
2008-02-24 19:16 . 2008-02-25 13:49 4,376 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-24 19:01 . 2008-02-24 19:01 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-24 19:00 . 2008-02-24 19:11 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-02-24 18:18 . 2008-02-24 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-24 15:51 . 2008-02-24 15:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-24 15:44 . 2008-02-24 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-24 15:44 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-24 14:03 . 2008-02-24 19:45 <DIR> d-------- C:\VundoFix Backups
2008-02-22 23:29 . 2008-02-22 23:29 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-21 17:10 . 2008-02-21 17:10 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-21 17:10 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-21 17:10 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-21 17:10 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-21 17:10 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-21 17:10 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-21 17:10 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-21 17:10 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 21:37 8,456,224 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-02 18:19 --------- d-----w C:\Program Files\Trend Micro
2008-03-02 17:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-02 17:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-02 17:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-29 21:14 99,716 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-21 17:17 --------- d-----w C:\Documents and Settings\Dr. Karen\Application Data\Tunebite
2008-01-29 19:55 2,796,032 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-01-29 05:04 --------- d-----w C:\Program Files\uTorrent
2008-01-29 04:55 --------- d-----w C:\Documents and Settings\Dr. Karen\Application Data\uTorrent
2008-01-29 04:39 --------- d-----w C:\Program Files\PixiePack Codec Pack
2008-01-29 04:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-01-29 04:34 --------- d-----w C:\Program Files\RapidSolution
2008-01-29 04:23 --------- d-----w C:\Program Files\Sagasoft
2008-01-29 04:22 --------- d-----w C:\Program Files\MP3 Recorder XP
2008-01-28 04:04 25,600 ----a-w C:\Documents and Settings\Dr. Karen\usbsermptxp.sys
2008-01-28 04:04 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-01-28 04:04 22,768 ----a-w C:\Documents and Settings\Dr. Karen\usbsermpt.sys
2008-01-28 03:11 --------- d-----w C:\Program Files\BitPim
2008-01-22 03:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-21 05:13 --------- d-----w C:\Program Files\ABC Amber LIT Converter
2008-01-20 16:09 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-01-20 01:53 --------- d-----w C:\Program Files\Microsoft Reader
2008-01-20 00:04 --------- d-----w C:\Program Files\MagicDisc
2008-01-17 05:25 --------- d-----w C:\Program Files\iTunes
2008-01-17 05:25 --------- d-----w C:\Program Files\iPod
2008-01-17 05:23 --------- d-----w C:\Program Files\Bonjour
2008-01-17 05:22 --------- d-----w C:\Program Files\QuickTime
2008-01-12 17:31 --------- d-----w C:\Program Files\Dl_cats
2007-12-26 04:38 7,518 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-28 05:01 94,416 ----a-w C:\Documents and Settings\Dr. Karen\Application Data\GDIPFONTCACHEV1.DAT
2007-10-28 01:47 2,410,496 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2007-08-22 15:18 26,024,817 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-04-04 23:53 1,931,264 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2006-11-15 18:01 92,064 ----a-w C:\Documents and Settings\Dr. Karen\mqdmmdm.sys
2006-11-15 18:01 9,232 ----a-w C:\Documents and Settings\Dr. Karen\mqdmmdfl.sys
2006-11-15 18:01 79,328 ----a-w C:\Documents and Settings\Dr. Karen\mqdmserd.sys
2006-11-15 18:01 66,656 ----a-w C:\Documents and Settings\Dr. Karen\mqdmbus.sys
2006-11-15 18:01 6,208 ----a-w C:\Documents and Settings\Dr. Karen\mqdmcmnt.sys
2006-11-15 18:01 5,936 ----a-w C:\Documents and Settings\Dr. Karen\mqdmwhnt.sys
2006-11-15 18:01 4,048 ----a-w C:\Documents and Settings\Dr. Karen\mqdmcr.sys
2006-11-09 17:51 1,319,936 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2006-11-03 16:47 1,304,576 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2006-10-16 04:47 1,233,920 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2006-10-14 06:00 1,214,464 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2006-10-13 22:09 1,814,528 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2006-10-13 22:06 1,814,528 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2006-09-15 03:06 0 ---ha-w C:\Program Files\AppUpdate.log
2006-08-12 04:24 1,656,320 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2006-08-01 19:38 2,223,616 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2006-07-31 01:18 1,567,744 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2006-07-31 01:17 1,978,368 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2006-07-28 00:46 1,566,208 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2006-07-20 07:45 3,849,728 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2006-07-04 02:19 1,501,184 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2006-07-03 23:48 1,500,160 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2006-06-27 00:03 1,348,608 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2006-04-26 02:33 1,164,800 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-11-26 23:56 88 --sha-r C:\WINDOWS\system32\DF3A8A2786.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-19 14:34 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2007-12-19 14:34 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2005-05-15 03:04 332800]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 19:39 176201]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB8968"="command /c del C:\WINDOWS\wt\WDInUsePlugin.dll" [ ]
"SpybotDeletingD1769"="cmd /c del C:\WINDOWS\wt\WDInUsePlugin.dll" [ ]
"SpybotDeletingB2048"="command /c del C:\WINDOWS\wt\webdriver.dll" [ ]
"SpybotDeletingD2969"="cmd /c del C:\WINDOWS\wt\webdriver.dll" [ ]
"SpybotDeletingB1842"="command /c del C:\WINDOWS\wt\info.txt" [ ]
"SpybotDeletingD6318"="cmd /c del C:\WINDOWS\wt\info.txt" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-09-08 20:20 8192]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 17:30 823362]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-09-01 18:24 684032]
"WD Button Manager"="WDBtnMgr.exe" [2007-04-03 11:47 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 18:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 10:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 10:03 217088]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-11-03 17:09 312200]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 11:57 292336]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 17:04 304008]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 21:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 21:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 21:50 114688]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 07:13 176128]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-07 23:39 171448]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-20 12:41:34 24576]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-04-16 22:22:11 450560]
Shortcut to systray.lnk - C:\WINDOWS\system32\systray.exe [2004-08-04 05:00:00 3072]
WD Backup Monitor.lnk - C:\Program Files\My Book\WD Backup\uBBMonitor.exe [2007-04-03 11:48:13 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-15 03:04 332800 C:\Program Files\Dell Support\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-02-20 12:53 169472 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\WINDOWS\\system32\\dlcxcoms.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Program Files\\Yahoo!\\UPnP\\yupnpsrv.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
R0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys [2007-05-11 09:16]
S2 dlcx_device;dlcx_device;C:\WINDOWS\system32\dlcxcoms.exe [2006-10-11 16:48]
S2 SampleScanner;e+ 48U Scanner;C:\WINDOWS\system32\DRIVERS\Artec48.sys [2001-06-07 16:56]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 16:41]
S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-09-22 15:33]
S3 zsi_fmw;Sansa Connect Firmware Recovery;C:\WINDOWS\system32\Drivers\zsi_fmw.sys []
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-14 19:24:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 15:26:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-08 15:28:01
ComboFix-quarantined-files.txt 2008-03-08 20:27:35
ComboFix2.txt 2008-03-02 00:11:39
.
2008-03-04 21:34:47 --- E O F ---
************************************
Here is the HJT log:
************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:33:34 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8968] command /c del "C:\WINDOWS\wt\WDInUsePlugin.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1769] cmd /c del "C:\WINDOWS\wt\WDInUsePlugin.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2048] command /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2969] cmd /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1842] command /c del "C:\WINDOWS\wt\info.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6318] cmd /c del "C:\WINDOWS\wt\info.txt"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Shortcut to systray.lnk = C:\WINDOWS\system32\systray.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.5.1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154751377421
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11499 bytes
little eagle
2008-03-08, 02:46
Download and run - ATF Cleaner instructions here. (http://forums.security-central.us/showthread.php?t=1925)
---------------------------------------------
Open notepad and copy/paste the text in the codebox below into it:
File::
C:\WINDOWS\system32\DF3A8A2786.sys
Save this as Save this as "CFScript"
http://nutnworks.com/CFix/CFScript.gif
Referring to the picture above, drag CFScript.txt into ComboFix.exe
Then post the results log and a new HijackThis log.
Hi Little Eagle,
I ran new logs as per instructions. I apologize for making two posts, but both logs do not fit in one post.
Karen
ComboFix 08-03-07.1 - Administrator 2008-03-08 21:31:20.3 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFscript.txt
.
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.
