Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

computer freezes & is unuseable due to slowness

Started by 00dog , Jul 27 2010 01:23 PM

  • This topic is locked This topic is locked

#16
krazzdav
Posted 09 September 2010 - 01:34 PM

krazzdav

    Member

  • Member
  • PipPipPip
  • 505 posts
Hi 00dog :)

Glad your computer is doing better!! I am thinking that something is scanning your computer why it took so long for the light to go out. The only thing that I see running that could do this is Microsoft Security Essentials but it shouldn't do this on boot-up.

I am removing remnants from AVG and other programs that you uninstalled.


Step .One

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - [2007/02/08 07:45:14 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ps2mcadapter.sys -- (ps2mcadapter)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\RunOnceEx: [] File not found
    [2010/09/06 00:01:02 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
    [2004/05/07 14:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/05/28 16:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default\Application Data\CheckPoint
    [2004/08/08 19:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default\Application Data\Leadertech
    [2010/09/06 00:00:43 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat

    :Services

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Grisoft\AVG Free\avginet.exe"=-
    "C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"=-
    "C:\Program Files\Grisoft\AVG Free\avgcc.exe"=-
    "C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe"=-

    :Files
    C:\Documents and Settings\Default\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, if the program doesn't do it on it's own, reboot the PC when it is done. Save the file as Fixed.txt to your desktop and post the contents in your next reply.



Step .Two
Open Device Manager>>IDE ATA/ATAPI Controllers>>Primary IDE Channel>>Properties>>Advanced Settings. Make sure your current transfer mode is DMA and not PIO.
How to Open Device Manager

  • If your Primary channel is not using DMA, right click on the first Primary IDE channel and choose "Uninstall"...accept the change.
  • Reboot
When Windows starts it will reinstall the Primary IDE channel and the devices associated with it...once it finishes reinstalling the devices, reboot again. It should boot and run faster.



Step .Three
Please download JkDefrag by Jeroen Kessels
  • Unzip the program to a folder.
  • Reboot to release most of the files in use.
  • Double Click JkDefrag.exe to run the program.
Note: Everything is done automatically the moment you run JkDefrag.exe



Step .Four
Download Process Explorer and unzip the files.
  • Reboot your computer (we want to run this program when your computer is slow)
  • Double click procexp.exe to run it.
  • You should see a column that says Working Set--click on this to sort the list by that column.
  • Go to File > Save As then choose where you want to save it.
  • Open the file you just saved and post the text in your next reply.



Step .Five
Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Then click the Quick Scan button at the top
  • Post the log it produces in your next reply.

____________
Basically we need to try and find out what is running or scanning when your computer first starts because it is using up most of your memory.

Thanks,
krazzdav
  • 0

Advertisements

#17
00dog
Posted 10 September 2010 - 04:45 PM

00dog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thanks.

I'm on step 5 now, and expect to post the logs tonight.

Thanks, again.

00dog :)
  • 0

#18
krazzdav
Posted 10 September 2010 - 04:57 PM

krazzdav

    Member

  • Member
  • PipPipPip
  • 505 posts
:)
  • 0

#19
00dog
Posted 10 September 2010 - 11:30 PM

00dog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
We're still getting faster!!

The computer reboots, logs on, and becomes useable at a much faster rate. The "activity light" no longer stays green forever; it's blinking in a reasonable amount of time.

I hope we can speed it up some more, but I probably have a lot of stuff on this computer (bejeweled, etc.)for the amount of memory. But, I 'm willing to lose memory hogs.

Maybe I should mention that when I check the properties for the TOSHIBA DVD-ROM SD-R2512, I get the following message: "Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)." I think it has been like that for a while; and, I will reinstall the driver later. Just thought I'd mention it.

My Primary IDE channel, current transfer mode is "Ultra DMA Mode 5."

Feeling pretty good about the way things have gone with the computer. I may even put my sledge hammer back in the shed :)

The logs follow, and thanks again.

