Messages

1

Tech Clinic / Blue Screen of Death

« on: November 16, 2009, 09:01:56 AM »

[quote name=\'guestolo\' post=\'466242\' date=\'Nov 11 2009, 08:10 PM\']Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< and save it to your desktop.

• Double click on RSIT.exe to launch program.
  
  
• Click Continue at the disclaimer screen.
  
  
• Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  
  
• Once it has finished, two logs will open:  log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].
  

Can you post Both those logs please[/quote]



Here they are...

2

Tech Clinic / Blue Screen of Death

« on: November 11, 2009, 06:19:54 PM »

[quote name=\'guestolo\' post=\'466156\' date=\'Nov 7 2009, 02:09 PM\']Please check out this link and let me know if you have any luck with the black bars
http://www.hardwaresecrets.com/article/816[/quote]


Well, I followed their instructions, I guess all I can do is wait to see if they come back.  At least I know now that it does seem to be an issue with IE8.

As far as the bsod's:  After my last response stating that I finally got the correct chipset driver installed, the very next time I turned on the computer, I got the bsod again!  What I have done since is open the tower, blew out all the dust around the heatsink/fan and now just leave the thing running 24/7.  It only crashed when coming out of sleep mode or when turning on from complete "off".  And then just turning it on from the complete off rarely did it at all.  There is something that is causing conflict in my power management settings.  I always used to leave my old computer on 24/7 but the motherboard burned up on it...granted, I had never cleaned the guts of dust on that one so that could be the reason it burned up on me.  I've even heard horror stories of an insect getting inside and causing a short between two circuits, but that sounds like urban legend to me. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' />

Would still like to perform a scan of my computer that can tell me which drivers have no corresponding program/software/hardware so I can delete them from my system. Can you send the link for RSIT/HJT and take a quick look at the reg?  I've seen some other scanners that seem to go substantially further (the logs seem to be twice or three times as long as an RSIT log), but can't remember the name as it was just something I read in some forum during the hours of googling I had done.

3

Tech Clinic / Blue Screen of Death

« on: November 07, 2009, 02:38:56 PM »

[quote name=\'guestolo\' post=\'466153\' date=\'Nov 7 2009, 08:02 AM\']I linked you to Dell's website, did you go there
Choose your operating system and download/install Chipset driver?[/quote]

I guess the Dell website did not finish loading the page after I clicked my operating system before I scrolled down the list and clicked on the chipset driver download, which apparently overrode the page-loading of my operating system.  Haven't seen a page open that slowly in a long time.  So I finally got the drivers installed and restarted...without a bsod so far and now the yellow question mark is fianlly gone.  Thank you.

Now if somebody can tell me how to permanently fix the black menu bar situation.  In fact when I opened this website, the menu bar and tabs bar are black right now.  The latest thing I've read is that it is because I customize my desktop.  All I really do is choose a jpeg from my pictures and center it on the desktop and change the background color from the blue to black.  The website I was reading says I should stick with the Windows Classic theme which I prefer to the XP theme anyways, and choosing to customize my desktop color only within the options for doing so without any 3rd party themes or software should not be the cause.  This began immediately after updating to Internet Explorer 8.  I know I am not the only person suffering this as there are several sites showing the quick fixes for it.

One last thing.  Is there a trustworthy and free service that can scan all your drivers and give you a list of those that are not necessary so I can delete them?  I've used the Norton Registry cleaning utility in the past, but not enough to know if that will do this.  Any advice would be appreciated.

