Jump to content

whattodo

Honorary Members
  • Posts

    48
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Wow, thanks for these helpful links! The information on Windows Easy Transfer was very enlightening. I see now that I should have read all this before getting started with the new Win 7 laptop! I probably should have used Windows Easy Transfer. I have already downloaded Firefox on the laptop, and started setting it up for each user. I was hoping to figure out how to manually restore/merge Firefox add-on data, such as bookmarks and Zotero files (since I have never been successful with FEBE). But maybe I will try using MozBackup. (I think I did try to use this awhile back, and was unsuccessful -- or maybe it just confused me, I don't remember.) One problem I have is that my Zotero data file is so large. Does MozBack allow you to merge bookmark files and add-on files? Or will it just replace them? I was also going to manually restore selected data folders and files from XP backups to the laptop. But maybe I should go back to square 1 -- restore the laptop to its Day 1 configuration, then migrate info with Windows Easy Transfer. That way, maybe I could bring in my document files, and the Firefox data, and the mail data all at once. I'm not sure what would be easiest at this point... (With Windows Easy Transfer, if you copy ALL your data files, can you then restore selectively to the new computer?) I have been stuck on trying to figure out whether to use Windows Live Mail or Thunderbird. (I wish there was a way to try them simultaneously, without getting my mail all messed up.) I am now thinking it might be easiest to transfer my mail from Outlook Express (on the XP computer) to Windows Live Mail (on the Win 7 laptop), I guess using Windows Easy Transfer, if you can transfer mail only. And simultaneously, I would install WLM on the XP computer, after the clean re-install, so that I can (hopefully!) keep my mail files sync'd between the XP and Win7 computers. Then, if I decide I am not satisfied with WLM, I can go to Thunderbird from there. A big advantage of TB is that I could also use it on the Mac mini I've inherited, as well. This is the first time I've had more than 1 computer, so the whole sync'ing aspect has me a bit flummoxed. There are Word and txt documents to keep sync'd; there's mail, and there are Firefox bookmarks and Zotero data. And if I want to keep the Mac mini sync'd, too, it makes things more confusing, since MozBackup won't run on Mac, and neither can Windows Live Mail. Getting back to the DELL XP computer, I think it makes sense to use Windows Easy Transfer for the re-install. (I will be using this instead of Files and Settings Transfer Wizard, right? Not both?) I will run MSINFO32 first, as you suggested. And I will also run the upgrade advisor, to find out what hardware and programs won't be usable with the laptop. I will collect the HP drivers from HP, as you suggested. (It appears the scanner will not work with the Win7 laptop, by the way.) And I will download SP3 (I might already have a copy somewhere). I think I've been using Nero software (Smart Burn, I think) for burning, not Roxio. Nero seems good (and I can understand how to use it!), but I'm not sure if I have a copy of that disk somewhere. Else I can try ImgBurn -- looks like I'd be fine with that. Thanks for the fax links. (The article title is a bit misleading, tho, b/c most of these services aren't free after the trial period.) PamFax looks promising. (I hardly fax at all, so I need something without a monthly fee.) FaxZero might be good for sending, but you can't receive. ScanR is intriguing - but, um, not with my current phone and phone camera! - plus, their website won't load right now. PCmover looks good -- but I am not sure I want to try it. Although professional reviews are pretty favorable, user reviews on Amazon and elsewhere are mixed, at best. I didn't spend too much time reading carefully, b/c I think I'd rather try Windows ET, and re-install the applications myself. Whew, so much to remember to do!