00dog


Fixed log:

All processes killed
========== OTL ==========
Service ps2mcadapter stopped successfully!
Service ps2mcadapter deleted successfully!
C:\WINDOWS\system32\drivers\ps2mcadapter.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\ deleted successfully.
C:\WINDOWS\tasks\Symantec NetDetect.job moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\Default\Application Data\CheckPoint\ZoneAlarm Toolbar\TrustChecker(2) folder moved successfully.
C:\Documents and Settings\Default\Application Data\CheckPoint\ZoneAlarm Toolbar\TrustChecker folder moved successfully.
C:\Documents and Settings\Default\Application Data\CheckPoint\ZoneAlarm Toolbar\PTPCACHE folder moved successfully.
C:\Documents and Settings\Default\Application Data\CheckPoint\ZoneAlarm Toolbar folder moved successfully.
C:\Documents and Settings\Default\Application Data\CheckPoint folder moved successfully.
C:\Documents and Settings\Default\Application Data\Leadertech\PowerRegister folder moved successfully.
C:\Documents and Settings\Default\Application Data\Leadertech folder moved successfully.
C:\WINDOWS\system32\zllictbl.dat moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avginet.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avgamsvr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avgcc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe deleted successfully.
========== FILES ==========
C:\Documents and Settings\Default\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 6486330 bytes
->Temporary Internet Files folder emptied: 50255503 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1372 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 1993416 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 2069962 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

User: Sippy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2366217 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 60.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner

User: Sippy

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.9.1 log created on 09102010_125440

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\TMP00000003261FCC2528E89C80 not found!

Registry entries deleted on Reboot...



Procexp log:

Process PID CPU Private Bytes Working Set Description Company Name
DPCs n/a 0 K 0 K Deferred Procedure Calls
Interrupts n/a 0 K 0 K Hardware Interrupts
System Idle Process 0 22.06 0 K 16 K
System 4 0 K 32 K
smss.exe 536 168 K 132 K Windows NT Session Manager Microsoft Corporation
swupdtmr.exe 1404 304 K 132 K
DVDRAMSV.exe 408 440 K 204 K Service of RAMAsst for Windows XP Matsushita Electric Industrial Co., Ltd.
svchost.exe 616 1,004 K 280 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 796 996 K 288 K Generic Host Process for Win32 Services Microsoft Corporation
acs.exe 1320 2,652 K 388 K
KodakCCS.exe 504 956 K 432 K Kodak DC Ring 3 Conduit (Win32) Eastman Kodak Company
ati2evxx.exe 896 568 K 500 K ATI External Event Utility EXE Module ATI Technologies Inc.
svchost.exe 488 1,492 K 544 K Generic Host Process for Win32 Services Microsoft Corporation
CFSvcs.exe 196 1,260 K 716 K Service of ConfigFree. TOSHIBA CORPORATION
svchost.exe 148 1,260 K 748 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1392 2,384 K 820 K Generic Host Process for Win32 Services Microsoft Corporation
LEXBCES.EXE 1812 1,236 K 1,016 K LexBce Service Lexmark International, Inc.
LEXPPS.EXE 1856 1,028 K 1,240 K LEXPPS.EXE Lexmark International, Inc.
svchost.exe 980 1,772 K 1,392 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1664 2,720 K 1,556 K Generic Host Process for Win32 Services Microsoft Corporation
ati2evxx.exe 1292 556 K 1,568 K ATI External Event Utility EXE Module ATI Technologies Inc.
csrss.exe 640 1,660 K 1,896 K Client Server Runtime Process Microsoft Corporation
svchost.exe 1544 1,244 K 1,916 K Generic Host Process for Win32 Services Microsoft Corporation
SmoothView.exe 3640 556 K 2,152 K SmoothView TOSHIBA Corporation
hpwuschd2.exe 3824 592 K 2,276 K hpwuSchd Application Hewlett-Packard
wmpnetwk.exe 1576 5,716 K 2,292 K Windows Media Player Network Sharing Service Microsoft Corporation
TOSCDSPD.exe 176 596 K 2,352 K CD/DVD Drive Acoustic Silencer TOSHIBA
services.exe 716 4.41 1,756 K 2,388 K Services and Controller app Microsoft Corporation
TPSBattM.exe 3240 760 K 2,540 K TOSHIBA Corporation
RAMASST.exe 1312 668 K 2,556 K CD Burning of Windows XP disabling tool for DVD MULTI Drive Matsushita Electric Industrial Co., Ltd.
winlogon.exe 668 6,608 K 2,688 K Windows NT Logon Application Microsoft Corporation
spoolsv.exe 1840 4,464 K 2,696 K Spooler SubSystem App Microsoft Corporation
reader_sl.exe 3736 696 K 2,788 K Adobe Acrobat SpeedLauncher Adobe Systems Incorporated
SynTPLpr.exe 2584 876 K 2,820 K TouchPad Driver Helper Application Synaptics, Inc.
svchost.exe 912 3,056 K 2,988 K Generic Host Process for Win32 Services Microsoft Corporation
lsass.exe 728 3,924 K 3,052 K LSA Shell (Export Version) Microsoft Corporation
alg.exe 3748 1,028 K 3,148 K Application Layer Gateway Service Microsoft Corporation
ctfmon.exe 4032 888 K 3,556 K CTF Loader Microsoft Corporation
tfswctrl.exe 2700 956 K 3,664 K Drive Letter Access Component Sonic Solutions
svchost.exe 452 6,020 K 3,756 K Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 1076 6,552 K 3,840 K Windows Update Microsoft Corporation
TPSMain.exe 3060 2,172 K 3,936 K TOSHIBA Corporation
svchost.exe 440 3,040 K 4,156 K Generic Host Process for Win32 Services Microsoft Corporation
atiptaxx.exe 2608 2,784 K 4,320 K ATI Desktop Control Panel ATI Technologies, Inc.
PadExe.exe 3572 1.47 2,584 K 4,776 K PadTouch Main TOSHIBA
THotkey.exe 3012 3,232 K 6,896 K TOSHIBA
msseces.exe 3912 3,964 K 6,976 K Microsoft Security Essentials User Interface Microsoft Corporation
nmsrvc.exe 220 9,192 K 12,176 K Pure Networks Platform Service Cisco Systems, Inc.
procexp.exe 3156 1.47 12,908 K 17,688 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
svchost.exe 1176 16,864 K 22,628 K Generic Host Process for Win32 Services Microsoft Corporation
explorer.exe 2108 17,276 K 23,420 K Windows Explorer Microsoft Corporation
MsMpEng.exe 1120 70.59 160,868 K 56,304 K AntiMalware Service Executable Microsoft Corporation



