Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - anotherep

Pages: [1]

Tech Clinic / No Task Manager and programs freezing

« on: December 23, 2005, 03:31:50 PM »

For each of the entries access was denied when I tried to delete them. After the access denied window came up I checked the security settings and the Read and Full Control boxes had been unchecked even though I had just checked them

Tech Clinic / No Task Manager and programs freezing

« on: December 20, 2005, 11:28:55 AM »

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "schedul3.exe" 12/20/2005 11:28:25 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SCHEDUL3.EXE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SCHEDUL3.EXE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SCHEDUL3.EXE\0000]
"Service"="schedul3.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SCHEDUL3.EXE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SCHEDUL3.EXE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SCHEDUL3.EXE\0000]
"Service"="schedul3.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SCHEDUL3.EXE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SCHEDUL3.EXE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SCHEDUL3.EXE\0000]
"Service"="schedul3.exe"

[HKEY_USERS\S-1-5-21-606747145-1677128483-1343024091-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="schedul3.exe"

Tech Clinic / No Task Manager and programs freezing

« on: December 16, 2005, 01:58:12 AM »

Oops sorry

----
SpySweeper
----
********
1:20 AM: | Start of Session, Friday, December 16, 2005 |
1:20 AM: Spy Sweeper started
1:20 AM: Sweep initiated using definitions version 584
1:20 AM: Starting Memory Sweep
1:24 AM: Memory Sweep Complete, Elapsed Time: 00:04:11
1:24 AM: Starting Registry Sweep
1:25 AM: Registry Sweep Complete, Elapsed Time:00:00:08
1:25 AM: Starting Cookie Sweep
1:25 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:25 AM: Starting File Sweep
1:56 AM: File Sweep Complete, Elapsed Time: 00:31:46
1:56 AM: Full Sweep has completed. Elapsed time 00:36:11
1:56 AM: Traces Found: 0
********
9:42 AM: | Start of Session, Tuesday, December 13, 2005 |
9:42 AM: Spy Sweeper started
9:42 AM: Sweep initiated using definitions version 582
9:42 AM: Starting Memory Sweep
9:44 AM: Memory Sweep Complete, Elapsed Time: 00:01:32
9:44 AM: Starting Registry Sweep
9:44 AM: Registry Sweep Complete, Elapsed Time:00:00:06
9:44 AM: Starting Cookie Sweep
9:44 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:44 AM: Starting File Sweep
9:47 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
9:57 AM: Warning: Unhandled Archive Type
9:58 AM: File Sweep Complete, Elapsed Time: 00:13:35
9:58 AM: Full Sweep has completed. Elapsed time 00:15:16
9:58 AM: Traces Found: 0
2:49 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
2:49 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
2:50 PM: Processing Startup Alerts
2:50 PM: Allowed Startup entry: vptray
2:50 PM: Allowed Startup entry: ccApp
2:50 PM: Processing Internet Explorer Favorites Alerts
2:50 PM: Removed IE Favorite: Windows Marketplace
2:51 PM: Processing Startup Alerts
2:51 PM: Removed Startup entry: wextract_cleanup0
2:56 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
3:03 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:16 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:16 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
9:45 PM: BHO Shield: found: -- BHO installation allowed at user request
9:45 PM: Processing Startup Alerts
9:45 PM: Allowed Startup entry: AIM
9:45 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
3:57 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
11:42 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
2:47 PM: BHO Shield: found: ssv.dll-- BHO installation allowed at user request
2:47 PM: Processing Startup Alerts
2:47 PM: Allowed Startup entry: SunJavaUpdateSched
8:07 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
11:41 AM: Your spyware definitions have been updated.
12:37 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
4:18 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
12:37 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
12:43 AM: Processing Startup Alerts
12:43 AM: Allowed Startup entry: DVDLauncher
12:43 AM: Processing Startup Alerts
12:43 AM: Allowed Startup entry: MSMSGS
12:46 AM: Processing Startup Alerts
12:46 AM: Allowed Startup entry: PCMService
********
7:07 PM: | Start of Session, Sunday, December 11, 2005 |
7:07 PM: Spy Sweeper started
7:07 PM: Sweep initiated using definitions version 582
7:07 PM: Starting Memory Sweep
7:10 PM: Memory Sweep Complete, Elapsed Time: 00:02:44
7:10 PM: Starting Registry Sweep
7:10 PM: Starting Cookie Sweep
7:10 PM: Registry Sweep Complete, Elapsed Time:00:00:00
7:10 PM: Cookie Sweep Complete, Elapsed Time: 00:00:05
7:10 PM: Starting File Sweep
7:20 PM: File Sweep Complete, Elapsed Time: 00:10:31
7:20 PM: Full Sweep has completed. Elapsed time 00:13:22
7:20 PM: Traces Found: 0
7:41 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
8:45 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
1:28 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
9:41 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
9:41 AM: IE Tracking Cookies Shield: Removed advertising cookie
9:41 AM: IE Tracking Cookies Shield: Removed atlas dmt cookie
9:41 AM: IE Tracking Cookies Shield: Removed atwola cookie
9:41 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
9:42 AM: | End of Session, Tuesday, December 13, 2005 |
********
6:02 PM: | Start of Session, Sunday, December 11, 2005 |
6:02 PM: Spy Sweeper started
6:03 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:03 PM: IE Tracking Cookies Shield: Removed advertising cookie
6:03 PM: IE Tracking Cookies Shield: Removed atlas dmt cookie
6:03 PM: IE Tracking Cookies Shield: Removed atwola cookie