2008-03-08 15:07 . 2008-03-08 15:07 <DIR> d-------- C:\ComboFix(2)
2008-03-01 22:38 . 2008-03-01 22:38 <DIR> d-------- C:\Deckard
2008-03-01 21:42 . 2008-03-02 12:02 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-01 21:34 . 2008-03-01 21:34 <DIR> d-------- C:\Program Files\Safer Networking
2008-03-01 19:49 . 2008-03-01 19:49 <DIR> d-------- C:\Documents and Settings\Dr. Karen\DoctorWeb
2008-02-29 17:24 . 2005-10-14 21:45 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2008-02-29 16:10 . 2004-08-04 05:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-02-29 16:09 . 2004-08-04 05:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-02-29 16:08 . 2004-08-04 05:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-29 16:07 . 2004-08-04 05:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-02-29 16:06 . 2004-08-04 05:00 290,816 --a--c--- C:\WINDOWS\system32\dllcache\adsiis51.dll
2008-02-29 16:03 . 2008-02-29 16:03 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-02-29 16:03 . 2008-02-29 16:03 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-02-29 16:03 . 2008-02-29 16:03 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-02-29 16:03 . 2008-02-29 16:03 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-02-29 16:03 . 2008-02-29 16:03 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-02-29 16:03 . 2008-02-29 16:03 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-02-29 16:02 . 2004-08-04 05:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-02-29 10:06 . 2008-02-29 10:06 <DIR> d-------- C:\WINDOWS\dell
2008-02-28 23:05 . 2008-02-28 23:07 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-28 23:05 . 2008-02-29 00:36 19,755 --a------ C:\WINDOWS\setupapi.old
2008-02-25 00:25 . 2008-02-25 00:25 <DIR> d-------- C:\Documents and Settings\Dr. Karen\Application Data\Grisoft
2008-02-24 20:11 . 2008-03-04 18:37 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-24 19:39 . 2008-02-24 19:39 <DIR> d-------- C:\kav
2008-02-24 19:16 . 2008-02-25 13:49 4,376 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-24 19:01 . 2008-02-24 19:01 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-24 19:00 . 2008-02-24 19:11 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-02-24 18:18 . 2008-02-24 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-24 15:51 . 2008-02-24 15:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-24 15:44 . 2008-02-24 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-24 15:44 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-24 14:03 . 2008-02-24 19:45 <DIR> d-------- C:\VundoFix Backups
2008-02-22 23:29 . 2008-02-22 23:29 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-21 17:10 . 2008-02-21 17:10 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-21 17:10 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-21 17:10 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-21 17:10 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-21 17:10 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-21 17:10 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-21 17:10 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-21 17:10 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 21:37 8,456,224 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-02 18:19 --------- d-----w C:\Program Files\Trend Micro
2008-03-02 17:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-02 17:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-02 17:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-29 21:14 99,716 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-21 17:17 --------- d-----w C:\Documents and Settings\Dr. Karen\Application Data\Tunebite
2008-01-29 19:55 2,796,032 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-01-29 05:04 --------- d-----w C:\Program Files\uTorrent
2008-01-29 04:55 --------- d-----w C:\Documents and Settings\Dr. Karen\Application Data\uTorrent
2008-01-29 04:39 --------- d-----w C:\Program Files\PixiePack Codec Pack
2008-01-29 04:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-01-29 04:34 --------- d-----w C:\Program Files\RapidSolution
2008-01-29 04:23 --------- d-----w C:\Program Files\Sagasoft
2008-01-29 04:22 --------- d-----w C:\Program Files\MP3 Recorder XP
2008-01-28 04:04 25,600 ----a-w C:\Documents and Settings\Dr. Karen\usbsermptxp.sys
2008-01-28 04:04 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-01-28 04:04 22,768 ----a-w C:\Documents and Settings\Dr. Karen\usbsermpt.sys
2008-01-28 03:11 --------- d-----w C:\Program Files\BitPim
2008-01-22 03:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-21 05:13 --------- d-----w C:\Program Files\ABC Amber LIT Converter
2008-01-20 16:09 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-01-20 01:53 --------- d-----w C:\Program Files\Microsoft Reader
2008-01-20 00:04 --------- d-----w C:\Program Files\MagicDisc
2008-01-17 05:25 --------- d-----w C:\Program Files\iTunes
2008-01-17 05:25 --------- d-----w C:\Program Files\iPod
2008-01-17 05:23 --------- d-----w C:\Program Files\Bonjour
2008-01-17 05:22 --------- d-----w C:\Program Files\QuickTime
2008-01-12 17:31 --------- d-----w C:\Program Files\Dl_cats
2007-12-26 04:38 7,518 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-28 05:01 94,416 ----a-w C:\Documents and Settings\Dr. Karen\Application Data\GDIPFONTCACHEV1.DAT
2007-10-28 01:47 2,410,496 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2007-08-22 15:18 26,024,817 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-04-04 23:53 1,931,264 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2006-11-15 18:01 92,064 ----a-w C:\Documents and Settings\Dr. Karen\mqdmmdm.sys
2006-11-15 18:01 9,232 ----a-w C:\Documents and Settings\Dr. Karen\mqdmmdfl.sys
2006-11-15 18:01 79,328 ----a-w C:\Documents and Settings\Dr. Karen\mqdmserd.sys
2006-11-15 18:01 66,656 ----a-w C:\Documents and Settings\Dr. Karen\mqdmbus.sys
2006-11-15 18:01 6,208 ----a-w C:\Documents and Settings\Dr. Karen\mqdmcmnt.sys
2006-11-15 18:01 5,936 ----a-w C:\Documents and Settings\Dr. Karen\mqdmwhnt.sys
2006-11-15 18:01 4,048 ----a-w C:\Documents and Settings\Dr. Karen\mqdmcr.sys
2006-11-09 17:51 1,319,936 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2006-11-03 16:47 1,304,576 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2006-10-16 04:47 1,233,920 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2006-10-14 06:00 1,214,464 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2006-10-13 22:09 1,814,528 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2006-10-13 22:06 1,814,528 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2006-09-15 03:06 0 ---ha-w C:\Program Files\AppUpdate.log
2006-08-12 04:24 1,656,320 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2006-08-01 19:38 2,223,616 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2006-07-31 01:18 1,567,744 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2006-07-31 01:17 1,978,368 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2006-07-28 00:46 1,566,208 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2006-07-20 07:45 3,849,728 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2006-07-04 02:19 1,501,184 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2006-07-03 23:48 1,500,160 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2006-06-27 00:03 1,348,608 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2006-04-26 02:33 1,164,800 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-11-26 23:56 88 --sha-r C:\WINDOWS\system32\DF3A8A2786.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-19 14:34 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2007-12-19 14:34 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2005-05-15 03:04 332800]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 19:39 176201]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB8968"="command /c del C:\WINDOWS\wt\WDInUsePlugin.dll" [ ]
"SpybotDeletingD1769"="cmd /c del C:\WINDOWS\wt\WDInUsePlugin.dll" [ ]
"SpybotDeletingB2048"="command /c del C:\WINDOWS\wt\webdriver.dll" [ ]
"SpybotDeletingD2969"="cmd /c del C:\WINDOWS\wt\webdriver.dll" [ ]
"SpybotDeletingB1842"="command /c del C:\WINDOWS\wt\info.txt" [ ]
"SpybotDeletingD6318"="cmd /c del C:\WINDOWS\wt\info.txt" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-09-08 20:20 8192]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 17:30 823362]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-09-01 18:24 684032]
"WD Button Manager"="WDBtnMgr.exe" [2007-04-03 11:47 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 18:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 10:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 10:03 217088]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-11-03 17:09 312200]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 11:57 292336]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 17:04 304008]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 21:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 21:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 21:50 114688]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 07:13 176128]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-07 23:39 171448]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-20 12:41:34 24576]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-04-16 22:22:11 450560]
Shortcut to systray.lnk - C:\WINDOWS\system32\systray.exe [2004-08-04 05:00:00 3072]
WD Backup Monitor.lnk - C:\Program Files\My Book\WD Backup\uBBMonitor.exe [2007-04-03 11:48:13 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-15 03:04 332800 C:\Program Files\Dell Support\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-02-20 12:53 169472 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\WINDOWS\\system32\\dlcxcoms.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Program Files\\Yahoo!\\UPnP\\yupnpsrv.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
R0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys [2007-05-11 09:16]
S2 dlcx_device;dlcx_device;C:\WINDOWS\system32\dlcxcoms.exe [2006-10-11 16:48]
S2 SampleScanner;e+ 48U Scanner;C:\WINDOWS\system32\DRIVERS\Artec48.sys [2001-06-07 16:56]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 16:41]
S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-09-22 15:33]
S3 zsi_fmw;Sansa Connect Firmware Recovery;C:\WINDOWS\system32\Drivers\zsi_fmw.sys []
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-14 19:24:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 21:36:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-08 21:37:59
ComboFix-quarantined-files.txt 2008-03-09 02:37:46
ComboFix2.txt 2008-03-08 20:28:02
ComboFix3.txt 2008-03-02 00:11:39
.
2008-03-04 21:34:47 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:54 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8968] command /c del "C:\WINDOWS\wt\WDInUsePlugin.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1769] cmd /c del "C:\WINDOWS\wt\WDInUsePlugin.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2048] command /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2969] cmd /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1842] command /c del "C:\WINDOWS\wt\info.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6318] cmd /c del "C:\WINDOWS\wt\info.txt"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Shortcut to systray.lnk = C:\WINDOWS\system32\systray.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.5.1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154751377421
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11577 bytes
little eagle
2008-03-08, 04:00
Run this online scan from ESET (http://www.eset.eu/online-scanner)
You will need to use Internet explorer for this scan!
First, accept the Terms of Use
Click: Start
When asked, allow the ActiveX control to install
Click: Start
Make sure the options:
Remove found threats, and Scan unwanted applications
are both checked!
Click: Scan
When the scan finishes, use Notepad to open the ESET report.
It will be located here C:\Program Files\EsetOnlineScanner\log.txt
Hi Little Eagle,
Here is the log file from ESET:
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2931 (20080307)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=16cc5a206444ac4cbec2008b435ea244
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-03-09 04:46:05
# local_time=2008-03-08 11:46:05 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=426496
# found=0
# scan_time=4460
Just in case you need it, here is the debuglog too:
# vers_standard_module=2931 (20080307)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
Thank you,
Karen
little eagle
2008-03-08, 12:28
Reboot and rescan with HiJackThis and post a new log here.
Also please describe how your computer behaves at the moment.
Hi Little Eagle,
Side note: One thing I wanted to make sure I did correctly --
When i ran ATF cleaner, I did NOT delete Prefetch files or saved Firefox passwords as mentioned on the instructions page.
Here is what I just did:
I rebooted in safe mode w/networking and ran an HJT scan.
I restarted to see if computer would work and if maybe I could get you an HJT scan that way.
Here is how the computer acts when attempting to start in regular mode (I will explain the best I can but sometimes lack the words):
- very SLOW startup
- the desktop, icons and taskbar all show up but the cursor has an hourglass next to it. I can move the cursor over the desktop or taskbar but it still shows the cursor and hourglass icon
- I waited it out. The taskbar ends up disappearing and will not appear even when scrolling over it. The hourglass disappears and just turns to a plain cursor. I still can move it all over the screen.
- Once I attempt to click on any folder or item on my desktop, the cursor turns only to an hourglass and hangs. Nothing happens. I can still move the hourglass around.
- i waited for over 5 minutes before restarting. But I have to restart by pulling the battery and plug. Control, Alt, Delete doesn't work and the power button doesn't work.
- I restarted in safe mode w/networking and sent you the new HJT log.