OTL Log:

OTL logfile created on: 9/10/2010 5:41:14 PM - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Default\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 107.00 Mb Available Physical Memory | 24.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 30.59 Gb Free Space | 54.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Default
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/27 11:00:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Default\Desktop\OTL.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/05/24 13:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe
PRC - [2004/05/13 13:46:02 | 000,053,248 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2004/04/30 18:42:36 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2004/04/09 19:54:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/03/04 18:41:08 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/03/03 14:57:36 | 000,278,528 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2004/03/03 14:57:12 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2004/03/02 15:45:28 | 000,135,168 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2004/02/03 16:47:06 | 001,089,589 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Touch and Launch\PadExe.exe
PRC - [2004/01/22 19:09:00 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/09/05 05:24:46 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2003/05/23 15:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003/03/14 13:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe


========== Modules (SafeList) ==========

MOD - [2010/07/27 11:00:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Default\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/22 15:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2004/05/24 13:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2004/05/13 13:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2004/04/09 19:54:44 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/03/04 18:41:08 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/05/23 15:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/07/07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 15:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/05/04 18:02:11 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/03/27 05:27:02 | 000,543,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/11/11 19:02:04 | 000,863,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/08 11:07:07 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/07 11:27:28 | 000,070,070 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2004/07/07 09:55:12 | 000,152,049 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2004/06/02 14:19:00 | 000,038,705 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2004/05/20 09:41:54 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/05/20 09:39:42 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2004/05/20 09:21:10 | 000,036,918 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2004/05/07 14:10:48 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/04/21 03:04:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/04/21 03:04:00 | 000,098,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/04/21 03:04:00 | 000,085,722 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/04/21 03:04:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/04/21 03:04:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/04/21 03:04:00 | 000,014,235 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/04/21 03:04:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/04/21 03:04:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/04/21 03:04:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/04/14 16:52:22 | 000,005,632 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atiide.sys -- (atiide)
DRV - [2004/02/27 03:31:38 | 000,004,224 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2004/02/27 00:50:38 | 000,611,820 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/02/20 17:00:44 | 001,265,388 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/22 19:04:16 | 000,178,816 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/01/14 21:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/01/14 21:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/01/14 05:21:00 | 000,085,936 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/01/14 04:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2003/12/05 21:53:00 | 000,068,352 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/10/27 15:59:00 | 000,013,842 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/10/24 15:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/07/16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/06/11 10:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/02/18 21:02:06 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/10 18:13:22 | 000,007,552 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2002/10/01 11:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/02 12:52:26 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/09/10 12:54:53 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.mpix.com/...geUploader5.cab (Image Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1229738550203 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1175996315562 (MUWebControl Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://weddingchanne..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.mpix.com/...geUploader6.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8207.5281018519 (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://download.game...aploader_v6.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Default\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Default\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/07 13:04:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/10 17:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Default\Desktop\Process Explorer 9-10-2010
[2010/09/10 13:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Default\Desktop\jkdef 9-10-2010
[2010/09/10 13:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Default\Desktop\logs to post 9-10-2010
[2010/09/10 12:54:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/07 18:11:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/09/07 17:39:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/08/02 12:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Default\Application Data\HpUpdate
[2010/08/02 12:26:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2010/07/26 19:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Default\Desktop\logs 7-26-2010
[2010/06/13 09:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Default\Local Settings\Application Data\PCHealth
[2010/06/13 02:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[1 C:\Documents and Settings\Default\My Documents\*.tmp files -> C:\Documents and Settings\Default\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/10 17:34:09 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/10 17:31:11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/10 17:28:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/10 17:28:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/10 17:28:25 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/10 17:27:13 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\Default\ntuser.dat