----
RegEdit
----
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "schedul3.exe" 12/16/2005 1:50:06 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SCHEDUL3.EXE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SCHEDUL3.EXE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SCHEDUL3.EXE\0000]
"Service"="schedul3.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\schedul3.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\schedul3.exe\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\schedul3.exe\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\schedul3.exe\Enum]
"0"="Root\\LEGACY_SCHEDUL3.EXE\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SCHEDUL3.EXE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SCHEDUL3.EXE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SCHEDUL3.EXE\0000]
"Service"="schedul3.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\schedul3.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\schedul3.exe\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SCHEDUL3.EXE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SCHEDUL3.EXE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SCHEDUL3.EXE\0000]
"Service"="schedul3.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\schedul3.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\schedul3.exe\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\schedul3.exe\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\schedul3.exe\Enum]
"0"="Root\\LEGACY_SCHEDUL3.EXE\\0000"

[HKEY_USERS\S-1-5-21-606747145-1677128483-1343024091-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="schedul3.exe"

Tech Clinic / No Task Manager and programs freezing

« on: December 15, 2005, 04:44:27 PM »

Everything seems to be working fine now. Thanks!!

Tech Clinic / No Task Manager and programs freezing

« on: December 12, 2005, 01:15:04 PM »

Hey thanks again. Here are the logs

------
Hijack This
------
Logfile of HijackThis v1.99.1
Scan saved at 1:13:19 PM, on 12/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\1XConfig.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Documents and Settings\Ben\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134348118853
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134348101068
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

--------
Ewidos
--------
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         1:08:45 PM, 12/12/2005
+ Report-Checksum:      FAA190E9

+ Scan result:

   HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
   :mozilla.13:C:\Documents and Settings\Administrator 2\Application Data\Mozilla\Firefox\Profiles\7fs8q3p6.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.14:C:\Documents and Settings\Administrator 2\Application Data\Mozilla\Firefox\Profiles\7fs8q3p6.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
   :mozilla.9:C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\pznb2pyo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.10:C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\pznb2pyo.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
   :mozilla.15:C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\pznb2pyo.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.22:C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\pznb2pyo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.23:C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\pznb2pyo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.24:C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\pznb2pyo.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   C:\System Volume Information\_restore{0CC2BDE3-5767-403E-971A-6867C0AC8F92}\RP12\A0002032.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{0CC2BDE3-5767-403E-971A-6867C0AC8F92}\RP12\A0002041.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{0CC2BDE3-5767-403E-971A-6867C0AC8F92}\RP13\A0003041.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{0CC2BDE3-5767-403E-971A-6867C0AC8F92}\RP13\A0004041.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{0CC2BDE3-5767-403E-971A-6867C0AC8F92}\RP13\A0005041.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{0CC2BDE3-5767-403E-971A-6867C0AC8F92}\RP13\A0006053.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{0CC2BDE3-5767-403E-971A-6867C0AC8F92}\RP13\A0006060.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{0CC2BDE3-5767-403E-971A-6867C0AC8F92}\RP13\A0006069.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{0CC2BDE3-5767-403E-971A-6867C0AC8F92}\RP4\A0000403.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{0CC2BDE3-5767-403E-971A-6867C0AC8F92}\RP4\A0000410.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{0CC2BDE3-5767-403E-971A-6867C0AC8F92}\RP4\A0000420.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{0CC2BDE3-5767-403E-971A-6867C0AC8F92}\RP4\A0000431.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{5BE6A2D1-729F-441F-876D-60CF01EB970E}\RP31\A0009407.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{5BE6A2D1-729F-441F-876D-60CF01EB970E}\RP31\A0009476.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{5BE6A2D1-729F-441F-876D-60CF01EB970E}\RP32\A0010478.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{5BE6A2D1-729F-441F-876D-60CF01EB970E}\RP32\A0010515.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{5BE6A2D1-729F-441F-876D-60CF01EB970E}\RP32\A0010567.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{5BE6A2D1-729F-441F-876D-60CF01EB970E}\RP32\A0010753.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{5BE6A2D1-729F-441F-876D-60CF01EB970E}\RP32\A0010770.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{5BE6A2D1-729F-441F-876D-60CF01EB970E}\RP33\A0011769.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{5BE6A2D1-729F-441F-876D-60CF01EB970E}\RP33\A0011809.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{5BE6A2D1-729F-441F-876D-60CF01EB970E}\RP33\A0011827.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{5BE6A2D1-729F-441F-876D-60CF01EB970E}\RP33\A0012829.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{5BE6A2D1-729F-441F-876D-60CF01EB970E}\RP36\A0014828.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{5BE6A2D1-729F-441F-876D-60CF01EB970E}\RP36\A0014834.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{5BE6A2D1-729F-441F-876D-60CF01EB970E}\RP36\A0015834.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{5BE6A2D1-729F-441F-876D-60CF01EB970E}\RP44\A0018859.sys -> Trojan.Rootkit.k : Cleaned with backup
   C:\System Volume Information\_restore{5BE6A2D1-729F-441F-876D-60CF01EB970E}\RP47\A0019761.exe -> Adware.SaveNow : Cleaned with backup
   C:\System Volume Information\_restore{5BE6A2D1-729F-441F-876D-60CF01EB970E}\RP47\A0020479.sys -> Trojan.Rootkit.k : Cleaned with backup

::Report End

-------
and rdriv.txt
-------

~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~

~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~

~~~~~~~~~~~~~ Post run File Check ~~~~~~~~~~~~~

~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~

rdriv.sys present!

~~~~~~~~~~~~~ Post run File Check ~~~~~~~~~~~~~

Tech Clinic / No Task Manager and programs freezing

« on: December 12, 2005, 01:16:19 AM »

Thanks for the help!