Here it is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:34 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8968] command /c del "C:\WINDOWS\wt\WDInUsePlugin.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1769] cmd /c del "C:\WINDOWS\wt\WDInUsePlugin.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2048] command /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2969] cmd /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1842] command /c del "C:\WINDOWS\wt\info.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6318] cmd /c del "C:\WINDOWS\wt\info.txt"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Shortcut to systray.lnk = C:\WINDOWS\system32\systray.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.5.1.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154751377421
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11646 bytes
Thank you,
Karen
little eagle
2008-03-08, 19:25
I'd like to see an Uninstall List.
Please open up HijackThis.
Click on Open the Misc Tools section button
Click on Open Uninstall Manager
Click on Save
A notepad document will open with a list of your installed programs.
Please copy that into your reply.
For now lets remove spybot and delete the folder.
HI! :)
Here is the uninstall list. (if I can remove some things, esp. on the antivirus/antispyware end, please let me know).
I am going to remove Spybot right now.
7-Zip 4.44 beta
ABBYY FineReader 6.0 Sprint
ABC Amber LIT Converter
Ad-Aware SE Personal
Adobe Photoshop 6.0
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe SVG Viewer
Ahead Nero Burning ROM
AIM 6
ALPS Touch Pad Driver
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AutoUnpack 4.4.4
Avanquest update
avast! Antivirus
AVG Anti-Spyware 7.5
AvPropPlugin 1.0.0.1
BitPim 1.0.4
Bonjour
Bounce Symphony from Dell Media Experience (remove only)
Briscola 5.1
Broadcom Management Programs 2
Brother HL-2070N
CatchPhrase (TM)
CDMaster32
Collab
Conexant D110 MDC V.9x Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Crystal Maze (For Remote Control) from Dell Media Experience (remove only)
Crystal Maze from Dell Media Experience (remove only)
dBpoweramp Music Converter
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell PC Fax
Dell Photo AIO Printer 926
Dell Support 3.1
Digital Content Portal
Digital Line Detect
DING!
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab Decrypter 3.0.8.0
e+ 48U
EarthLink setup files
eBook Library by Sony
EducateU
ELIcon
Envisioneer Express 3.0
ESET Online Scanner
Exerlence Advisor
FL Studio 6
Flash Builder
Fourelle Venturi Personal Client 2.1.1
Free and Easy Biorhythm Calculator version 3.00
FreeFTP
Get High Speed Internet!
Google
Google Desktop
Google Toolbar for Internet Explorer
Health Assessment
Health Assessment (C:\Program Files\Health\)
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
Learn2 Player (Uninstall Only)
LimeWire 4.12.6
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam
Logitech® Camera Driver
Macromedia Dreamweaver Attain
Magic DVD Ripper V3.5
MagicDisc 2.5.79
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Access 2000 Runtime
Microsoft Calculator Plus
Microsoft Office XP Professional
Microsoft Publisher 2002
Microsoft Reader
Microsoft Streets and Trips 2005
Microsoft Visual C++ 2005 Redistributable
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Motorola Driver Installation 3.4.0
Motorola Phone Tools
Motorola Software Update
Mozilla Firefox (2.0.0.12)
MP3 Recorder XP 1.90
mPfMgr
mPfWiz
mProSafe
MSN Music Assistant
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
mToolkit
Musicmatch® Jukebox
mWlsSafe
mXML
MyEMR for Windows
Myst III: Exile
mZConfig
NetWaiting
NetZeroInstallers
NoteBurner 1.36
Nucleus Kernel Undelete Demo ver 4.02
Orbital from Dell Media Experience (remove only)
Overball from Dell Media Experience (remove only)
Palm
PixiePack Codec Pack
Polar Bowler from Dell Media Experience (remove only)
Power MP3 WMA Converter 2006, (ver 3.51)
Power MP3 WMA Recorder 1.01
Powerbullet Presenter 1.43
PowerDVD 5.5
Presilo 0.4.3.0
QuickSet
QuickTime
RealPlayer
Remove Labyrinth Society Screensaver
Riven
Rocket Piano Bonus Software
Rocket Piano eBooks
Rocket Piano MP3 Audio Files
RunAlyzer
Scopa d'Assi
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Skype™ 3.2
Slyder (For Remote Control) from Dell Media Experience (remove only)
Slyder from Dell Media Experience (remove only)
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
Sonic Audio module
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SoundTaxi 1.2.5
Spybot - Search & Destroy
TextBridge Pro 8.0
The Crystal Key v11
TomTom HOME
Tradewinds from Dell Media Experience (remove only)
Trend Micro PC-cillin Internet Security 12
Tunebite
URGE
URL Assistant
VideoLAN VLC media player 0.8.6b
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
WD Backup
WD Firewire HID Driver
WebCyberCoach 3.2 Dell
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Genuine Advantage v1.3.0254.0
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
WinRAR archiver
WordPerfect Office 12
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Music Jukebox
Yahoo! Toolbar for Internet Explorer
YAMAHA Digital Music Notebook
YAMAHA Launcher V1.0
ZoneAlarm
ZoneAlarm Spy Blocker
Thank you,
Karen
little eagle
2008-03-09, 03:38
You have avast! Antivirus you can remove Trend Micro PC-cillin Internet Security 12
You should remove DING! and EarthLink setup files
Be sure to keep SunJava, updated it is important to remove older versions as these are the ones with the holes in them.
Download Newest >>>> http://www.java.com/en/download/index.jsp
Once installed you can test to see that it is in fact installed >>>>
Sun Java Test (http://www.java.com/en/download/installed.jsp)
Remove these also
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
These are junkware :lip:
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
Hi Little Eagle,
Thank you for the info. I attempted to uninstall all of the programs you listed. I also attempted to download the new version of Java.
Unfortunately, since I am in safe mode, I kept getting the message that 'Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode... etc.'
I can't get the computer running in regular mode so didn't know how to accomplish this.
Help! :-)
On a side note, I was wondering if 'Ding!' was that important to remove. I could always reinstall it. But I travel quite a bit and it is for Southwest airlines cheap fares alerts. Can I keep it?
Also - the Java update - do I remove all existing versions from the machine BEFORE downloading the new version or is it ok to download the newest version and THEN remove the old versions?
Lastly, other than AOL IM, I don't use any other AOL service. Can I remove everything else AOL without removing AIMs functionality?
Sorry to bombard you with questions. Just want to make sure i do this right. Thank you once again.
Karen
little eagle
2008-03-09, 05:02
Also - the Java update - do I remove all existing versions from the machine BEFORE downloading the new version or is it ok to download the newest version and THEN remove the old versions?I do not think it matters we just have them remove all of the older versions so they don't forget.
On a side note, I was wondering if 'Ding!' was that important to remove. I could always reinstall it. But I travel quite a bit and it is for Southwest airlines cheap fares alerts. Can I keep it?It's not a trojan or virus so if you think you need it it's your choice.
Lastly, other than AOL IM, I don't use any other AOL service. Can I remove everything else AOL without removing AIMs functionality?Yes I think you can the AIM is separate program.
HI Little Eagle,
Ok I will follow those instructions.
But back to the original problem - I don't know how to do any of the installs or de-installs in safe mode. I can't get the darn computer running in regular mode to make the changes either.
Can you suggest a way around that? ;-)
Karen
little eagle
2008-03-09, 05:30
Close all programs leaving only HijackThis running. Place a check against each of the following,
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8968] command /c del "C:\WINDOWS\wt\WDInUsePlugin.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1769] cmd /c del "C:\WINDOWS\wt\WDInUsePlugin.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2048] command /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2969] cmd /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1842] command /c del "C:\WINDOWS\wt\info.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6318] cmd /c del "C:\WINDOWS\wt\info.txt"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
Click on Fix Checked when finished and exit HijackThis.
Then try to reboot with out going in to safe mode.
We can restore some of these later.
Hi Little Eagle,
I 'fixed' those files as requested. The only one that was not present was:
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
-- but you had me remove spybot before, so I wasn't concerned. I 'fixed' all others.
I am using my other OLD laptop so I could leave the one we are working on running.
Here is what happened:
- I restarted in regular mode. Again, SLOW startup. The desktop and the taskbar loaded. The cursor and hourglass next to it showed on the desktop for a bit, then changed to a regular cursor. But when i moved it over the taskbar, it turned to an hourglass.
- I waited it out and ended up with just a cursor over the desktop and taskbar. The taskbar is showing now but no system tray icons.
- I cannot click on any folder or icon on the desktop though. Nothing happens. The cursor still moves though.
- Also, I 'usually' have the taskbar set to autohide when I use the computer in general. It is not doing that.
Anyway, just trying to be thorough give you all the small details and subtleties. I did NOT restart it yet and have the computer running if there is anything I can do in this mode and you happen to get to this message this evening.
Thank you! :)
Karen
Hi Little Eagle,
OK, had to tell you this one.
I walked away to go take care of some other tasks and left the computer sitting. (again, it is in regular mode). I have been gone 15 minutes or so?
When i got back, all these windows are up on the desktop and in the taskbar it says '10 Windows Explorer' (like I have 10 Windows Explorer windows open). BUT - the windows that ARE open are just folders from my desktop and if I recall correctly, they are the last folders I tried to click on every time I tried to access them in the past in regular startup mode. So there is the folder to 'My Computer' and a folder I created on the desktop to keep all of the logfiles titled 'TO FIX COMPUTER' - there are 5 of each of these folders. Right now, the 'my computer' folder is open and the flashlight is going back and forth trying to access the folder.
- Also, the taskbar is loaded with a few system tray icons loaded as well.
I tried to click on the windows to close them but nothing is happening. I am waiting to see if anything will happen. If I see that it is locked up, I am going to just shut it down and await further instructions.
Just weird. Thoughts?
Karen
little eagle
2008-03-09, 16:16
Lets try this download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Hi Little Eagle,
Sorry for the delay. Our internet has been down all day and JUST came back. We have the cable company coming out tomorrow to identify the problem. As if anything else could go wrong.
I am running the scan you requested right now. I will post the results as soon as it is finished.