[2010/09/10 17:27:13 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Default\ntuser.ini
[2010/09/10 12:54:53 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/09/07 23:07:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Default\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/07 23:06:37 | 000,446,068 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/07 23:06:36 | 000,073,234 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/07 23:06:33 | 000,525,966 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/07 21:03:55 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/09/07 18:11:23 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/08/31 17:55:51 | 003,652,608 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/08/31 17:55:49 | 002,807,808 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/08/31 17:52:50 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/24 16:30:57 | 000,001,072 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/08/18 19:51:49 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\Default\My Documents\Christmas cookbook.doc
[2010/08/12 10:18:22 | 000,224,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 09:50:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 09:46:32 | 000,000,701 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/02 12:59:04 | 000,023,112 | ---- | M] () -- C:\WINDOWS\hpqins15.dat
[2010/07/27 11:00:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Default\Desktop\OTL.exe
[2010/07/16 17:57:37 | 000,000,015 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/07/01 16:07:46 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[1 C:\Documents and Settings\Default\My Documents\*.tmp files -> C:\Documents and Settings\Default\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/07 22:14:01 | 469,291,008 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/07 18:19:09 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/07 18:11:22 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/08/02 12:36:54 | 000,023,112 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/07/15 14:01:35 | 003,652,608 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/07/01 16:07:46 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/07/01 16:07:46 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/01/16 15:45:48 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/05/04 18:30:08 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PbkUser.INI
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/07/28 14:23:26 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2005/02/06 12:43:49 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/02/06 12:43:13 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2005/02/06 12:36:07 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/12/31 19:05:50 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/12/31 19:05:49 | 000,000,511 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/08/08 15:50:23 | 000,000,282 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/08/08 11:06:58 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/06/17 13:50:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/17 13:41:50 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2004/05/07 14:23:04 | 000,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/05/07 14:19:47 | 000,001,072 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/05/07 14:16:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/05/07 14:16:56 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/05/07 14:16:56 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/05/07 14:16:56 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/05/07 14:16:56 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/05/07 14:16:56 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/05/07 14:02:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/05/07 13:59:01 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\MousePage.dll
[2004/05/07 13:59:01 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2004/05/07 13:50:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/05/07 13:46:34 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/05/07 13:46:31 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/05/07 13:46:08 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/05/07 13:46:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/05/07 13:46:08 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/05/07 13:46:08 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/05/07 13:41:46 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/05/07 13:38:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/07 13:10:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/07 13:07:49 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/05/07 13:01:15 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/05/07 12:35:43 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/04/23 19:33:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2008/05/04 18:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2005/12/24 15:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2007/07/09 20:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2005/10/08 12:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/06/05 01:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2005/06/08 23:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/07/09 12:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default\Application Data\GARMIN
[2004/05/07 14:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default\Application Data\InterTrust
[2004/05/07 15:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default\Application Data\InterVideo
[2005/12/30 18:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default\Application Data\Netscape
[2007/04/07 20:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default\Application Data\OfficeUpdate12
[2004/08/08 18:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default\Application Data\toshiba
[2009/06/06 23:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default\Application Data\Windows Search
[2010/09/10 17:34:09 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========


< End of report >
  • 0

#20
krazzdav
Posted 11 September 2010 - 01:50 PM

krazzdav

    Member

  • Member
  • PipPipPip
  • 505 posts
Hi 00dog :) Let's see what else we can do. I will look into your DVD drive also but I don't see any one thing per say hogging up your memory. You can always put more memory in your computer too. :)


I see you have 2 CD Burning programs--Roxio Burn Engine and Sonic RecordNow! . Do you use both of them? If not I would uninstall the one(s) you don't use.

Do you network your computer or connect to other devices over a network? Cisco Network Magic is always running but helps set up networks easier.

Do you share music or pics over a network? Windows Media Player Network Sharing is tying up a fair chunk of memory.