------------
WinPFind.txt
------------
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 7/16/2003 11:20:54 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 9/28/2005 4:29:14 PM 693248 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 9/28/2005 4:29:14 PM 693248 C:\WINDOWS\SYSTEM32\DivX.dll
Umonitor 7/16/2003 11:36:24 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 7/16/2003 11:44:22 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/12/2005 12:48:46 AM S 2048 C:\WINDOWS\bootstat.dat
12/11/2005 7:06:50 PM H 54156 C:\WINDOWS\QTFont.qfn
12/11/2005 4:19:14 PM RHS 199680 C:\WINDOWS\schedul3.exe
12/9/2005 9:58:42 PM RH 749 C:\WINDOWS\WindowsShell.Manifest
12/9/2005 9:58:52 PM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
12/9/2005 9:59:54 PM HS 67 C:\WINDOWS\Fonts\desktop.ini
12/11/2005 7:42:14 PM H 0 C:\WINDOWS\INF\oem8.inf
12/9/2005 9:58:52 PM H 65 C:\WINDOWS\occache\desktop.ini
12/9/2005 9:58:52 PM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
12/9/2005 9:59:26 PM RHS 727 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_1.cab
12/9/2005 9:59:26 PM RHS 19854 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_2.cab
12/9/2005 9:59:26 PM RHS 243124 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_3.cab
12/9/2005 10:05:08 PM H 229376 C:\WINDOWS\REPAIR\ntuser.dat
12/9/2005 9:58:42 PM RH 749 C:\WINDOWS\SYSTEM32\cdplayer.exe.manifest
12/9/2005 9:58:52 PM RH 488 C:\WINDOWS\SYSTEM32\logonui.exe.manifest
12/9/2005 9:58:42 PM RH 749 C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
12/9/2005 9:58:42 PM RH 749 C:\WINDOWS\SYSTEM32\nwc.cpl.manifest
12/9/2005 9:58:42 PM RH 749 C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
12/9/2005 9:58:52 PM RH 488 C:\WINDOWS\SYSTEM32\WindowsLogon.manifest
12/9/2005 9:58:42 PM RH 749 C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
12/12/2005 12:48:52 AM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\default.LOG
12/12/2005 12:52:38 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
12/12/2005 12:48:48 AM H 12288 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
12/12/2005 1:04:18 AM H 118784 C:\WINDOWS\SYSTEM32\CONFIG\software.LOG
12/12/2005 12:48:50 AM H 786432 C:\WINDOWS\SYSTEM32\CONFIG\system.LOG
12/9/2005 4:47:50 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\TempKey.LOG
12/9/2005 4:47:54 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\userdiff.LOG
12/11/2005 2:44:00 PM H 0 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\ntuser.dat.LOG
12/9/2005 4:49:30 PM HS 62 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\desktop.ini
12/9/2005 4:49:30 PM HS 62 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\desktop.ini
12/9/2005 9:59:28 PM HS 113 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\desktop.ini
12/9/2005 9:59:28 PM HS 113 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\desktop.ini
12/9/2005 9:59:28 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
12/9/2005 9:59:28 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
12/9/2005 9:59:28 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLMVG963\desktop.ini
12/9/2005 9:59:28 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9EBGDUR\desktop.ini
12/9/2005 9:59:28 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WHUBO5IN\desktop.ini
12/9/2005 9:59:28 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YR47E94B\desktop.ini
12/9/2005 9:58:56 PM HS 181 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\SendTo\desktop.ini
12/9/2005 4:49:30 PM HS 62 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Start Menu\desktop.ini
12/9/2005 10:00:42 PM HS 206 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Start Menu\Programs\desktop.ini
12/9/2005 10:00:42 PM HS 482 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Start Menu\Programs\Accessories\desktop.ini
12/9/2005 10:00:42 PM HS 348 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
12/9/2005 10:00:42 PM HS 84 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
12/9/2005 10:00:42 PM HS 84 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Start Menu\Programs\Startup\desktop.ini
12/9/2005 10:12:52 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\a15380e3-025b-48e0-9119-fdaad678256f
12/9/2005 10:12:52 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
12/11/2005 7:42:22 PM RHS 13698 C:\WINDOWS\SYSTEM32\Restore\filelist.xml
12/12/2005 12:22:38 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 7/16/2003 11:17:46 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 7/16/2003 11:18:22 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 7/16/2003 11:20:52 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 7/16/2003 11:23:30 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 7/16/2003 11:24:46 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 7/16/2003 11:24:58 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 7/16/2003 11:25:34 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 7/16/2003 11:26:58 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 7/16/2003 11:28:32 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 7/16/2003 11:31:48 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 7/16/2003 11:33:56 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 1/8/2004 3:26:00 PM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 7/16/2003 11:34:02 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 7/16/2003 11:34:14 AM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 7/16/2003 11:35:32 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intel® Corporation 12/19/2003 12:39:16 PM 77824 C:\WINDOWS\SYSTEM32\PRAppltW.cpl
SigmaTel Inc. 10/29/2003 9:40:22 AM 102481 C:\WINDOWS\SYSTEM32\stac97.cpl
Microsoft Corporation 7/16/2003 11:41:20 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 7/16/2003 11:41:52 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 7/16/2003 11:42:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 7/16/2003 11:17:46 AM 66048 C:\WINDOWS\SYSTEM32\DLLCACHE\access.cpl
Microsoft Corporation 7/16/2003 11:18:22 AM 578560 C:\WINDOWS\SYSTEM32\DLLCACHE\appwiz.cpl
Microsoft Corporation 7/16/2003 11:20:52 AM 129024 C:\WINDOWS\SYSTEM32\DLLCACHE\desk.cpl
Microsoft Corporation 7/16/2003 11:23:30 AM 150016 C:\WINDOWS\SYSTEM32\DLLCACHE\hdwwiz.cpl
Microsoft Corporation 7/16/2003 11:24:46 AM 292352 C:\WINDOWS\SYSTEM32\DLLCACHE\inetcpl.cpl
Microsoft Corporation 7/16/2003 11:24:58 AM 121856 C:\WINDOWS\SYSTEM32\DLLCACHE\intl.cpl
Microsoft Corporation 7/16/2003 11:25:34 AM 65536 C:\WINDOWS\SYSTEM32\DLLCACHE\joy.cpl
Microsoft Corporation 7/16/2003 11:26:58 AM 187904 C:\WINDOWS\SYSTEM32\DLLCACHE\main.cpl
Microsoft Corporation 7/16/2003 11:28:32 AM 559616 C:\WINDOWS\SYSTEM32\DLLCACHE\mmsys.cpl
Microsoft Corporation 7/16/2003 11:31:48 AM 35840 C:\WINDOWS\SYSTEM32\DLLCACHE\ncpa.cpl
Microsoft Corporation 7/16/2003 11:33:56 AM 256000 C:\WINDOWS\SYSTEM32\DLLCACHE\nusrmgr.cpl
Microsoft Corporation 7/16/2003 11:34:02 AM 36864 C:\WINDOWS\SYSTEM32\DLLCACHE\nwc.cpl
Microsoft Corporation 7/16/2003 11:34:14 AM 36864 C:\WINDOWS\SYSTEM32\DLLCACHE\odbccp32.cpl
Microsoft Corporation 7/16/2003 11:35:32 AM 109056 C:\WINDOWS\SYSTEM32\DLLCACHE\powercfg.cpl
Microsoft Corporation 3/19/2004 5:42:22 PM 147456 C:\WINDOWS\SYSTEM32\DLLCACHE\sapi.cpl
Microsoft Corporation 7/16/2003 11:41:20 AM 268288 C:\WINDOWS\SYSTEM32\DLLCACHE\sysdm.cpl
Microsoft Corporation 7/16/2003 11:41:52 AM 28160 C:\WINDOWS\SYSTEM32\DLLCACHE\telephon.cpl
Microsoft Corporation 7/16/2003 11:42:00 AM 90112 C:\WINDOWS\SYSTEM32\DLLCACHE\timedate.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
12/11/2005 1:33:10 PM 1757 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
12/9/2005 10:00:42 PM HS 84 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
12/9/2005 4:49:30 PM HS 62 C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
12/11/2005 6:47:44 PM 1759 C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
12/9/2005 10:00:42 PM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
12/9/2005 4:49:30 PM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
   {BDA77241-42F6-11d0-85E2-00AA001FE28C}    = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
   {BDA77241-42F6-11d0-85E2-00AA001FE28C}    = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
   {7C9D5882-CB4A-4090-96C8-430BFE8B795B}    = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
    = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
   AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {8E718888-423F-11D2-876E-00A0C9082467}    = &Radio   : C:\WINDOWS\System32\msdxm.ocx
   {EF99BD32-C1FB-11D2-892F-0090271D4F88}    = Yahoo! Toolbar   : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
   ButtonText    = AIM   : C:\PROGRA~1\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
   ButtonText    = @shdoclc.dll,-866   :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
   Media Band = %SystemRoot%\System32\browseui.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   BCMSMMSG   BCMSMMSG.exe
   PRONoMgr.exe   c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
   NvCplDaemon   RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
   nwiz   nwiz.exe /installquiet
   iTunesHelper   "C:\Program Files\iTunes\iTunesHelper.exe"
   QuickTime Task   "C:\Program Files\QuickTime\qttask.exe" -atboottime
   SpySweeper   "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption
   legalnoticetext
   shutdownwithoutlogon   1
   undockwithoutlogon   1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   145