Thank you,
Karen
little eagle
2008-03-10, 04:34
Sounds like a fun time :oops:
I'll check it tomorrow
Hi LIttle Eagle,
Yeah I don't know what is up lately. Everything electronically is acting up. The desktop has been acting up since I hooked this laptop HD to it, the cellphone has been bombarded with spam texts and the internet went out today. And I am forced to use an old laptop with a 3 GB HD that can barely run XP. :mad:
Anyway, thanks for being so kind and patient in helping me through this. Here is the logfile you asked for. Found something! :eek::
Malwarebytes' Anti-Malware 1.08
Database version: 474
Scan type: Full Scan (C:\|)
Objects scanned: 140342
Time elapsed: 1 hour(s), 5 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Thank you,
Karen
little eagle
2008-03-10, 11:55
Lets see if you can stay online long enough to Run this online scan from ESET (http://www.eset.eu/online-scanner)
You will need to use Internet explorer for this scan!
First, accept the Terms of Use
Click: Start
When asked, allow the ActiveX control to install
Click: Start
Make sure the options:
Remove found threats, and Scan unwanted applications
are both checked!
Click: Scan
When the scan finishes, use Notepad to open the ESET report.
It will be located here C:\Program Files\EsetOnlineScanner\log.txt
Hi Again!
Hee hee :D:
Actually the cable company came out, replaced all of the connections on the outside of the house and gave us a new cable modem. SWEET! We have had 'mysterious' outages for several years. This was more than overdue.
But I won't forget the point of gratitude.
Anyway, back to the drama. Hopefully, all will be back to normal soon enough. :bigthumb:
Here is the ESET scan. Looks clear. I think it showed clear last time we ran it as well.
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2935 (20080310)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=16cc5a206444ac4cbec2008b435ea244
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-03-11 04:35:38
# local_time=2008-03-11 11:35:38 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=426295
# found=0
# scan_time=4473
Let me know what you think. I will wait to restart.
Thank you,
Karen
little eagle
2008-03-11, 01:24
Well thing are looking up :crowned:
But how is the PC running?
Reboot and rescan with HiJackThis and post a new log here.
Also please describe how your computer behaves at the moment.
Hi Little Eagle,
Arrrgggghhh! I ran the HJT log. Then I restarted in regular mode to encounter basically the same as last time. It just sits. I couldn't click on anything and the cursor could move around. Once I scroll over the taskbar, the cursor turns to an hourglass. I waited about 15 minutes and didn't see anything happen, so thought I would restart in safe mode with networking to post this log.
What else can we try? Help! :-)
I had a thought - only based on something I read in my research to get this thing running. Could it be too many programs/icons starting up in the system tray? I don't think that's it but I thought I would run it by you.
The other thing I was thinking is if maybe I did accidentally remove something I shouldn't have. I thought I covered those bases and was careful, but -- who knows?
Honestly, I think there is still something hiding in here - virus/trojan-wise.
Anyway, whatever you think, let me know. Onto the next step! :-)
Thank you again,
Karen
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:32 PM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Shortcut to systray.lnk = C:\WINDOWS\system32\systray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.5.1.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154751377421
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 9193 bytes
little eagle
2008-03-11, 02:09
Lets try making a admin account.
Click start / control panel / user account / then make a new account.
Then lets see if you can boot into that account.
Post a hijackthis log if you can.
Just to make sure I don't do something wrong...
I am just making a new user, correct?
My head is spinning over all the electronic fun I've had, so it might be 'stupid question' time. :eek:
I have been logging in as the administrator during safe mode and have worked from that point for all of our conversations. During safe mode I could have also logged in as me - 'Karen'.
I don't think I have a login setup for just regular startup.
After all that info, should I still setup a new user acct called 'admin'?
Just checking. Running a little slow tonight! :-)
Thanks. I will wait for your reply b4 doing anything.
Karen
Ok - Hi again!
I went ahead and tried that. I got brave! Actually I realized it would do no harm to try it. (ignore last post!)
FYI - Prior to this, under user accts, I just had an 'Administrator' user and 'Dr. Karen' as a user. (both me and both set with administrator privileges). So I just set up a new acct. named 'ADMIN' and gave it administrator privileges.
The results after restarting using the ADMIN as the user, are the same. It took a few minutes for it to setup but after that, the cursor went to the normal arrow and if you scroll over the taskbar, the hourglass shows up. It has been sitting like that for about 15 minutes I think.
I'm going to restart back to safe mode in administrator mode. Would it do anything to startup in 'Dr. Karen' or 'ADMIN' in safe mode?
Thank you again,
Karen
:lip: OK - Don't kill me.
I am really not trying to drive you nuts tonight. Sorry.
But as I was typing the last post on the 2nd laptop, the laptop we are working on decided to fully load! It took about 15 minutes or better though.
So - back to your original post -- here's what I did.
I did NOT restart, so still am in REGULAR mode with the new ADMIN account.
The desktop and taskbar loaded after quite some time. I then setup Firefox so I could get online. (put in my encryption key for my wireless card).
I ran HJT (but note - it is NOT on my desktop b/c it is on the desktop for the 'administrator' account) from the start menu and programs. Do I need to redo this? This is where my knowledge lacks.
In any event, I will LEAVE THIS ALONE and let you read the log below:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:47 PM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.viewpoint.com/landing/v38a.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Shortcut to systray.lnk = C:\WINDOWS\system32\systray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.5.1.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154751377421
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11115 bytes
Thank you!
Karen
little eagle
2008-03-11, 12:04
I think we are at the point that we should try to do a repair install of windows.
I would backup all the data first...which you need to be doing anyway :cool:
Do you have a copy of your windows CD?
Hi Little Eagle,
Sorry so crazy yesterday! Definitely too much going on.
Anyway, some updates/points to mention:
while I was logged into the 'ADMIN' acct last evening, I was about to shut down everything and the computer locked up.
Right before the locked up, these are the things I was doing:
- the Java console icon in the taskbar showed up and wanted to be updated but as I clicked on it, that is when the computer locked up.
- Also, right before that, the windows update needed updating. I tried to do that to keep everything current and it would not update. It was the Windows Installer 3.1 that would not update. (I noticed people having some problems with that when doing a search for what that was)
Back to present time - I shut down the computer last night and restarted this morning as 'ADMIN' and it started right up, icons and all. But i couldn't click on anything right away. I waited and the avast antivirus tried to update on its own but there was an error saying it cannot connect to download943.avast.com(unknown:80). I clicked the box closed and all looks 'normal' but I click on icons and nothing happens. The other weird thing is 'My Computer' icon doesn't show. It looks like an icon when windows doesn't recognize it.
One other note I thought of - just wanted to remind you that up until this point I was unable to do the Java update and delete those programs that you listed several posts back. Do you still want me to do that?
OK - just wanted to keep you informed.
Back to your post --
I wanted to let you know that I have already reinstalled /repaired windows. I will do again as per your instructions.
Yes, I have the CD. I had a nice fight with Dell over the CDs. They refused to help me with this problem when I thought the drive was dead. I was going to order a new one but we never got that far.
Actually everytime i start up now I get the option of running Windows XP Pro or running Windows Recovery console.
As far as backing up - I am kicking myself for letting it go so long in the first place! (That was the whole battle from the start - I refused to accept that it was just a dead drive and wanted my data off of that drive!)
But - I have a temporary issue with being able to backup. I have to workout the desktop issues and the external HD that I have and see if I infected them with this laptop.
Although I am sure it wasn't the smartest move, I did the Windows repair without backing up. Data was fine for that round. The repair didn't seem to help at that point.
OK - I'll look for your next post. I just wanted to make sure you had all the details. :-)
Thank you so much for walking me through all of this.
Karen
little eagle
2008-03-11, 22:35
The repair didn't seem to help at that point.Looks like we need to reinstall windows.
Back up what you can. :lip:
Wing has made a nice tutorial that can help.
http://spyware-free.us/tutorials/reformat/
Let me know if you have any questions.
Hi Little Eagle,
Very good. I will try to get that backup done tonight then. If all goes well, I should be ready to move forward by tomorrow! :bigthumb:
Thank you,
Karen
little eagle
2008-03-12, 02:50
Your welcome
Paul
Hi Little Eagle,
Well, I keep encountering more and more issues. :sad:
The External HD I have is the WD My Book 500 GB HD.
For some reason, I cannot get the laptop OR desktop to see it. And it is really all I have to backup on. So I at a loss on what to do.
I have just spent 4 more hours playing with it. Looking up possible solutions. It sits there and spins and clicks at its highest speed. It is virtually brand new. I have had it less than a year. It was working as I had put some data from the laptop on it awhile ago. (I just hadn't backed up in awhile).
Then when the laptop HD 'died' and I hooked it up to the desktop, I also had the MyBook External HD hooked up. I had just backed up the desktop out of fear that I would lose that!
Without making the story any longer, the backup file that created cannot be found through the WD backup software either. (nor can the drive be seen in My Computer).
It may be something dumb and something I am not thinking of. Any thoughts? I am continuing to work that out. Until that gets resolved, I really have no backup solution for right now.
If there is anything else we can try with the laptop in the meantime, let me know.
Man, I tell ya. It's got to be a 'universe' thing. Too many things going wrong. Either that or Dell just sends me crap. :oops:
Let me know what you think. I will keep working on this.
Karen
Hi again,
I tried running a diagnostic tool on the Backup Drive but to no avail (among other things). I am sending it in under warranty for a replacement. I am awaiting a reply from WD.
In any event, if you can think of another option, besides reformatting completely (for right now anyway), for the laptop we are working on, let me know. I have no problem trying to run a 'repair' again if you think that might help. It may not have worked before since I wasn't virus-free. Just a thought.
I certainly trust your judgment over mine at this point, but I would be happy to try just about anything at this point.
I think I need a drink. j/k :D:
Karen
:eek::eek::eek::eek::eek:
Paul, (good name - my dad and brother are Paul also)
OK - some GOOD news finally! But i am exhausted. I have been working on this all nite but have the laptop running!!! (hopefully this isn't premature) :red:
Here is what I did:
- Since we were talking reformatting anyway, I thought that going back and doing some cleanup wouldn't hurt.
- I updated Windows with the correct update that originally wouldn't go through.
- I updated Java
- I removed all the old Java updates and programs we talked about before. I also removed PC-Cillin and the old installed version of Kaspersky. (it allowed me to do the online scan after that).