You may want to try and use something other than Microsoft Security Essentials. I am not sure if you try something else if it will use less resources or not, but if you do want to try I will add this step at the end.



Step .One
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    [2004/08/08 15:50:23 | 000,000,282 | ---- | C] () -- C:\WINDOWS\lexstat.ini

    :Services

    :Reg
    [-HKLM\SYSTEM\CurrentControlSet\Services\LexBceS]

    [-HKLM\SYSTEM\CurrentControlSet\Services\LEXPPS.EXE]

    [-HKLM\SYSTEM\CurrentControlSet\Services\LEXPPS]

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"=-
    "Adobe Reader Speed Launcher"=-

    :Files
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, if the program doesn't do it on it's own, reboot the PC when it is done. Save the file as Fixed.txt to your desktop and post the contents in your next reply.


Step .Two
Rerun MalwareBytes by double clicking Malwarebytes' Anti-Malware on your desktop.
  • Go to the Update tab and click on the Check for Updates button.
  • Go back to the Scanner tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


Step .Three
Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

NOTE -- The scan will take some time so do not be alarmed if it takes several hours


Step .Four
If you do want to try something other than Microsoft Security Essentials follow this step----if not skip it.

Download another antivirus program and antispyware program.

  • Below are some free antivirus programs that I recommend. There are also many antivirus programs that will give you a free trial or limited use to see if you like it before purchasing.

  • Click here for Avast Home Edition --- I use this one
  • Click here for AVG Anti-Virus
  • Below are some free antispyware programs that I recommend. There are also many antispyware programs that will give you a free trial or limited use to see if you like it before purchasing.
  • Click here for SUPERAntiSpyware -- I use this one
  • Click here for Spyware Doctor (Google Pack Free Edition)

  • After you download the programs that you want, uninstall Microsoft Security Essentials and Install the programs that you chose.
  • After you install the program that you choose, ensure that you run the programs update feature and then run a full system scan.



____________

Let me know how everything went :)
krazzdav
  • 0

#21
00dog
Posted 13 September 2010 - 11:11 AM

00dog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hello,

The computer is running slower today. That may have something to do with it being on for about 24 hours, running the scans, etc.. I'll see what it does when I reboot later.

I have a few questions/comments:

#1- I can't find "Roxio Burn Engine." But, in programs/common files/ roxio shared has a Dragon folder and a naptster folder. Napster has a BurnPlug.dll.

#2- Do you think Cisco Network Magic uses a lot of memory? My daughter uses this computer and likes having it.

#3- How do you deactivate "Windows Media Player Network Sharing?"

#4- I see folders for stuff that has been unistalled, like spybot, can I just delete the folders?

No infected files were found. I may uninstall Microsoft secuirty essentials later and try the others, but MSE would be easy for my daughter to keep up.

As you mentioned, I may want to add some memory.

Thanks, again

00dog

OTL log:

All processes killed
========== OTL ==========
Service Ad-Watch Connect Filter stopped successfully!
Service Ad-Watch Connect Filter deleted successfully!
File C:\WINDOWS\System32\drivers\NSDriver.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
C:\WINDOWS\lexstat.ini moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LexBceS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LEXPPS.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LEXPPS\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\LEXBCES.EXE moved successfully.
C:\WINDOWS\system32\LEXPPS.EXE moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 5915 bytes
->Temporary Internet Files folder emptied: 27627319 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 962 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 25742 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

User: Sippy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2662345 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1024069 bytes

Total Files Cleaned = 30.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner

User: Sippy

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.9.1 log created on 09122010_132337

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\TMP00000001B8B8B0EBE7BEC215 not found!

Registry entries deleted on Reboot...


mbam log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4602

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/12/2010 2:09:04 PM
mbam-log-2010-09-12 (14-09-04).txt

Scan type: Quick scan
Objects scanned: 158660
Time elapsed: 25 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


KasReport log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, September 13, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, September 12, 2010 17:15:21
Records in database: 4211792
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\

Scan statistics:
Objects scanned: 69604
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 09:11:51

No threats found. Scanned area is clean.

Selected area has been scanned.
  • 0

#22
krazzdav
Posted 14 September 2010 - 03:31 PM

krazzdav

    Member

  • Member
  • PipPipPip
  • 505 posts
Hi 00dog :)


The computer is running slower today. That may have something to do with it being on for about 24 hours, running the scans, etc.. I'll see what it does when I reboot later.

That's definitely not what we were looking for. :)

I have a few questions/comments:

#1- I can't find "Roxio Burn Engine." But, in programs/common files/ roxio shared has a Dragon folder and a naptster folder. Napster has a BurnPlug.dll.