  2. Sorry for taking so long to respond. I am out-of-town, and things have been hectic. I am tempted to go for the re-install -- but yes, I am scared! I have a recent backup made with GFI (but I will have to do a small incremental backup), as well as a recent image made with Macrium Reflect. (However, I haven't really tried to verify that these will work for a restore.) I have not tried to migrate my stuff to the new Win 7 laptop yet. The Dell's HD is bigger than the laptop's, so I'd like to be selective in what I migrate, but it will take time to sift thru the files. I am pretty sure I have all my docs, photos, etc, backed up. But I am not as sure about application settings. My Firefox bookmarks and Zotero files ARE backed up, and I would like to be able to restore the Firefox profiles of each user, but I have never successfully restored such data. (On the Mac mini, I just tried using FEBE to backup a Firefox profile, and then restore the profile to a new Firefox installation on a different user, but I was not successful.) And I also really do not want to go thru re-setting IE8 and Firefox for 4 user acct's again -- that took a very long time. I have various disks from Dell, that came with the computer (see list below). I see Word 2002, but I don't know where Outlook Express is. (I need it, unless I want to migrate to Windows Live Mail or Thunderbird.) I also need to find Classic PhoneTools, which I use for faxing. And who know what other applications I am forgetting about?! I would also like to make sure I can print and scan from the laptop before proceeding -- I haven't tried to set it up to do that yet. I won't be able to fax from it, tho, b/c it doesn't have a modem, so I need to make sure I have my fax application, Classic PhoneTools, to put back on the Dell after the re-install. Soooo... I might want to go for the clean install, but it might take me a bit of time to prepare. Do you think it I will be able to complete the clean install okay, or do you think I am not really well-prepared to do this successfully? My disks from Dell include: 1) Dell reinstallation CD -XP Pro SP1 2) Dell Dimension ResourceCD - includes drivers, diagnostics, and utilities (according to the label) 3) Driver and utilities for reinstalling the v.92/56K telephony data/fax/voice modem software (maybe this has Classic PhoneTools? I will browse it.) 4)SoundBlaster Live! disc 5) Power DVD Drive 6) Roxio Videowave/ Dell Movie Studio 7) MS Works Suite 2003 (includes Word 2002) 8) Dell 1703FP monitor documentation and drivers 9) Dell Application CD - for reinstalling Dell Tools System Software -- contains AV software, support software, multimedia software, internet software 10) Dell application CD for Reinstalling Roxio Easy CD Creator I also have disks with HP ScanJet 5370C and HP Photosmart D7560 software. Thanks!!
  3. Update -- I tried installing and uninstalling Ad-Aware, but it did NOT fix the pause in the boot-up sequence. Darn. It still pauses, and says "please select the OS to start: MS Windows Recovery Console, MS Windows XP Pro. It defaults to XP Pro, so I guess I can live with it, if I have to... But -- good news -- the hang when logging off a user seems to have disappeared.
  4. Hi -- I'm glad there is progress! And there have not been any more BSODs! (But the graphics card fan still sounds pretty lousy when starting up...) Regedit did find the string you provided. See the screenshot, pls. So I will wait on installing Norton IS 2011, until you tell me how to remove the old Norton toolbar. I don't know if this is a problem, but I never did complete steps 5, 6, and 7 from your Feb 12th post. I know we just addressed some of those issues, but are there any more steps I should go through? Or should I uninstall ComboFix now? Should I run mbam-clean.exe and install and a new MBAM version now? Should I scan with it? Remaining problems: I still have a hang-up when I try to log off any user, tho no problem if I switch users. And when I am booting, there is still a pause in the sequence. I will now try to install and uninstall the last version of Ad-Aware I had installed, b/c the latter might be associated with a bad uninstall. Java 6, Update 23 is still listed in Add/Remove Programs. But when I try to uninstall it, I get error msgs (see 2 screenshots, pls -- and the first error msg in a box labelled Java 6, Update 19), so there must be something wrong with it. And Jusched.exe keeps trying unsuccessfully to run. So should I try to download and re-install Java 6, 23 again, over what I have now? We never shut down the Nero Indexing Service. If you think I should, would you please tell me how? (I use Nero for burning, but not for backup.) Nero7 Essentials and neroxml are listed in Add/Remove Programs. When I used Regedit, it took quite awhile to search the Registry, which made me wonder -- would it be advisable to use CCleaner (or other) to clean the registry? I used to do that after every uninstall, but stopped b/c I read using registry cleaners was risky. I recently ran CCleaner to analyze the registry, and it found tons of problems. Would it be a good or bad idea to clean up? Lastly, if I can't get the log off and boot up problems resolved, is there a way to repair the system files? Or would it be worth doing a clean install (sorry, after all this work!)? Would a clean install be advisable anyway to improve performance, or would it not make much difference, now that we've shut down some background services? I am worried that it would be hard for me to pull my machine back together, b/c I don't have slipsteamed XP, only the Dell XP SP 1 disk. Also, I am not sure if I have copies on the Dell disks of Outlook Express, which I am still using happily (though possibly, ill-advisedly!). However, I may have to migrate my mail from Outlook Express to another progam anyway, b/c now that I got the laptop, I do not see how I will be able to keep my mail sync'd if I use two different programs -- this is my 1st laptop, and I'm not totally sure how to stay sync'd even when using the same program! I have been hesitant to migrate to either Thunderbird or Windows Live Mail b/c I read that neither gives you the ability to drag-and-drop to local folders, the way Outlook Express does, but I guess I will have to bite the bullet and make a choice... Regarding security software, is there anything else I should install, along with Norton, to keep secure? I know... we just got thru taking out a lot of antispyware programs! But in addition to MalwareBytes free, should I also have SpyBot Search and Destroy, or anything else, on-board for periodic scans? Also, do you think Iconix is a worthwhile add-on for email, tell help the user be sure the email is from the purported corporate sender? I still have it installed. Finally, when we are all done, I will need to undo the Defogger change. Thanks!!