- after going through that whole process, I restarted and was able to login as 'DrKaren', my NORMAL login!!!! :eek: (I have done two full restarts since then with no problems and no lag.)
Soooo - I ran Kaspersky online scanner to double check everything. I will enclose the log below. :present:
Would you check it and see if you see anything weird?
Is there anything I should recheck and look at now that it 'seems' to be running?
As far as backup, I am sending that external drive back once I get an RMA number tomorrow. :sad:
Here is the Kaspersky scan:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 13, 2008 6:40:45 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/03/2008
Kaspersky Anti-Virus database records: 564857
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 104949
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 02:16:48
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\Dr. Karen\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dr. Karen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dr. Karen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dr. Karen\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dr. Karen\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dr. Karen\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dr. Karen\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dr. Karen\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dr. Karen\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dr. Karen\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dr. Karen\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dr. Karen\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dr. Karen\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dr. Karen\Data\L0000005.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dr. Karen\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dr. Karen\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dr. Karen\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dr. Karen\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dr. Karen\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dr. Karen\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dr. Karen\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dr. Karen\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dr. Karen\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dr. Karen\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dr. Karen\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dr. Karen\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dr. Karen\Data\storydb.idx Object is locked skipped
C:\Program Files\Venturi2\Client\vent2.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP31\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\DRKARENLAPTOP.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{E78AA81A-BFBD-4BBE-98B6-4BA1E8DFEF22}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_208.dat Object is locked skipped
C:\WINDOWS\TEMP\ZLT052e9.TMP Object is locked skipped
C:\WINDOWS\TEMP\ZLT052ed.TMP Object is locked skipped
C:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Thank you once again,
Karen
little eagle
2008-03-12, 13:15
With the backup drive plugged in and turned on.
Click start /then control panel / performance and maintenance / administrative tools / computer management / expand storage / select disk manager.
See if the back up drive is showing. If it is highlight it, right click on it change the drive letter and paths see if you can change the letter to some letter not listed like L. Reboot and see if the drive is listed in my computer.
With the backup drive plugged in and turned on.
/ select disk manager.
See if the back up drive is showing.
Hi Paul,
Actually, I had tried this last night but tried it again to see if I missed something. It does not show at all in the disk management section NOR in the storage tab at all. All I have listed is my laptop drive, which I guess has 3 partitions. It's a 100GB HD.
Here is the info that shows:
Volume - Layout - Type - File System - Status - Capacity - Free Space - % Free - Fault Tolerance - Overhead
Partion - Basic - FAT - Healthy (EISA Configuration) - 63 MB - 55 MB - 87% - No - 0%
Partion - Basic - FAT32 - Healthy (Unknown Partition) - 3.19 GB - 459 MB - 14% - No - 0%
Partion - Basic - NTFS - Healthy (System) - 89.90 GB - 10.62 GB - 11% - No - 0%
Honestly, I think the back up drive just decided to TRULY die. All it does is try to spin up and once it gets to its highest speed, does this 'clicka click' sound and then spins down. It is still under warranty (but barely) and I was just going to call today to get an RMA number and send for a replacement. I didn't have anything on there that isn't already on the laptop or desktop.
I KNOW that I have to get all of my stuff backed up though.Maybe I will start burning some CDs?? :p: Might be my best option at this point.
Any thoughts about checking the system now that it seems to be working? I am still getting a clean bootup and am able to login to 'DrKaren' acct.
Thank you! Things are looking a bit better. :)
Karen
little eagle
2008-03-13, 02:30
Reboot and rescan with HiJackThis and post a new log here.
Also please describe how your computer behaves at the moment.
Hi Paul,
Sorry for the delay. Today has been a little bit on the busy side.
Here is the new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:03 AM, on 3/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Dr. Karen\Desktop\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Shortcut to systray.lnk = C:\WINDOWS\system32\systray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.5.1.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205389862421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154751377421
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10573 bytes
****************
I also wanted to update you on a couple of things:
I agree with your wisdom of backing up and reinstalling Windows, I just have to get an RMA number for the backup drive on Friday or Saturday. I called Western Digital today and apparently it takes them 48 hours or better to update my warranty information. I had to email them my receipt and such. I bought it 4/1 of last year. They agreed that it was a dead drive based on the behavior.
So as soon as I get the RMA, they said it will be a relatively quick turn-around. They will send a drive out as a replacement and wait for mine to come back before charging my cc. I should have it by the end of next week.
In the meantime, the machine has been working pretty smoothly. Actually it has never started up this fast. I am still logged in as 'DrKaren' and all seems ok. I am up and running in less than 30 seconds and the cursor moves and there is really no wait time. I am not seeing anything overly weird. It does seem like some programs and such are moved around. For example - HJT was in the Trend Micro folder and uTorrent was completely missing.
BUT-- I did notice that the Windows updater had 'downloaded' all necessary updates but would NOT install them. What a pain.
:oops:I really apologize for jumping beyond your advice - but I used a program to get some of the critical updates installed so I could get past this hangup. It worked and allowed me to finish the more recent Windows updates the 'regular' way.
I did NOT install IE7 though. Should I bother?
So - I restarted and ran a HJT log for you to see. I moved the program to the desktop and ran the scan from there. Let me know if I did anything bad!
OK for now. Everything seems to be running smooth and is updated as well as I am able. Let me know if your far more experienced eyes sees anything in the HJT log.
If not, we may be good to go. I might ask though, once I get that drive back and backup everything, I may need your help in reinstalling. I am not so savvy with things like that.
Thank you again,
Karen :)
little eagle
2008-03-13, 13:36
C:\WINDOWS\system32\systray.exe
Once in safe mode, Click start / then my computer / local disk then follow the process tree.
Or using Windows Explorer, locate the file
Check the properties and make sure that it is a MS file.
If it is not delete the file. No I see no reason to use IE7 now.
Hi Paul,
It 'looks' ok to me.
I just gave you all the info b/c I wasn't sure about the 'stub' part.
Thank you,
Karen
Under properties for that file, it says the following:
General
- Description - Systray.exe stub
- Location - C:\WINDOWS\system32
- Size 3.00 KB (3.072 bytes), size on disk: 4.00 KB
- created Wednesday, August 04,2004 5:00:00 AM
Version
- File version: 5.12600.0
- Description: Systray.exe stub
Copyright: Microsoft Corporation. All rights reserved.
Other version information:
Company: Microsoft Corporation
File Version: 5.1.2600.0 (xpclient.010817-1148)
Internal Name: systray
Language: English
Original File Name: systray.exe
Product Name: Microsoft Windows Operating System
Product Version: 5.1.2600.0
little eagle
2008-03-14, 03:29
If not, we may be good to go. Well looks fine to me :)
Hi Paul,
Very cool!
Could you just give me a quick run-down on what I need to do next? :-)
(I will re-review the link you sent me already. I was a bit overwhelmed with some of their suggestions but think I can get through that.)
But just to make sure --
Once I get that backup drive replaced, I will work on backing up all the data on the drive.
Then am I going to just completely reinstall Windows XP Pro from the CD? I am sure it will all be clear once I start DOING it. But, as you can see, I like to be as clear as I can (sometimes to my detriment!)
If it is just a reinstall of Windows, does that wipe out all of my files? In other words, am I just backing up to make sure I don't lose anything upon reinstall?
Thank you again for all of your help. I cannot express my gratitude to you for getting this running again. :santa: It's just like Christmas!
Anyway, if you would, a quick 'next steps' 'to do' list would be helpful. I don't want to over complicate it!
Thank you,
Karen
Hi again,
Just had another quick question. Can I 'safely' use the laptop in the meantime, without worrying about any security breaches when online?
I realize that even though things may 'look' good and 'seem' to be running well, that it may not actually BE well.
Just checking.
Karen :-)
little eagle
2008-03-14, 04:23
If it is just a reinstall of Windows, does that wipe out all of my files? Yes everything would be gone. :sad:
Can I 'safely' use the laptop in the meantime
Lets see what NOD32 finds.
Run this online scan from ESET (http://www.eset.eu/online-scanner)
You will need to use Internet explorer for this scan!
First, accept the Terms of Use
Click: Start
When asked, allow the ActiveX control to install
Click: Start
Make sure the options:
Remove found threats, and Scan unwanted applications
are both checked!
Click: Scan
When the scan finishes, use Notepad to open the ESET report.
It will be located here C:\Program Files\EsetOnlineScanner\log.txt
Hi Paul,
Here are the results of the ESET scan. It looks clean. :cool:
Just for clarity - I ran it from in normal mode under my profile. (not in safe mode or anything)
It keeps changing my time though!!! :rolleyes:
Thank you!
Karen
Scan results:
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2946 (20080313)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=16cc5a206444ac4cbec2008b435ea244
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-03-14 05:43:29
# local_time=2008-03-14 12:43:29 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=313234
# found=0
# scan_time=6987
little eagle
2008-03-15, 01:53
It keeps changing my time though!!!Just trying to fool the malware but looks like your clean. :bigthumb:
:p:
Hi Paul,
Very cool.
I will wait for the new backup drive to come and start backing up then! I requested the RMA number after they finally updated my warranty. So I *should* have a new backup drive before week's end. I hope!
Then I will start the reinstall process. Yeah! :red:
I am assuming it is pretty straight-forward.
If you have any final advice for me on the quickest and best ways to accomplish all that, I would appreciate it. I don't want to miss anything and don't want there to be something I didn't think of. :-)
Thank you again,
Karen
little eagle
2008-03-16, 03:46
You may need to reinstall some drivers
This program may help you with that. http://www.softpedia.com/get/System/System-Info/Double-Driver.shtml
Hope you have the CD's for your programs you will need to reinstall them also.
SIW This program perform computer configuration analysis and diagnostics. It gives detailed information about your computer properties and settings, and much more.You can find it here (http://www.nutnworks.com/downloads/)
Hi Paul,
Just wanted to say thank you SO much for all of your help.
I really cannot express to you my gratitude.
Can I write back in if I have problems this week?