Some of the programs that you can't find that I ask you too is because they used to be installed and still have entries on your computer in the registry so you don't have to worry about it if it's no longer there. :)

You can go ahead and delete the entire Roxio Shared folder.

#2- Do you think Cisco Network Magic uses a lot of memory? My daughter uses this computer and likes having it.

No it actually isn't using a lot of memory. I was just trying to stream line as much as possible by identifying some of the programs that do use a bit of resources. I wouldn't worry about it since your daughter likes to use it. :)

#3- How do you deactivate "Windows Media Player Network Sharing?"

You mentioned that your daughter likes the networking feature for Network Magic so she may also be using this. If not disable it this way--

Disable Windows Media Player Network Sharing Service
  • Start Windows Media Player
  • Click the arrow below the Library tab, and then click Media Sharing.
  • In the Media Sharing dialog box, deselect the Share my media check box.

  • Open up Services from Control Panel, or type services.msc into the start menu search/run box.
  • Find Windows Media Player Network Sharing Service in the list and double click it.
  • You will get a window like this below, change the Startup type: to Manual -- this will allow the service start again if needed but not all the time.
Posted Image


#4- I see folders for stuff that has been unistalled, like spybot, can I just delete the folders?

:) Yes you can definitely delete those folders. If you have questions about anything you see just ask---better safe than sorry. :)

No infected files were found. I may uninstall Microsoft secuirty essentials later and try the others, but MSE would be easy for my daughter to keep up.

Ok. The reason I mentioned this was MSE is using about 15% of your memory just from the snapshot we had done.

As you mentioned, I may want to add some memory.

:) I think this will help make you a lot happier as well as the computer. :) If you would like help figuring out what you can get and what you have just let me know.



____________

I want to defrag your drive and run one other scan -- then we'll address your CD drive issue :P If you were going to disable the Windows Media Player Network Sharing do this before these steps.


Step .One

Please download JkDefrag by Jeroen Kessels
  • Unzip the program to a folder.
  • Reboot to release most of the files in use.
  • Double Click JkDefrag.exe to run the program.
Note: Everything is done automatically the moment you run JkDefrag.exe


Step .Two

Run OTL (this may take a while)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    LEXPPS.EXE /RS
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

  • Click the NONE box at the top
  • Under Services select the ALL button

  • Then click the Run Scan button at the top

  • Post the log it produces in your next reply.


Step .Three

Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    "UpperFilters"=-
    "LowerFilters"=-

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, if the program doesn't do it on it's own, reboot the PC when it is done. Save the file as Fixed3.txt to your desktop and post the contents in your next reply.


Step .Four

Once your computer starts check and see if you have the same error on your CD Drive.

Click Start, click My Computer, and then see whether the drive is listed.

Is the drive listed?

If the drive is listed, try to play or access a CD or DVD.
If you can play or access a CD or DVD, you are finished.

If you cannot play or access a CD or DVD, you may have to reinstall some programs. Some programs might not be able to use your CD or DVD drive until you reinstall those programs. If the problem occurs again when you install or uninstall those programs, contact the manufacturer of the program to see if an update is available that solves the problem. Some examples of programs that might be affected are:

* iTunes software by Apple
* Nero software by Nero Inc
* Roxio Creator software by Sonic Solutions
* Zune software by Microsoft

After reinstalling your programs, if you can play or access a CD or DVD, you are finished.

If you still cannot play or access a CD or DVD, please see the "Next steps" section.


____________

Next steps :)

Remove and reinstall drivers

If the drive is not listed, remove and reinstall the existing drivers. To do this, follow these steps:

1. Click Start, and then click Control Panel.
2. Click System and Maintenance, and then click System,
3. On the Hardware tab, click Device Manager. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
4. In Device Manager, expand DVD/CD-ROM drives, right-click the CD and DVD devices, and then click Uninstall.
5. When you are prompted to confirm that you want to remove the device, click OK.
6. Restart the computer.

After the computer restarts, the drivers will be automatically installed.

____________

Go back to beginning of this step and see if this fixed the problem and are able to play or access a CD/DVD. If not let me know :)



____________

In your next post if you can post the 2 logs from the OTL scan and fix, let me know how your CD drive is doing and any other problems or questions.

krazzdav :)
  • 0

#23
00dog
Posted 16 September 2010 - 09:57 PM

00dog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hello Krazzdav, didn't want you to think I'd faded away...Just long work hours.

I should be able to follow your instructions within a day or so.