  5. The 3 services were deleted successfully. Nothing happened when I tried to delete the driver. The logs are below/attached. Thank you! ************************************************************************ ************************ HJT log (hijactthis_3-11-11.log) ************ Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:39:13 PM, on 3/11/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Iconix\IconixService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Macrium\Reflect\ReflectService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Iconix\OEAddOn\OEdmn_6.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\Iconix\IEAddOn\IconixBHO_45.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [iconixOEAddOn] "C:\Program Files\Iconix\OEAddOn\OEdmn_6.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [GFI Backup 2009 - Home Edition] "C:\PROGRA~1\GFI\GFIBAC~1\GFIAgent.exe" O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing) O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_45.dll O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_45.dll O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_45.dll O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_45.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://onlinehelp.verizon.net O15 - Trusted Zone: http://download.windowsupdate.com O15 - Trusted Zone: http://*.windowsupdate.com O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: GFI Backup 2009 - Home Edition Attendant Service (GFIBckHAtt) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe O23 - Service: GFI Backup 2009 - Home Edition Scheduler Service (GFIBckHSched) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files\Common Files\Iconix\IconixService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe -- End of file - 8520 bytes ************************************************************************ ************************ DDS log (DDS_6.txt) ***************** DDS (Ver_10-12-12.02) - NTFSx86 Run by TheBoss at 19:46:25.12 on Fri 03/11/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.2112 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Common Files\Iconix\IconixService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Macrium\Reflect\ReflectService.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Iconix\OEAddOn\OEdmn_6.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\TheBoss\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = localhost;*.local uSearchURL,(Default) = hxxp://www.google.com BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: IconixBHOClass Class: {761233b6-f228-49e4-8f6b-668499d4e55a} - c:\program files\iconix\ieaddon\IconixBHO_45.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [GFI Backup 2009 - Home Edition] "c:\progra~1\gfi\gfibac~1\GFIAgent.exe" mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [iconixOEAddOn] "c:\program files\iconix\oeaddon\OEdmn_6.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe StartupFolder: c:\docume~1\theboss\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE mPolicies-explorer: <NO NAME> = IE: &Google Search IE: &Translate English Word IE: Backward Links IE: Cached Snapshot of Page IE: Similar Pages IE: Translate Page into English IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - {73F7F495-A325-4C52-BE48-5F97FA511E89} - c:\program files\firetrust\sitehound\SiteHound.dll IE: {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - {44E212AB-13EA-4CA4-BE65-197FBA170412} - c:\program files\iconix\ieaddon\IconixBHO_45.dll IE: {BC3F6B6D-2E49-4603-B028-7411655713F3} - {0CC2F28D-D415-4FC6-A2E4-54B4D983609A} - c:\program files\iconix\ieaddon\IconixBHO_45.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\*.windowsupdate Trusted Zone: microsoft.com\update Trusted Zone: osha.gov\osharemote Trusted Zone: verizon.net\onlinehelp Trusted Zone: windowsupdate.com Trusted Zone: windowsupdate.com\download DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37878.4448611111 DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab Notify: AtiExtEvent - Ati2evxx.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\theboss\applic~1\mozilla\firefox\profiles\ebtxti7b.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll FF - plugin: c:\program files\mozilla firefox\plugins\npIconixProxy36.