Karen
little eagle
2008-03-17, 02:38
Your welcome.....yes I'll ask tashi to keep it open :clown:
Hi Paul,
I am *almost* done backing up everything. I got the drive yesterday afternoon and thought I could be done by today. Wishful thinking. :red:
I just have to comb through and make a list of programs to re-download from the internet. And also go dig up software discs for different programs. I have everything that I need, it's just a matter of finding it.
I have a few minor questions in the meantime though, if you don't mind.
I was wondering if there was a way to backup the iTunes purchases. I don't have a ton of them but they aren't in any other place. The other music I have on iTunes is mostly from CDs that I have in the house so I am not too concerned if I lose those things.
The other thing was what to re-download. I would like to have ZoneAlarm, AdAware, Avast, newest Java, hmmm - what else? back on my machine. Should I put Spybot, AVG AnitSpyware, Malwarebytes antimalware, and others like that back on? I get a little overboard with downloading things that may overlap. Thoughts?
I already put the newest download of Firefox on the backup drive so I can reload that immediately after reinstalling Windows.
Also, is there a special serial number or anything that I need to find that is specific to my machine when I reload Windows? I have to CD that they sent me but does that cover me?
I have mostly backup up all the data from 'My Documents' folder, a few programs that I had the original zip or rar file from, my favorites, Dells folder, SOME info out of the application data folder for programs that I know I will need the info from - like TomTom, Firefox and some things from the Microsoft folder - the Outlook files for my address book, I also copied the drivers folder 'just in case' and the Program folder - most items 'just in case'.
If you can think of anything else, let me know. I 'think' I could survive if anything was missing at this point and i did a reinstall. I have backed up all of MY created files. It's just if I need anything else to make the machine run optimally on the flip side!
OK - I am rambling. :oops:
Once I feel secure that I have everything that I want backed up and can reinstall, I'll check back in. I may have a couple more questions (or not) but I still have to go and run those last programs that you told me about and review that website you gave me about backing up again.
I probably won't be back to this until Sunday as I have to be away for two days.
I hope you have a GREAT Easter (if you celebrate) in the meantime. :angel:
Let me know if you think I am missing anything. I will go do my homework in the meantime. Almost there....
And just think, I need to do this to my desktop too. :sick: It's more than time though.
sorry for the long message.
Karen
little eagle
2008-03-22, 15:47
I was wondering if there was a way to backup the iTunes purchases.
http://www.tuaw.com/2006/09/12/how-to-back-up-your-music-using-itunes-7/
Wow that is cool. I had no idea iTunes had that option! :present:
THANK YOU big time for that one.
It's amazing how the little things can get by me! :bigthumb:
I'll be back on Sunday.
In the meantime, I actually thought of something else that has me a bit worried. I want to make sure I can get back on the internet right away with little hold up. I have the Intel PROset Wireless card instead of the standard thing that Dell puts in. So I was wondering -- are there settings and files to save with regard to that? I am also not sure if I have those drivers on a disc - considering that Dell sent me the reinstallation CD for XP Pro and a generic Dell Tools System Software disc. Do I need to download those drivers fresh from the manufacturer's site or are they on this computer somewhere?
I am TRYING to limit my 'dumb' questions but some things are simple for me while others are not!
OK - back to work. Thank you for your guidance through ALL of this. Almost there. Can't wait to have a screamin' system!! :eek:
Karen
little eagle
2008-03-22, 21:35
I don't think that you need the drivers for PROset Wireless card I have windows make the connection i think the drivers are install already. If not the drivers can be found on the dell driver disk.
Sorry for the delay. For some reason I am having a heck of a time getting iTunes to backup properly. I may just forego the backup if I can't get it working soon. I HAVE the music except for a handful of purchases.
I'll try to get that done by tomorrow. And then start the reinstall. I have everything else backed up that I need. (I think) :funny:
Karen
little eagle
2008-03-25, 11:28
Let me know how it goes.
Hi Paul,
I gave up on the iTunes BU. The discs kept failing to write.
It isn't that huge of a deal. Most of it was 'my' music and only a few were purchases. I 'THINK' I backed up the purchases successfully. We shall see.
In any event, I attempted to do a reinstall of XP Pro. I put the CD in, it went through all of its screens and finally asked me which partition it wanted me to put XP on. The only one that made sense was the C: Drive itself since the others are small partitions. (I sent you the specs on that at one point - something to do with that NTFS format).
So I chose the C: drive and as it was attempting to install, I get the message something to the effect of that XP Pro already exists and to put a 2nd operating system on the same volume will make it unstable. Or something like that. But basically don't do it. So I stoppped and wrote in to you.
Was I doing something wrong? I chose the option of installing XP, not a repair or anything, like I had already done prior to originally writing in.
OK, I will wait to see if I was on the right track. I will also go and re-review the information you gave me.
Thank you again!
Karen
little eagle
2008-03-27, 02:16
If you chose to reinstall the OS (operating system ) it should over write the old OS.
http://spyware-free.us/img/reformat/wininstall1.jpg
At this point did you chose th first option?
You will want to select to over wright the partition C:\
Hi again!
Sorry that I have made this such a project. :sad:
Yes, I think it was the next screen available. I hit enter to setup XP and then I got the screen of the 3 partitions, chose the C: drive and then it warned me that XP was already on there and that to add another OS would not be recommended or some wording to that affect. I didn't continue - even though it would have let me install it.
I can try again and get the exact wording for you and stop at the same point.
I will try. BRB.
Karen
Hi Paul,
Ok here is what I did:
1) Put in XP Pro CD, chose NEW installation, entered Product Key, and updated files, computer restarted itself.
2) with the CD still in, I get the black screen with 3 options now: XP PRO, Recovery Disc and MS Windows XP Setup.
3) I choose the Setup, go to Blue screen and it says Setup is starting windows.
4) I choose 'Choose Setup Windows XP now ENTER'
5) Then I get the screen that says this:
'If one of the following Windows XP installations is damaged, Setup can try to repair it. Use UP or DOWN ARROW keys to select and install.
- To repair the selected Windows XP install, press R.
- To continue installation of a fresh copy of Windows XP without repairing, press ESC.'
I press ESC.
6) Then the next screen says:
'The following list shows the existing partitions and unpartitioned space on the computer. Use UP or DOWN ARROW keys to select and install. (I select C: drive)
- To Setup Windows XP on selected item, press ENTER
- To create partition in unpartitioned space, press C
- To delete selected partition, press D'
I press ENTER
7) Next screen says:
'You chose to install Windows XP on a partition that contains another operating system. Installing Windows XP on this partition might cause the other operating system to function improperly.
CAUTION: Installing multiple operating systems on a single partition is not recommended. To learn more about installing multiple operating systems on a single computer, see http://www.microsoft.com/windows/multiboot.asp using internet explorer
- To continue Setup using this partition, press C
- To select a different partition, press ESC'
So I just ESCaped and next screen pressed F3 to exit.
That is where I stopped.
I just wanted to make sure I could go past this point without problems. I have only ever reinstalled Windows 98 on an old laptop and older Mac OSs, but that was a LONG time ago. :red::laugh:
Help! :spider:
(sorry - I like the icons too much. Gotta have some fun.)
Thank you!
Karen
little eagle
2008-03-27, 12:39
So I just ESCaped and next screen pressed F3 to exit.
That is where I stopped.Keep going you were almost there. Over wright the drive.:p:
Hi Paul,
Ok. It's done. :eek:
BUT ---- I have a few things that are going on that I don't know the first thing about doing. I *hope* this will be simple! Did I do something wrong???
(The only things i have loaded are Windows updates, Firefox, Avast and the Intel Drivers.)
Here are the problems: (some more minor than others)
1) when I start, I am still getting the black screen with the option of choosing Windows XP Pro or the Recovery Console. No biggie except for it counts down 30 seconds for me to CHOOSE. This is new.
2) Then a window pops up and it asks me to Logon to Windows. In the UserName it says 'Administrator'. The password is blank. I remembered from watching my friend that you could just click OK and it wouldn't need a password, so that is what I did and it logged in.
3) I couldn't connect to the internet as I suspected, but fortunately had the drivers backed up. The software was nowhere to be found. I checked the utilities CDs and such - nothing. So THANK GOD that I had that backed up! The Intel Pro card is not driven through Windows. I am not sure why but have learned that the hard way when I would try to login at Panera and other places and hadn't set up a profile. And I would try to do it through Windows setup and it wouldn't let me. So THAT is resolved!
4) I have lost the visual display of the buttons on the front of the computer for volume, mute, play, FF, RW and Stop. Usually it would show a volume gauge or mute display when you pushed the front buttons.
5) My 'scrolling' function is gone on the finger pad.
6)OK - here's the biggie stuff:
a) The machine is crashing. It crashed when it was doing the Windows updates - but it opened IE while I had Firefox open. I know that they are basically incompatible but I have been able to run them at the same time in the past for stupid stuff like updates. This I see as a relatively minor issue that will probably be resolved once I get everything else going. Maybe??
b) Ok - now how do I explain this?? Everything 'looks' like it installed clean. But when you open the C: drive, there are several folders in the 'C:\Documents and Settings' folder.
Here is the list:
-ADMIN
-Administrator
-Administrator.DRKAREN-LAPTOP
-All Users
-Default User
-Default User.WINDOWS
-DR5142~1~KAR
-Dr. Karen
It appears that the ADMIN, Administrator, All Users, Default User and Dr. Karen folders are OLD folders b/c they contain ALL of the old files. Nothing was actually deleted.
Also - just on the main level of the C: drive, the 'Program Files' folder contains all the old programs that were on the computer before.
What is WEIRD is that NOTHING (well -some basic stuff) is in the START menu, nothing is in the 'My Music' folder (but the files exist under the Dr. Karen profile) and other examples of empty folders that I know 'not too much' about! :rolleyes:
So it seems a bit confusing to me on where everything should be and what I should delete and what I can just copy over to the 'right' folder.