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder    {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
   CDBurn    {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
   WebCheck    {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
   SysTray     {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = C:\WINDOWS\system32\userinit.exe,
   Shell      = Explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
    =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring
    = c:\WINDOWS\System32\LgNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
    = WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 12/12/2005 1:11:21 AM

-----------
and HijackThis
-----------
Logfile of HijackThis v1.99.1
Scan saved at 1:15:47 AM, on 12/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Documents and Settings\Ben\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134348118853
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134348101068
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: scheduler (schedul3.exe) - Unknown owner - C:\WINDOWS\schedul3.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Tech Clinic / No Task Manager and programs freezing

« on: December 11, 2005, 07:59:44 PM »

Hi.
I've been having this problem for a while now. Not immediatly, but after a while using my computer, programs start freezing for no apparent reason such as when I try to open a file from the Firefox download manager or open something in any other program. When I try to look at the task manager, the icon for it shows up in the system tray, but the actual task manager never comes up. Please help.

Logfile of HijackThis v1.99.1
Scan saved at 7:53:09 PM, on 12/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Ben\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134348118853
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134348101068
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: scheduler (schedul3.exe) - Unknown owner - C:\WINDOWS\schedul3.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Thanks

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - anotherep

Tech Clinic / No Task Manager and programs freezing

Tech Clinic / No Task Manager and programs freezing

Tech Clinic / No Task Manager and programs freezing

Tech Clinic / No Task Manager and programs freezing

Tech Clinic / No Task Manager and programs freezing

Tech Clinic / No Task Manager and programs freezing

Tech Clinic / No Task Manager and programs freezing