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPUploader.dll FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} FF - Ext: Firefox Showcase: {89506680-e3f4-484c-a2c0-ed711d481eda} - %profile%\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318} FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff ============= SERVICES / DRIVERS =============== R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2011-1-17 16024] R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~1\gfi\gfibac~1\GFIHInst.exe [2011-3-5 858480] R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~1\gfi\gfibac~1\GFIHSC~1.EXE [2011-3-5 2324848] R2 IconixService;Iconix Update Service;c:\program files\common files\iconix\IconixService.exe [2010-1-17 283992] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-2-12 10384] R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2011-1-17 220824] S2 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2011-2-28 401920] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 METROP;Hewlett-Packard ScanJet 5300C/5370C;c:\windows\system32\drivers\hp53pw2k.sys [2003-9-14 131712] S3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys --> c:\windows\system32\drivers\net6im51.sys [?] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2010-12-21 987704] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] =============== Created Last 30 ================ 2011-03-12 00:37:20 388096 ----a-r- c:\docume~1\theboss\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-03-05 16:39:39 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys 2011-03-05 16:39:27 -------- d-----w- c:\program files\TrueCrypt 2011-03-05 16:20:20 163696 ----a-w- c:\windows\GFIBckHUnwise.EXE 2011-03-05 16:20:20 -------- d-----w- c:\program files\GFI 2011-03-03 05:01:15 -------- d-----w- c:\program files\Macrium 2011-03-01 01:27:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Amazon 2011-02-23 23:16:22 -------- d-----w- c:\program files\Amazon 2011-02-19 22:29:58 -------- d-----w- c:\program files\SyncToy 2.1 2011-02-12 22:02:01 -------- d-sh--w- c:\documents and settings\theboss\IECompatCache 2011-02-12 15:35:48 215920 ----a-w- c:\windows\system32\muweb.dll 2011-02-12 05:04:32 -------- d-----w- c:\program files\Speccy ==================== Find3M ==================== 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec 2001-05-24 17:59:30 162304 ------w- c:\program files\UNWISE.EXE ============= FINISH: 19:47:57.92 =============== Attach_6.zip
  6. Hi -- thanks for looking at the logs. The Amazon Downloader is there so that I can download Norton IS 2011. I've paid for it, but didn't want to download it yet, because it seems to install as you download, and you had asked me to remove AV and FW. I am just letting it load at startup until I get Norton installed, then I will tell it not to. (I once tried telling it not to load at startup, but then it seemed all messed up when I wanted to try to use it, so I am just leaving it alone.) (By the way, I put Norton IS on the new laptop - it seems good!) The AntiVir and Kaspersky remnants should get cleaned. I do use the HP ScanJet. Zone Alarm should be removed. Creative Service for CD ROM Access -- I think this came on my computer (it's XP Pro, but over 10 yrs old!) -- I would be a little nervous about removing it, in case I then can't access the CD ROM drive... If you are sure it is unnecessary, I can remove it. The Norton AV remnant should be removed. Thanks!
  7. Ok, here are the DDS logs. (Of the steps on the Feb 12th list, I have completed Steps 1-3 and attempted Step 4, so Avast AV and Comodo FW have been uninstalled (I have the Windows FW on)). I still need to uninstall WinPatrol, which I will do next. Just wanted to mention that I have not been experiencing any BSODs for awhile now (altho I haven't used the computer much the last few days bc it doesn't have AV). The BSODs stopped before uninstalling AV and FW; I am not sure why they stopped. The computer still hangs if I log off a user, although user switching is completely normal. And there is still a pause in the boot process. I have a hunch that this last problem was caused by an incomplete uninstall of Ad-Aware. I am including a screenshot taken right after the Ad-Aware uninstall -- before my 1st post to this forum -- showing a Windows Defender alert I may have responded to inappropriately -- I believe I denied the change. I would be curious to see what would happen if I re-installed the same version of Ad-Aware, and then uninstalled it completely. ************************************************************** ------------------------------------ DDS_5.txt ---------------------------- ************************************************************** DDS (Ver_10-12-12.02) - NTFSx86 Run by TheBoss at 0:34:40.54 on Tue 03/08/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.2126 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\ati2sgag.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Common Files\Iconix\IconixService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Macrium\Reflect\ReflectService.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Iconix\OEAddOn\OEdmn_6.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\GFI\GFIBAC~1\GFIAgent.exe C:\Documents and Settings\TheBoss\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = localhost;*.local uSearchURL,(Default) = hxxp://www.google.com BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: IconixBHOClass Class: {761233b6-f228-49e4-8f6b-668499d4e55a} - c:\program files\iconix\ieaddon\IconixBHO_45.