I have a built in fear (maybe it's outdated) but I know that Windows does NOT work like a Mac where if you don't want something, you can just delete it with little far reaching consequences. That all files have some connection to five million other places on a PC. So I get a little nervous about getting 'delete happy'. :oops:
I am sure it's not that big of a deal but this part seems to be the worst part. I am tech savvy when it comes to bigger stuff but then become like a 'maroon' (in the infinite wisdom of Bugs Bunny) when it comes to the simpler stuff!:clown:
If I ever needed help, it is now! Please? :red:
Oh - the other thing - my bookmarks exist for Firefox under the 'Dr. Karen' profile but not when I open Firefox.
I will copy and move NOTHING until I hear from you so I can copy and delete appropriately.
Thank you way in advance for this one! :cool:
Karen
little eagle
2008-03-29, 02:30
Sorry for the delay I was traveling
When you reinstalled the OS did it give you the option to format the drive?
Hi Paul,
I don't think that is what it said? I honestly don't remember. It just had me choose the drive to overwrite (the C: drive) and it gave me that warning about installing two OSs on it, etc.
I mean, I didn't get the option of erasing the whole drive and starting over - like reformatting a floppy disc. It just reinstalled a brand new fresh copy of Win XP Pro. Because there was an option of 'Upgrade' or 'Reinstall' I think. But it said that it would overwrite the drive or something and I may lose 'my documents' folder and other info on the drive. So maybe it did say that? It's hard to remember exactly what it said if it's not in front of me.
It appears OK. I think it did a full reinstall but left my old files to just copy the things I needed into the new clean install. At least that is what it *looks* like. I remember reformatting MACs in the past and it did the same thing. It was just a pain to determine what to keep and what to dump. But gave you a new starting point. But with PCs it seems a little (ALOT) more overwhelming! But I guess I can just dump some of the old folders and the things that I KNOW I don't need until I use it a bit more and dump the rest.
Not sure. :red:
Karen
little eagle
2008-03-29, 14:12
Well guess this thread can now be closed.
I can't help you decide what to keep. :red:
Glad the install went fine. I might have to try a mac, windows is getting boring. :eek:
Hi Paul,
Okie Dokie. I appreciate all of your help this far! :)
I was just maybe looking for some confirmation that I was seeing this right. It *appears* that it is just a matter of dumping old folders and such and copying ONLY the necessary files over to the new profiles.
I know that I can work out what to keep and what NOT to keep, I just don't know how to correct some of the oddball things that are 'system specific' and make them work again. Is there an XP guide online or something that could help guide me back to 'working land' that you know of?
This is where I am NOT savvy. I can only go on prior experience with Macs but I KNOW they aren't nearly the same.
Alright, well - I certainly do appreciate your help this long. If you have any final advice for me, let me know. I honestly have no clue how to correct this one. :sad:
Thank you,
Karen
little eagle
2008-03-29, 22:58
Not trying to run you off what is it that is still buggy?
Hi Paul,
Oh I realize that! I appreciate the time you have put in and didn't want to keep dragging this out if it truly were something I could figure out. I mean, I tried so hard NOT to have to write in in the first place. I thought I had the hard stuff done by recovering all of the data on, what I thought was, a dead drive. Now this seems to be the overwhelming part. I have a Windows 98 book but I doubt that will help much here. Maybe? That is why I was wondering if there were an online guide to XP that I could reference to see where stuff is supposed to go.
The system stuff is all a bit foreign with me though on where stuff should go. I worked some on it today and here is where I am at:
Most of the same problems exist that I listed in the prior post. But I *think* the biggest problem is the profiles and how they are set. What I ended up doing - and honestly I am not sure how I did it - I merged files together under one profile which turned out to be a combo of 'administrator' and 'drkaren' profiles. I trashed all other profiles except for what is now listed as: (I cannot modify these names for some reason, even in safe mode)
- All Users.WINDOWS
-Default User.WINDOWS
-DrKaren.DRKAREN-LAPTOP (which is actually the administrator profile)
So here is what I am totally lost on:
1) how to make a separate administrator profile so that it is separate from the 'drkaren' profile. I tried but it barks at me and says that that profile exists already.
2) I have no sound and also don't have a visual display when pushing the volume and media buttons on the front of computer. It looks like the audio information is gone. I looked in the control panels and audio section and it is grayed out. I DO get an audible beep when the system warns me of something but i think that just tells me the speakers still work.
3) God - what else? Basically the entire list that I had before. System is still doing a 30 second count down on screen waiting for me to pick XP Pro instead of the Recovery Console on startup.
4) Very few icons are showing up in the start menu/program files list. Many programs are just not working.
I suspect that I just don't have the right names on the right things and other things in the right places. I am a bit baffled on what the Default, All User, Adminstrator and DrKaren (which have become one in the same) are supposed to contain.
I feel pretty stupid right now! :clown:
There are other things but I am sure once I get these things straight, all else will fall in place. I am just lost. I can figure out where to put my writings, documents, videos and everything else. But when it comes to what the system needs to recognize as a folder and where it is supposed to be, I am done! :red:
I realize your time is valuable and I have taken quite enough of it. Even if you could direct me to something I could read up on or happen to know something offhand that I can do based on what I have written, any offerings would be appreciated. :santa:
Thank you again.
Karen
little eagle
2008-03-30, 14:04
3) God - what else? Basically the entire list that I had before. System is still doing a 30 second count down on screen waiting for me to pick XP Pro instead of the Recovery Console on startup.All the info on how to install, delete, and use the Recovery Console can be found here. (http://support.microsoft.com/kb/307654)
-------------------------
4) Very few icons are showing up in the start menu/program files list. Many programs are just not working.They will have to be reinstalled when you reformatted you removed all the associated registry keys.
-------------------------------------
2) I have no sound and also don't have a visual display when pushing the volume and media buttons on the front of computer.What brand of PC are you using. You will have to reinstall the drivers for media direct, which is what I think you are talking about.
----------------------------------------------
1) how to make a separate administrator profile so that it is separate from the 'drkaren' profile. I tried but it barks at me and says that that profile exists already.Boot in safe mode if you have a default admin account for making system changes it should show up there.
------------------------------------
Hope this helps, let me know.
Hi Paul,
Boy oh boy. I worked all day on this and got some things going based on your suggestions. Thank you. Plus some other things.
Let's see. Yes, it is Dell Media Direct. I looked at a ton of info on that and really don't know how to address that. That looks a bit more complicated.
I DID get sound back by just going to the device manager and re-locating the drivers. But I don't get the visual display when I use the media buttons on the front of the computer. They WORK, you just can't see if it IS working until it blares out loudly! The only item that I am getting the big yellow question mark by is the Ethernet Controller. Is that for the driver of the ethernet card that you would plug an ethernet cable into? I am wireless so didn't know.
I reinstalled the Alps Pointer Device driver so my touchpad works better.
I reinstalled MS Office but can't get Outlook working. It starts up buy I can't import my old files back into it. It says 'The operation failed'. Plus I don't know where the old files are compared to the new ones. (I still have the backup on the external drive but thought it might still be around on the laptop unless it got overwritten when I reinstalled Office). I used Outlook for my calendar and contacts and THAT is critical for me to get back.
I did start in safe mode and saw that I had an Administrator option. Cool. :rolleyes:
So I guess -- how do I ask this?? I know what i want to ask but don't know how--
well I have the continued problem of the names of the folders being wacky in Documents and Settings. That is the first problem. I can't rename them. I have:
-Administrator (should this even be here? Is this old?)
-All Users.WINDOWS
-Default User.WINDOWS
-DrKaren.DRKAREN-LAPTOP
The other issue is that I am not sure if the 'DrKaren.DRKAREN-LAPTOP' is *really* an administrator profile and the 'Administrator folder shouldn't exist. (it may be old). I am not asking about administrator privileges as it already has that. What I am wondering is if the folder itself should be labeled plain 'administrator'.
(I am sure I am just making this more confusing than it is, but I get hung up on the 'easy' stuff.
Then the third issue is:
Inside of the DrKaren.DRKAREN-LAPTOP folder -- are the folders supposed to say "'MY' documents" and inside of that say 'MY pictures' and 'MY music' and 'MY videos'? Instead of say, 'Administrators videos' and such?
In the start menu, all of those file names (MY documents etc) originally would not link to the correct folder. I think that portion is resolved (I played with that by moving around files to different folders) but am missing the point of the correct structure of the folder names and how to rename the main level user folders in the Documents and Settings folder.
I am finding more and more as we go, but if I can get the basics running, like folder names being correct and such, I can figure out how to get the programs installed and running again.
That Dell Media Direct Issue seems a bit more complicated though, as well. I was afraid to touch that without messing up stuff. The partition should still exist, so how do I get the files back? Especially without messing up the machine?
Ok - hopefully you can sift through my questions. Sorry it takes me pages to describe what I am talking about. It is so much easier to just visually walk through stuff. Sometimes it is hard to convert the visuals into words. I do my best!
Anyway, I appreciate you hanging in there still. I think after I get the folders named the right way and get MediaDirect working, the rest should be FAIRLY straightforward.
I just feel like everything is a MESS now and it is a little more difficult to sift through what is a REAL problem vs. what is simply fixed.
Thank you,
Karen :p:
I got rid of the Recovery Console thing as well. Thank you!!
Also - I looked over my old list. I also resolved the Login with Administator by setting it to NOT classic mode - whatever that is called! :p:
But the Profile issue and how they are supposed to be set and the Media Direct and the Outlook issues are the biggies.
THAT should do it. (as if that weren't enough).
Karen :fear: (oh wow - the ninja dude just says 'hood' but when you paste it in it says 'fear' - I just wanted to try it b/c it was an old nickname. Just trying to keep it 'light'!)
Thank you again. :laugh:
Got the ethernet card working. Found the driver. :eek:
Boy, for as long as this thread is (which I am forever in your debt for), you would never know HOW resourceful I can actually be) :red:
Onto the bigger things now! Help?? :p:
Karen
little eagle
2008-04-02, 05:13
That Dell Media Direct Issue seems a bit more complicated though, as well. I was afraid to touch that without messing up stuff. The partition should still exist, so how do I get the files back? Especially without messing up the machine?
Thank you,
Karen :p:
Ok sorry about the delay my uncle is in the hospital.