Appreciate it.

00dog
  • 0

#24
krazzdav
Posted 16 September 2010 - 10:02 PM

krazzdav

    Member

  • Member
  • PipPipPip
  • 505 posts
:) thanks 00dog :) Really appreciate you popping in and know how that can be. Will be looking forward to see how everything goes.
  • 0

#25
00dog
Posted 19 September 2010 - 07:36 PM

00dog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I'm back :D

Once again we've made significant improvement. :(

I disabled the Windows Media Player Network Sharing, and that probably helped.

The main improvement, this time, came when I followed your advice and uninstalled microsoft security essential. Upon starting the computer MSE seemed to be using a lot of resources, and really slowing things down (my "activity" light was staying green for a long time. When I disabled MSE, the progams responded in a timely manner; without disabling MSE I would have to wait for 30 minutes or so for things to be functional.

I'm now using Avast and SuperAntiSpyware; I plan on adding a firewall before long. When I restart now, I can use my computer in a reasonable time.

After following your instructions the cd/dvd drive works fine.

I'm going to let my daughter (an adult) try this for a while before making a decision regarding adding memory. Are the memory slots difficult to access on laptops? How would I determine what/how much memory to get? But, I can always look into that later, if I decide to add memory.

I don't know if there's much left that we can do to improve things, but if you know of anything let me know.

Bottom line, the laptop seems to be in pretty good working order! It has gone from being unuseable to doing what it is supposed to do!!!

Thanks for all your help. ;) ;) ;)

00dog


OTL log:

OTL logfile created on: 9/18/2010 8:05:29 PM - Run 5
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Default\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 212.00 Mb Available Physical Memory | 47.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 29.92 Gb Free Space | 53.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Default
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Win32 Services (All) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/12 15:13:51 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/22 15:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/05/21 23:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/21 23:09:24 | 000,660,992 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2009/05/21 23:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/12/03 21:05:42 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/12/03 21:05:32 | 000,044,544 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/07/29 22:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 20:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 12:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 12:16:40 | 000,034,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/07 15:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) Network Location Awareness (NLA)
SRV - [2008/04/13 19:12:40 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 19:12:38 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2008/04/13 19:12:35 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2008/04/13 19:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008/04/13 19:12:33 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 19:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 19:12:27 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2008/04/13 19:12:25 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008/04/13 19:12:24 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 19:12:21 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\fxssvc.exe -- (Fax)
SRV - [2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2008/04/13 19:12:14 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/13 19:12:14 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2008/04/13 19:12:08 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2008/04/13 19:12:08 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2008/04/13 19:12:08 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 19:12:07 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2008/04/13 19:12:07 | 000,090,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks)
SRV - [2008/04/13 19:12:07 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 19:12:05 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/13 19:12:03 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qagentrt.dll -- (napagent)
SRV - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 19:12:02 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/04/13 19:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 19:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 19:11:56 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\kmsvc.dll -- (hkmsvc)
SRV - [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - [2008/04/13 19:11:53 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 19:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 19:11:50 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 19:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2006/10/18 22:47:16 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2006/10/18 21:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/09/28 19:56:14 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc)
SRV - [2005/09/21 15:29:56 | 000,323,584 | ---- | M] (Apple Computer, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2005/04/04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/11/11 18:55:50 | 000,425,984 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/05/24 13:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2004/05/13 13:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2004/04/09 19:54:44 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/03/04 18:41:08 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/07/28 14:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/05/23 15:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2003/03/31 07:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)


========== Custom Scans ==========


< LEXPPS.EXE /RS >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center >
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile >
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
< End of report >


Fixed3 log:

All processes killed
========== OTL ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\\UpperFilters deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\\LowerFilters deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 117176270 bytes
->Temporary Internet Files folder emptied: 19236526 bytes
->Java cache emptied: 135204 bytes
->Flash cache emptied: 1103 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 25264 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

User: Sippy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 596363 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 7453784 bytes

Total Files Cleaned = 138.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner

User: Sippy

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.9.1 log created on 09182010_210502

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\TMP0000000103FA45F70627C330 not found!

Registry entries deleted on Reboot...
  • 0

Advertisements

#26
krazzdav
Posted 22 September 2010 - 02:29 PM

krazzdav

    Member

  • Member
  • PipPipPip
  • 505 posts

Once again we've made significant improvement.

Now this is what we were looking for :D

The main improvement, this time, came when I followed your advice and uninstalled microsoft security essential. Upon starting the computer MSE seemed to be using a lot of resources, and really slowing things down (my "activity" light was staying green for a long time. When I disabled MSE, the progams responded in a timely manner; without disabling MSE I would have to wait for 30 minutes or so for things to be functional.