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [GFI Backup 2009 - Home Edition] "c:\progra~1\gfi\gfibac~1\GFIAgent.exe" mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [iconixOEAddOn] "c:\program files\iconix\oeaddon\OEdmn_6.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe StartupFolder: c:\docume~1\theboss\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE mPolicies-explorer: <NO NAME> = IE: &Google Search IE: &Translate English Word IE: Backward Links IE: Cached Snapshot of Page IE: Similar Pages IE: Translate Page into English IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - {73F7F495-A325-4C52-BE48-5F97FA511E89} - c:\program files\firetrust\sitehound\SiteHound.dll IE: {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - {44E212AB-13EA-4CA4-BE65-197FBA170412} - c:\program files\iconix\ieaddon\IconixBHO_45.dll IE: {BC3F6B6D-2E49-4603-B028-7411655713F3} - {0CC2F28D-D415-4FC6-A2E4-54B4D983609A} - c:\program files\iconix\ieaddon\IconixBHO_45.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\*.windowsupdate Trusted Zone: microsoft.com\update Trusted Zone: osha.gov\osharemote Trusted Zone: verizon.net\onlinehelp Trusted Zone: windowsupdate.com Trusted Zone: windowsupdate.com\download DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37878.4448611111 DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab Notify: AtiExtEvent - Ati2evxx.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\theboss\applic~1\mozilla\firefox\profiles\ebtxti7b.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll FF - plugin: c:\program files\mozilla firefox\plugins\npIconixProxy36.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPUploader.dll FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} FF - Ext: Firefox Showcase: {89506680-e3f4-484c-a2c0-ed711d481eda} - %profile%\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318} FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff ============= SERVICES / DRIVERS =============== R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2011-1-17 16024] R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~1\gfi\gfibac~1\GFIHInst.exe [2011-3-5 858480] R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~1\gfi\gfibac~1\GFIHSC~1.EXE [2011-3-5 2324848] R2 IconixService;Iconix Update Service;c:\program files\common files\iconix\IconixService.exe [2010-1-17 283992] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-2-12 10384] R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2011-1-17 220824] S?2 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2011-2-28 401920] S?2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 AntiVirService;AntiVir Service;"c:\program files\avpersonal\avguard.exe" --> c:\program files\avpersonal\AVGUARD.EXE [?] S3 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-1-27 194320] S3 METROP;Hewlett-Packard ScanJet 5300C/5370C;c:\windows\system32\drivers\hp53pw2k.sys [2003-9-14 131712] S3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys --> c:\windows\system32\drivers\net6im51.sys [?] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2010-12-21 987704] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 vsdatant;vsdatant; [x] =============== Created Last 30 ================ 2011-03-05 16:39:39 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys 2011-03-05 16:39:27 -------- d-----w- c:\program files\TrueCrypt 2011-03-05 16:20:20 163696 ----a-w- c:\windows\GFIBckHUnwise.EXE 2011-03-05 16:20:20 -------- d-----w- c:\program files\GFI 2011-03-03 05:01:15 -------- d-----w- c:\program files\Macrium 2011-03-01 01:27:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Amazon 2011-02-23 23:16:22 -------- d-----w- c:\program files\Amazon 2011-02-19 22:29:58 -------- d-----w- c:\program files\SyncToy 2.1 2011-02-12 22:02:01 -------- d-sh--w- c:\documents and settings\theboss\IECompatCache 2011-02-12 15:35:48 215920 ----a-w- c:\windows\system32\muweb.dll 2011-02-12 05:04:32 -------- d-----w- c:\program files\Speccy 2011-02-11 19:47:03 388096 ----a-r- c:\docume~1\theboss\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-02-08 21:32:34 89088 ----a-w- c:\windows\MBR.exe 2011-02-08 21:32:34 256512 ----a-w- c:\windows\PEV.exe 2011-02-08 01:02:05 -------- d-----w- c:\docume~1\theboss\locals~1\applic~1\Temp ==================== Find3M ==================== 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2001-05-24 17:59:30 162304 ------w- c:\program files\UNWISE.EXE ============= FINISH: 0:36:26.39 =============== Attach_5.zip
  8. Hi -- I'm a little lost as to where we are in this process... Should I run the DDS logs now, or proceed as best I can thru Steps 1-8 of your Feb 12th post, and THEN run DDS and post the logs? Thank you.
  9. Hi -- I am now proceeding with Steps 2-8, as listed in your post of Feb 12. (Step 1 - securing browser - was already accomplished.) In Step 4, I ran into some problems. Java Auto Updater, WebReg, and Windows Defender Signatures were not listed in Add/Remove Programs (though jusched.exe still continues to try to run periodically, and fails) And my attempt to remove Jave 6, Update 23, failed. I got an error message, in a box labeled Java 6, Update 19, that said "Internal Error 2753.regutils.dll," and when I click "ok", I get the msg: "Fatal error in installation." I would proceed to Step 5, but I am not sure if I should still delete the JavaQuickStartService. Also, in Step 5, I am not sure if I am supposed to use HJT to delete the Nero services. And I see that Step 6 also involves removing some Java console items. So I think I'd better wait for further instructions from you. (However, I cannot really use the computer in the interim, b/c it has no AV...) Thank you.
  10. Hi -- I will post back with the logs this wkend. (I have used Macrium Reflect to image my Dell.) Thanks for your patience.
  11. Just to let you know -- I bought a laptop, but am still struggling with getting it set up to safely connect to Internet. Need to remove trial version of Norton IS, and install the version I purchased from Amazon, which I am still having trouble downloading... (And I got sidetracked by reading about how to use Wi-Fi safely -- am thinking of buying IronKey Personal S200, b/c I don't think I can figure out VPN otherwise.) And I have a new E3000 router to set up, but I might wait on that and just plug in with Ethernet to my old Linksys router for now when I'm using it from home -- but I am not sure I even know how to do that... So as soon as I have an alternative way of accessing the web, I will pick up on this again. Sorry...
  12. Regarding data backup -- any thought as to whether I should get something that runs continuously in background (eg, WD My Book Essentials)? I read http://www.pcworld.com/article/170688-8/7_backup_strategies_for_your_data_multimedia_and_system_files.html, but still didn't come to any firm conclusion on this. Thank you.
  13. Thank you -- these guides look very helpful!
  14. Hi -- Thanks for checking in. I am still working on this, but I had to take a break b/c I (and other family members) have needed the computer for work. Also, I have been busy researching a laptop computer, which I hope to buy in the next few days, and also buying accessories for the Mac mini, so that I can get it hooked up. So soon I should have another computer to rely on while I proceed with fixing this one. I will be out of town for a few days, so I might not post back until early next week. The BSOD's continue intermittently. There is a new one I have seen 2ce now, something to do with ks.sys. I will write down error msg and post it. Thanks for checking in. Be back soon.
  15. Hi, again -- I am trying to use Macrium Reflect and SyncToy to make backups. In Macrium Reflect, I noticed something that seemed odd to me -- pls see my screenshot. The primary partition appears to be completely full. Isn't the primary partition where system files like the MBR are stored? So then I looked at a Bleeping Computer tutorial about disk partitions, and followed the instructions to use Control Panel to get to the Disk Management pane. This seemed to show that the 31 MB partition was completely empty! (See screenshot.) Or am I mis-interpreting all this? In any case, it was marked "healthy", for what that's worth... Also, do these results have anything to do with the Drive Diagnosics results I posted in #47, above? Regarding backing up, I am still a bit confused about the best way to back up completely. I am planning to use SyncToy to make a copy of C:\Documents and Settings -- but this will take a long time (the 1st time), b/c it's about 82 GB (about 46 GB are photos). I am sure a lot of the info being copied probably isn't needed, and I'm not sure I am getting all the needed info... (I also have SyncBack on my computer -- I wonder if one is faster than the other?) I am also going to try to use Macrium Reflect to image the drive -- though I am not sure this is a good approach if the system files may be damaged... I haven't done that before, so I don't know if it will work. I created a boot CD via Macrium -- but I wasn't sure how to do the BartPE thing -- I've struggled with it in the past, and was not sure I did it successfully. So this time I just made a Linux CD, but I realize it may not work. But I also have rescue CDs (also Linux-based) made from AVG and Antivir's websites, so hopefully one will work, if needed! Please let me know if you have any thoughts about the possible fullness of the primary partition. Thank you. PS -- Would it be safe to defrag my hard drive? Should I use the built-in Windows defragger? (I uninstalled Smart Defrag.)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.