Found some info in Media Direct that may help.
http://www.goodells.net/dellrestore/mediadirect.htm
Paul,
I am sorry to hear your uncle is in the hospital. Is it serious? I hope he gets well soon. I am sure your visits help greatly! :)
Back to the computer drama:
I will try to navigate through the MediaDirect issues. I had read that info already but I will give it another shot. It looks like there is a MediaDirect Repair Utility. I will attempt that.
If and when you feel up to looking into it, if you can help with the final two problems - 1) the listing/changing the names of how the profiles under "documents and settings" is SUPPOSED to read, and 2) helping me get my whole address book and calendar back into Outlook. I have beat myself up looking over all of MS sites trying to get the answer and none of the advice works. I even tried re-re-installing Outlook.
I can probably work through the Outlook issue but am troubled and baffled by the Profile name issue and how to get that back to 'normal'.
Anyway, I know that computer issues are so minor in the scheme of life when you have a loved one in the hospital. So I fully understand if I don't hear back for a bit, but welcome any thoughts you have WHEN you get time to sidetrack yourself with this mundane stuff! :p:
Wish your uncle the best and good healing. I will send positive energies in his direction. Be well yourself. :)
Karen
little eagle
2008-04-03, 04:20
My uncle has lymph node cancer and is not expected to live much longer
Now back to the PC sega :p:
About two thirds of the way down.
This may help you sort out the profiles
http://www.lockergnome.com/it/2004/12/15/get-it-done-recover-a-damaged-windows-xp-user-profile/
Copying your user profile
In this user profile recovery technique, you’ll attempt to revive the user profile by creating a new account and, subsequently, a new user profile. You’ll then copy your old user profile in its entirety to the new account. While this may sound like an operation that will simply replicate the problem over to the new account, it does indeed revive the user profile on occasion. Again, keep in mind that the success of this attempt depends on the severity of the damage to the user profile. However, since it’s a relatively painless operation, it’s worth a shot.
Paul,
I am truly sorry. I have painful memories of loss of a dear friend at 30 years old from the same.
May I offer a book title that I am *currently* reading? I am not exactly sure why I am sharing this -- other than that I am learning to trust a deep intuition within myself - call it a little voice - that told me to share. It is called 'Dream Healer' by Adam. Yes, just 'Adam'. Maybe you can read it TO him?
I don't believe in random 'coincidences' that have no purpose. Especially when it comes to people and the contacts we make. I believe in the power of our interconnectedness and support of each other. I guess that is why I became a doctor of chiropractic.
If I may offer anything else - PLEASE let me know.
Feel free to PM me. Just let me know if you do, as I don't check that acct. that often.
I will send healing energies his way. :angel:
"As the PC drama turns"-- thank you for your additional input. I hope that this is providing a bit of distraction for you. I will try the things you suggested. I was a little tied up today with nonsense so didn't get to try the MediaDirect thing yet. I will try and finish the MediaDirect and the profile issues tomorrow.
Any thoughts on what the heck I did in Outlook?? :red:
Alright, be well. Keep a positive attitude and that will spread joy, even in painful times. I hope you decide to pick up that book. It is uplifting no matter what you decide to believe.
My best,
Karen :present:
little eagle
2008-04-03, 13:23
Any thoughts on what the heck I did in Outlook??I have never used outlook I use thunder bird :red: So I can't be to much help there.:oops:
Hi Paul,
Wow. I live under a rock. I didn't even know about Thunderbird. :clown:
Alright, quick question then -- I don't really need an email application but need a GOOD calendar and appointment setter as well as a good address book. Something that can be used for business.
Have you used Sunbird or Lightning? Looks like I may want to download Sunbird but if Lightning has a more involved calendar and appt setter, that might be better. I used Outlook just for it's calendar abilities.
What do you think?
Karen :)
little eagle
2008-04-04, 13:46
Well now I'm the one living under a rock :crowned:
Have not use them and did know about them but I think I'll try Lightning :bigthumb:
Sorry -- taxes getting the best of me.
Be right back. I am still straightening out the last tasks on the computer that we were talking about.
Karen
Hi Paul,
I hope that your uncle is doing a bit better. :angel:
Update on the computer saga:
I got the media buttons working again on the front.
It turns out that I just had to download the Dell Quickset driver and it is all better now! :-)
I thought it was related to the MediaDirect stuff but it wasn't. Turns out that I only have volume controls and VCR-like controls on the front but no mediadirect button. So I went through the repair utility and created a CD and all of that and it still didn't work. But the Quickset driver did the trick.
On the other notes:
I worked all day on the user profile issue. I am at a complete loss as to what to do with that without completely messing up the machine more. I read through what you sent me and also looked at other links and nothing works. I am truly unsure what is what anymore and what 'should' be in a profile vs. what should only be in all users. I need to go back to total basics on this one.
I am off to figure out why Outlook isn't working and where the heck my address book is! Once I have this resolved, it will only leave that user profile issue left. (plus tons of reinstalls). :)
Karen
Hi again!
I got the Outlook files back. I am not sure what exactly did it. I dropped the backed up Outlook files back into the Application Folder on the C: drive main level. But when I went to do an import in Outlook, it actually looked for the files in the 'Local Settings' and then 'Application Folder' under my profile. So I am not sure if they were there all along. All I know is that I had tried importing the files already before getting them off of the backup drive to no avail. Who knows?
I frustrate myself with not knowing HOW it worked so if I need to I can repeat it in the future. Stupidness. :lip:
Anyway, I am going to look into Sunbird and see if that is more manageable.
Now I just have to figure out which is better - Sunbird or the portable version, whatever that is.
Here's the link:
http://portableapps.com/apps/office/sunbird_portable
OK. Just need to work out how the Profiles work and then I can go from there. If you have any other suggestions, I would appreciate it. Otherwise, I think we have gone as far as we can with this whole escapade!! :sick:
Alright, let me know if you have any other sites that I might look into just to get some basic knowledge of how XP Profiles work and what is supposed to be in them and then how to fix them once they get messed up!
Take care and thank you,
Karen
little eagle
2008-04-09, 03:41
I hope that your uncle is doing a bit better.
Well I guess he is ...................as he passed on :sad: But in a better place I believe.
Copy files to the new user profile
1. Log on as a user other than the user whose profile you are copying files to or from.
2. In Windows Explorer, click Tools, click Folder Options, click the View tab, click Show hidden files and folders, click to clear the Hide protected operating system files check box, and then click OK.
3. Locate the C:\Documents and Settings\Old_Username folder, where C is the drive on which Windows XP is installed, and Old_Username is the name of the profile you want to copy user data from.
4. Press and hold down the CTRL key while you click each file and subfolder in this folder, except the following files:
• Ntuser.dat
• Ntuser.dat.log
• Ntuser.ini
5. On the Edit menu, click Copy.
6. Locate the C:\Documents and Settings\New_Username folder, where C is the drive on which Windows XP is installed, and New_Username is the name of the user profile that you created in the "Create a New User Profile" section.
7. On the Edit menu, click Paste.
8. Log off the computer, and then log on as the new user.
Note You must import your e-mail messages and addresses to the new user profile before you delete the old profile. For more information, click the following article number to view the article in the Microsoft Knowledge Base:http://support.microsoft.com/default.aspx?scid=kb;en-us;811151
Hope this helps :)
Hi Paul,
I am so sorry. :sad:
You are right that he is in a better place. I believe that our loved ones just 'transform' and are still right here with us. I had felt a very big sense of peace and healing with him, just misinterpreted it.
As much as you appreciated him, know how much you are appreciated here.
This forum and the volunteers here are nothing short of AMAZING, you being no exception. I appreciate the 'extra mile' you have gone to help me through this computer 'nightmare'. Even if, in the scheme of things, computer problems are a minor. :angel:
On a side note, I downloaded Sunbird portable. Pretty nifty. I like the calendar ALOT. I am trying to see if there is a way to integrate/sync Sunbird with Sunbird portable. Seems kinda stupid to have to use your calendar at home off of a flash drive.
OK - I again, appreciate your help. I will go and try the user profile instructions and see if I can accomplish that. :rolleyes:
Thank you,
Karen
Hi Paul,
I am sorry for the delay. I was away for the past several days and haven't had a chance to try the user profile changes. I will get to that tomorrow. So sorry.
I don't want you to have to keep the thread open any longer than you have to. I can probably get that User Profile under control tomorrow. I will do a final check back in and let you know how I make out if that is ok.
Thank you again for ALL of your help. I am truly grateful and appreciate every step that you have led me through to get this machine running again. It's been a crazy crazy road but I am thrilled to get it back (almost) up to speed.
I am also SO sorry for your loss. I really feel for you and I hope you are doing ok. My thoughts and prayers go out to you.
Thank you! I will check back in tomorrow and hopefully I will have no problems following instructions. :clown:
Karen
Hi Paul,
Just wanted to check in (FINALLY) and tell you I got the user profile stuff all squared away. Actually it wasn't as bad as I thought. :bigthumb:
I am sorry I didn't get to this until now. Things have been a bit hectic. I have been interviewing for a full time position and have been running like crazy here there and everywhere!
I just wanted to send my sincerest thanks for everything you have done and cannot tell you how much all of your help is appreciated. I don't know what I would have done without you! ;)
This entire forum and the commitment that all of you make is incredible. You help so many people with problems that affect their daily lives. Some people might forget about how much volunteer time actually goes into this commitment. And that you don't HAVE to do it. I recognize it, acknowledge it and thank you for it.
I feel that you have gone the extra mile for me. And for that I am truly grateful. Words cannot really express it. It is sad that we rely so much on our computers and when things get 'lost' or damaged, it has a big impact on our lives. Thank you for recognizing that and offering a solution.
Well, I don't want to get 'sappy' on you but just want to express my sincerest thanks. I hope you are doing well and that your spirits are lifting. :angel:
Let me know if you have any final suggestions for me for computer maintenance or any other tips or good sites and/or software I should look into.
Thank you again! :crowned:
Karen
little eagle
2008-04-27, 17:38
:bigthumb: Glad I could help.
Can't think of any other tips that may help.
But I need to close this thread Post back if you have anymore trouble.(start a new thread ) :rolleyes:
See ya around the web Karen, safe surfing.