I just need to clarify--did you UNINSTALL MSE or just DISABLE MSE? If you aren't going to use it go ahead and uninstall it. (you can always reinstall it later) There are still some things from MSE running in the latest log so am thinking that you uninstalled/disabled it after the scans.

I plan on adding a firewall before long

For most users the default Windows Firewall is acceptable for basic security, but if you would like a more in-depth firewall with more features I would recommend these--
Click Here for Comodo Personal Firewall -- I personally use this one
Click Here for Sunbelt Personal Firewall

After following your instructions the cd/dvd drive works fine.

This also is good news! ;)

Are the memory slots difficult to access on laptops?

From what I have experienced the memory is really easy to change/add. :) On the bottom of the laptop usually around the center you should find a plate with one screw holding it down--delow this is the memory chips.

How would I determine what/how much memory to get?

If you give me the model of your laptop I can research this for you and see what you are able to upgrade to. :) We definitely made a big difference in your memory useage though--initially you had 0% free and now you are up to almost 50% free! :)

I don't know if there's much left that we can do to improve things, but if you know of anything let me know.

There isn't much else you can disable but if you wanted to disable Toshiba Config Free, Kodak and HP digital imaging from running automatically you can do this also.

If you do want to disable these and can't find any setting in the particular program you can follow these steps and look for something that has those names or similar. (if you have any questions just ask) ;)

Open up Services from Control Panel, or type services.msc into the start menu search/run box.
Find the above mentioned programs in the list and double click it.
You will get a window like this below, change the Startup type: to Manual -- this will allow the service start again if needed but not all the time.
Posted Image


____________


In your next post just let me know any other questions, your laptop model, the link from the below program and one more OTL scan :(--after this I will give you recommendations on your memory and how to upgrade it. :) If you don't wan't to do this let me know--it's fine---but we need to do some house keeping for the tools we did run on your computer.


Step .One

Download and run the Crucial System Scanner from HERE

1. First, agree to the terms and conditions.
2. Click the "download the scanner" button, and choose "Save File" when prompted.
3. Save the file to your desktop, or anywhere you prefer.
4. Navigate to this saved CrucialScan.exe file and open. If you get a security warning, click "Run" to allow the download.
5. It will take several moments while your browser is updated with your scan results.

When your internet browswer opens with the results, please post the url link from the address bar at the top in your next reply. It will look like this--
http://www.crucial.com/systemscanner/viewscanbyid.aspx?id=C16895FE12D926C3


Step .Two

Posted Image
Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.


  • Then click the Quick Scan button at the top
  • Post the log it produces in your next reply.


;)
krazzdav
  • 0

#27
00dog
Posted 24 September 2010 - 09:46 AM

00dog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Again, just a quick note to let you know I'm still here. I will follow your latest instructions, but it may be just a few days. I'm pulling 15 hrs. at work today, and tomorrow I'll be out of town.

Hang with me.

Thanks.

00dog
  • 0

#28
krazzdav
Posted 24 September 2010 - 10:06 PM

krazzdav

    Member

  • Member
  • PipPipPip
  • 505 posts
:D thanks...I really appreciate you keeping me posted. Let me know if your daughter had any problems with it too when you are able to post back.

krazzdav
  • 0

#29
krazzdav
Posted 05 October 2010 - 12:33 AM

krazzdav

    Member

  • Member
  • PipPipPip
  • 505 posts
Hi 00dog,

Being as it has been more than a week since your last reply I need you to at least do some cleanup if you can follow this guide. :D


Congratulations! It appears that your logs are clean ;) If you have any further problems or questions feel free to start a new thread in the appropriate forum. ;)


Posted Image
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on the CleanUp button at the top
  • You will get a popup requesting to reboot the computer--click OK


____________

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply2. Turn ON System Restore.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.


____________


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • Keep Windows updated by regularly checking their website at: Windows Update
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Adobe Reader Download and install the latest version of Adobe Reader
  • Adobe Flash Player Download and install the latest version of Adobe Flash Player

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
    • Adblock Plus - this also blocks ads and popups
  • Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
    Here

  • Also read Rorshach's guide on how to prevent malware and about safe computing Here

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

  • Auslogics Disc Defrag or MyDefrag - Two good disc defragmenters for you to choose from.
Thank you for your patience, and performing all of the procedures requested.

krazzdav ;)
  • 0

#30
Essexboy
Posted 11 October 2010 - 12:24 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP