Dodni
Honorary Members-
Posts
59 -
Joined
-
Last visited
Reputation
0 Neutral-
Can someone kill this post; it is a mistaken dupe and MrC has resolved my issue in the other thread. Thanks again for the assistance!!! -- Dondi
-
I tried MSCONFIG from the START >> RUN and then went to the STARTUP tab and saw the startup items. I had disable a dupe of ATI and another one that I didn't need to run on startup. I also tried a program I got indirectly from one of your maintenance tip links STARTUP LITE that looks at the startup items and disables unused ones. I will try the program you suggested above to see if I get better results.
-
Ok, MrC..... I think the PC is doing well, I don't want to keep you from assisting other people who need help. I still have to END PROCESS for explorer.exe once I boot into Windows and then restart explorer as a new task to get my icons in the systray to appear; I routinely only get MBAM, ATI Catalyst Control Center icon & Network icons to appear in the systray upon initial start of windows. After killing explorer & restarting, I get all to appear except 2 that I know of; Extender resource monitor & Apple Airport extreme manager. Any suggestions and what I could try? I have rebooted many many times, to no avail. Other than that, I think the PC is running well & I thank you immensely for your assistance!! Thanks MrC!!
-
hmmm this one not looking too gooed either.... http://www.virustotal.com/file-scan/report.html?id=5a6c11317def14b8c34a8c669eb75f7a8d46f05090c43d3dff602cfa13cc504e-1326125621 1 VT Community user(s) with a total of 3091 reputation credit(s) say(s) this sample is goodware. 2 VT Community user(s) with a total of 2 reputation credit(s) say(s) this sample is malware.
-
There are 2 restore points; one created yesterday by OTL at 4:39pm (RP0) and another created at 1:38 this morning (RP1); (I wasn't actively using the PC at 1:38 this morning) Here is the log from SystemLook SystemLook 30.07.11 by jpshortstuff Log created at 10:23 on 09/01/2012 by Administrator Administrator - Elevation successful ========== filefind ========== Searching for "ipsec.sys" C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys -----c- 74752 bytes [23:55 16/08/2009] [12:00 10/08/2004] 64537AA5C003A6AFEEE1DF819062D0D1 C:\WINDOWS\ERDNT\cache\ipsec.sys --a---- 75264 bytes [15:30 05/01/2012] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91 C:\WINDOWS\ServicePackFiles\i386\ipsec.sys ------- 75264 bytes [23:48 16/08/2009] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91 C:\WINDOWS\system32\dllcache\ipsec.sys --a--c- 75264 bytes [15:46 15/11/2008] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91 C:\WINDOWS\system32\drivers\ipsec.sys --a---- 75264 bytes [15:46 15/11/2008] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91 -= EOF =-
-
Ok, probably my fault that OTL has issues; I had to go back in and turn off real-time protection on the apps that were running. The last try yielded a log: All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 5318 bytes ->Temporary Internet Files folder emptied: 1069650 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 56077401 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 456 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Dondi ->Temp folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 65716 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: MCX3 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 405 bytes User: MCX4 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: NetworkService ->Temp folder emptied: 163966 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 51076 bytes ->Flash cache emptied: 58938 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1245096 bytes %systemroot%\System32 .tmp files removed: 328398 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 67517 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 373526 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 57.00 mb Restore points cleared and new OTL Restore Point set! Error starting restore point: System Restore is disabled. Error closing restore point: System Restore is disabled. OTL by OldTimer - Version 3.2.31.0 log created on 01082012_150049 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_d88.dat not found! File\Folder C:\WINDOWS\temp\Perflib_Perfdata_e70.dat not found! Registry entries deleted on Reboot...
-
Ok, I changed the curly brace to a bracket and ran another RUN FIX with OTL just after my last post (~1hr ago).... OTL is still "running" at the same spot KILLING PROCESS DO NOT INTERRUPT I think we may be miscommunicating regarding the ipsec.sys because of the way I formatted my own log from the MSE scan: Virus:Win32/Sirefef.N (ALL DISINFECTED) file:C:\System Volume Information\_restore{7D16AC66-F68E-485C-93DB-231595C53BA9}\RP994\A0162931.sys driver:IPSec file:C:\WINDOWS\system32\drivers\ipsec.sys These are 2 separate entries in the MSE scan log. I went into each entry individually and copy/pasted the file/info section on the bottom portion of the properties of each entry. So, the Sirefef.N had 2 entries: This was the first one: file:C:\System Volume Information\_restore{7D16AC66-F68E-485C-93DB-231595C53BA9}\RP994\A0162931.sys ...and this was the second one. This was the one that had me concerned because we used a Combofix script to fix ipsec.sys in our earlier steps driver:IPSec file:C:\WINDOWS\system32\drivers\ipsec.sys