4

Tech Clinic / Blue Screen of Death

« on: November 07, 2009, 07:43:49 AM »

[quote name=\'guestolo\' post=\'466120\' date=\'Nov 5 2009, 07:52 PM\']Make sure you get all your correct drivers installed, either from CD or Dell link

Here's a link to your drivers
http://support.dell.com/support/downloads/...anConsent=False

You probably still need to install Chipset and Communication drivers[/quote]



I've used the supplied cdroms that came with the computer and have installed every driver that did not give me a warning that I did not have that software installed (perhaps upgraded versions of my computer?)  I've spent countless hours googling this and see a lot of people having the same problem.  I found out that I have an Intel G33/31 Express Chipset using the intel download to detect it.  Then I go to their driver download link and find that there are 2 drivers, one for G31 and one for G33.  Can't understand why their own utility couldn't define which chipset I do have.  So when I click on either one of them, a new page comes up with a list of 10 drivers.  I don't know which one I am supposed to use.
  when I go to the link you put above, I download the driver for the chipset I have and after unzipping the files, I get a warning window telling me "The computer does not meet the minimum requirements for installing the software".  How is that possible that a computer with that chipset can't install that chipset's driver?  I just don't get it.  I get the actual devices name and google that and still I can't find anything other than links to the intel or the dell drivers sites!  This is way too frustrating.

I've even downloaded Windbg and the Symbols file, but can't seem to understand their instructions for initializing the symbols file.  I was hoping Windbg would read the minidumps and pinpoint precisely what needs to be done to fix my computer and explain it in simple english, but that was a pipedream.

Also, I got the bsod before I did the reinstall of XP (which brought me to the decision to just start fresh and clean) and there were no yellow question marks in the device manager before the first crash.  I'm finding it hard to believe that the sm bus controller is causing the crashes, but what do I know, I'm just another hapless Microsoft victim.  

I finally just left the computer on all the time and it hasn't crashed on me.  It seems to only happen when bringing the thing out of stand-by/sleep mode.  Just like before when this thing would seize up on me when waking it from sleep mode.  Even holding the start button in for 5 seconds(or longer) would not turn the thing off.  It had just never crashed with bsod before the one event.  It was 2 more bsod's when I decided to do the clean reinstall.   Now I've gotten five of them since.  What I've read, the sm bus controller does control temp and voltage settings for the motherboard?  That lead's me to believe this has been the trouble all along.  I am just at a total loss on what to do next. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />

5

Tech Clinic / Blue Screen of Death

« on: November 03, 2009, 05:12:17 PM »

I've been here often and am back yet again.  I have a Dell 530 Inspiron S (slim) computer running on Windows XP Home originally with SP2 but allowed SP3 update.

I have never before gotten the Blue Screen of Death.  This was a couple of days ago.  In fact it happened the very day I downloaded the upgraded AVG Free 9.0.  I got the BSoD twice in 2 days, so I had had enough.  I've already been getting some wierd crap where my toolbar (File/Edit/View/Favorites/Tools/Help) and the Favorites and Tab bar would both go black and I have found the way to get rid of the black by right clicking on the desktop, and changing the theme and changing it back, but have never found a permanent fix for the problem.  That started right after the latest and greatest http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'\' /> Internet Explorer 8.

So, I spent the past Sunday doing a fresh install of my XP.  Sure enough, today, Tuesday, only 2 days later, I am getting the BSoD again!  I have saved the error report in a notepad page to post here.

Since having to reload my Windows, I no longer have RSIT/HJT on my desktop and didn't save the programs.  Could you please give me your trusted links to get these again?  I really need to stop this crap.  This Dell is barely over a year old.  Long enough to be out of Warranty from Dell of course.  I swear when this thing dies, I am bypassing the option to give Windows-7 a chance and defecting to MAC!!  I don't care if they cost more, nothing is for free.  If I have to pay a little more to NOT have to spend more time fixing my PC than I do using it, it will be well worth it!

Also, one other thing, after reloading my XP., I had problems getting online.  Turns out the CD that came with the Dell with all the drivers did not automatically load all the drivers.  I found out I had to choose the drivers for it to install.  Well, I can get online now (obviously), but in the Device Manager, I am still showing 2 yellow question marks.  They are labelled:

PCI Simple Communications Controller
SM Buys Controller

I was just wondering if that could be causing the current BSoD or not.

Let me know if the error report tells you anything.  Thanks.

6

Tech Clinic / Display Settings

« on: August 18, 2009, 03:15:15 PM »

I have this Dell Inspiron 530S running Windows XP home SP3.  For quite some time this pile of junk has been screwing up its power management settings by either not going into sleep mode when it is supposed to, or when it actually does, quite often when I click the mouse to wake it, the wretched thing cranks its fan into high speed and seizes-up.  I have to actually unplug the thing and wait a few seconds then plug it back in and power it up.  I have had it!  Now, as if those quirks weren't bad enough, NOW this steaming puddle of liquid waste is constantly blacking out the toolbar and the tab bar and I have to go into properties and reset the appearance.  This started about a month ago and has been pulling this crap about every two or three days now!

Anyone else out there with a Dell Inspiron 530S having any issues like this?  Dell is totally not helpful at all and although when I google the problems I find the quick fixes like resetting my appearance, but can't seem to get at the core of the problem..WHY Is this godforsaken thing doing this!?

7

Tech Clinic / Ever Changing Power Settings

« on: July 19, 2009, 01:40:37 PM »

[quote name=\'guestolo\' post=\'463864\' date=\'Jul 6 2009, 10:04 AM\']What is the exact Make/model of laptop do you have?[/quote]

This is actually a Dell Inspiron 530S with Windpws XP.  I've been having this problem almost since I got it about 8-9 months ago.  I also have been having a problem with this thing seizing up on me when I go to "wake" it out of sleep mode.  This model has that real loud fan when you first start it up for a few seconds.  What this thing does is, when I click the mouse button to wake it out of sleep mode (my power setting is set to put it into sleep mode if it has been 1 hour after last use) anyway, more times than I can count, instead of the fan blasting hig speed for a few seconds then the screen coming on with Windows already up and running, the fan stays running in high speed mode and nothing ever happens.  I can't even power the thing down with the on/off button.  I have to crawl under my desk and unplug the thing, wait for about 30 seconds, then plug it back in and then turn it on.  This has been going on forever, the people at Dell are no help at all, and I can't seem to find any forum in which other Inspiron 530 users have had this happening to them.

I also just accepted the Explorer 8 update, and now, quite often when I finally get this thing to turn on for me, I open any explorer application (liek to check my email for instance) and the tool bars at the top of the page are blacked out (the 'File/Edit/View/Favorites/Tools/Help' bar and the bar showing the open tabs. They will be blacked out and even a restart does not clear it.  I think that may be an issue with the new Version 8 but I have not had any Windows Update with any patches or repairs since it came out.  Is there anyone on this forum that has an Inspiron 530S experiencing this continual crap with theirs?

I don't use this thing for gaming or any other unusual activity.  Pretty much its my Library, Encyclopedia (google is very heavily used), e-mail, word processing with MS Office 2007 Home Edition, and thats about it.  I just can't understand why this thing is being such a problematic pile of excrement.

8

Tech Clinic / Ever Changing Power Settings

« on: July 06, 2009, 08:02:51 AM »

Hey Guestolo,

I sent the following query about my computer but you said I needed to start a new topic since the other one was so old...so here it is:

Sorry its been awhile since I checked here, been really busy lately. I have been now experiencing a problem where this piece of crap Dell keeps changing the power settings on me. It wasn't bad enough when they just wouldn't work at all forcing me to do a restart. Not to mention the crap of this thing seizing-up on me when I go to wake it out of sleep mode when it actually DOES go into sleep mode like its supposed to. But this is just getting ridiculous! I just got done trying to just set up a new power scheme and saved it, then not a half hour later, I walked past the room and noticed that yet again the power settings had not taken, so when I opened it to check, sure enough this damn thing went back to Max Battery setting, and when I pull down the choices for power schemes the one I JUST CREATED AND SAVED was not even there! Any ideas? Here is a fresh HJT log...

9

Tech Clinic / test

« on: June 17, 2009, 05:17:30 PM »

[quote name='guestolo' date='Apr 21 2009, 07:35 AM' post='461675']
Can I see a fresh Log from Hijackthis please




Hey guestolo:

Sorry its been awhile since I checked here, been really busy lately.  I have been now experiencing a problem where this piece of crap Dell keeps changing the power settings on me.  It wasn't bad enough when they just wouldn't work at all forcing me to do a restart.  Not to mention the crap of this thing seizing-up on me when I go to wake it out of sleep mode when it actually DOES go into sleep mode like its supposed to.  But this is just getting ridiculous!  I just got done trying to just set up a new power scheme and saved it, then not a half hour later, I walked past the room and noticed that yet again the power settings had not taken, so when I opened it to check, sure enough this damn thing went back to Max Battery setting, and when I pull down the choices for power schemes the one I JUST CREATED AND SAVED was not even there!  Any ideas?  Here is the fresh HJT you requested...

10

Tech Clinic / test

« on: April 20, 2009, 01:32:39 PM »

[quote name=\'guestolo\' post=\'461403\' date=\'Apr 16 2009, 10:07 PM\']Are you having any kind of problems?
Everything looks good[/quote]


Just the mentioned start bar changing itself to XP style while the computer was in sleep mode, and nothing else changed to XP style.  I solved it easy enough in the appearance settings, but kind of an odd thing to happen.  Also, was just trying to print a web page using the pages print button, only to be slammed by a pop-up from HP and explorer froze-up.  I had to do a ctrl-alt-del to clear it.  I stay updated on my blockers and anti-virus/spyware programs.  Other than that, this thing seems to be running about as well as a PC can run.  I haven't had it seize-up on me waking it out of sleep mode for some time now  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' /> The new Canon all-in-one is working really great.  I haven't tried out the fax feature yet though.  The new 5.1 surround is working quite nicely...its nice to have some music on while doing tedious work on this thing.  Thanks for checking the log.  I did notice an entry from HP that I am thinking I should remove since I no longer have any HP peripherals.....
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

How can I delete this from my system?

11

Tech Clinic / test

« on: April 16, 2009, 05:25:54 PM »

[quote name=\'guestolo\' post=\'461364\' date=\'Apr 16 2009, 08:56 AM\']I can't read that
Can you just Upload the logs?
Just use Browse>>Upload buttons in a reply[/quote]


Going to give it a shot now...

It states that the upload was successful.  

One concern I had was the morning that I ran that RSIT, I woke the computer from sleep mode to find that the start bar had changed to XP style.  I always have my computer set up to look like original windows all the way.  i've never heard of just the start bar being XP style, and I've never experienced my computer changing appearance settings on its own while in sleep mode  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />  refresher:  Dell Inspiron 530s / Windows XP

Let me know if you see anything suspicious.

Thx.

12

Tech Clinic / test

« on: April 15, 2009, 06:19:59 PM »

[quote name=\'djkwik\' post=\'461344\' date=\'Apr 15 2009, 06:16 PM\']======List of files/folders modified in the last 3 months======(Continued)...

2009-01-23 18:06:36 ----D---- C:\Program Files\Adobe
2009-01-23 18:06:30 ----D---- C:\WINDOWS\WinSxS
2009-01-23 18:04:45 ----D---- C:\Documents and Settings\Home\Application Data\Adobe
2009-01-23 18:03:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-23 18:00:30 ----D---- C:\Program Files\Common Files[/quote]

Man this thing is whittling away how many lines it allows me to post each time.  I'll be down to another 50 posts at this rate

2009-01-16 22:35:14 ----A---- C:\WINDOWS\system32\mshtml.dll

13

Tech Clinic / test

« on: April 15, 2009, 06:16:07 PM »

[quote name=\'djkwik\' post=\'461342\' date=\'Apr 15 2009, 06:14 PM\']======List of files/folders modified in the last 3 months======(Continued)...

2009-03-18 14:31:48 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-18 14:31:45 ----D---- C:\Program Files\Common Files\Adobe
2009-03-13 06:42:29 ----HD---- C:\WINDOWS\inf
2009-03-13 06:42:28 ----SHD---- C:\WINDOWS\system32\dllcache
2009-03-13 06:42:23 ----A---- C:\WINDOWS\imsins.BAK
2009-03-12 06:40:29 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-11 20:06:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-27 18:20:59 ----D---- C:\Documents and Settings\Home\Application Data\Canon
2009-02-25 12:55:00 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-12 10:16:07 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-12 04:00:53 ----D---- C:\Program Files\Internet Explorer
2009-02-01 14:03:24 ----D---- C:\Program Files\Napster[/quote]

======List of files/folders modified in the last 3 months======(Continued)...

2009-01-23 18:06:36 ----D---- C:\Program Files\Adobe
2009-01-23 18:06:30 ----D---- C:\WINDOWS\WinSxS
2009-01-23 18:04:45 ----D---- C:\Documents and Settings\Home\Application Data\Adobe
2009-01-23 18:03:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-23 18:00:30 ----D---- C:\Program Files\Common Files

14

Tech Clinic / test

« on: April 15, 2009, 06:14:49 PM »

[quote name=\'djkwik\' post=\'461341\' date=\'Apr 15 2009, 06:12 PM\']======List of files/folders modified in the last 3 months======

2009-04-12 05:13:59 ----D---- C:\WINDOWS\Prefetch
2009-04-12 05:13:45 ----D---- C:\WINDOWS\Temp
2009-04-11 16:06:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-11 16:06:07 ----SD---- C:\WINDOWS\Tasks
2009-04-11 16:03:55 ----D---- C:\WINDOWS
2009-04-11 16:03:41 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-04-11 16:03:22 ----D---- C:\MDT
2009-04-11 16:03:18 ----D---- C:\WINDOWS\system32
2009-04-11 16:02:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-11 07:27:23 ----D---- C:\rsit
2009-04-11 07:01:05 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-11 07:00:48 ----D---- C:\Program Files\SpywareBlaster
2009-04-09 15:52:43 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-04-09 15:52:40 ----D---- C:\Program Files\Viewpoint
2009-04-06 18:08:47 ----SD---- C:\Documents and Settings\Home\Application Data\Microsoft
2009-04-01 14:18:08 ----RD---- C:\Program Files
2009-04-01 14:13:44 ----D---- C:\WINDOWS\system32\drivers
2009-04-01 14:13:17 ----SHD---- C:\WINDOWS\Installer
2009-04-01 14:01:45 ----D---- C:\WINDOWS\system
2009-03-31 16:39:26 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-03-31 16:06:25 ----RSD---- C:\WINDOWS\Fonts
2009-03-31 16:02:21 ----D---- C:\Program Files\Common Files\Microsoft Shared[/quote]

======List of files/folders modified in the last 3 months======(Continued)...

2009-03-18 14:31:48 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-18 14:31:45 ----D---- C:\Program Files\Common Files\Adobe
2009-03-13 06:42:29 ----HD---- C:\WINDOWS\inf
2009-03-13 06:42:28 ----SHD---- C:\WINDOWS\system32\dllcache
2009-03-13 06:42:23 ----A---- C:\WINDOWS\imsins.BAK
2009-03-12 06:40:29 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-11 20:06:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-27 18:20:59 ----D---- C:\Documents and Settings\Home\Application Data\Canon
2009-02-25 12:55:00 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-12 10:16:07 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-12 04:00:53 ----D---- C:\Program Files\Internet Explorer
2009-02-01 14:03:24 ----D---- C:\Program Files\Napster

15

Tech Clinic / test

« on: April 15, 2009, 06:12:46 PM »

[quote name=\'djkwik\' post=\'461340\' date=\'Apr 15 2009, 06:10 PM\']Hopefully here is the rest of the log (nope...it wouldn't take it, so two more segments it is)...

======List of files/folders created in the last 3 months======

2009-04-01 14:13:44 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-04-01 14:13:34 ----D---- C:\Documents and Settings\Home\Application Data\AVGTOOLBAR
2009-04-01 14:13:22 ----D---- C:\Program Files\AVG
2009-04-01 14:13:21 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-04-01 14:10:40 ----A---- C:\Program Files\avg_free_stf_en_85_285a1462.exe
2009-03-31 16:02:24 ----D---- C:\WINDOWS\system32\Viewers
2009-03-31 16:01:41 ----D---- C:\Program Files\MSWorks
2009-03-31 15:59:35 ----D---- C:\Program Files\Microsoft Works and Money
2009-03-13 06:42:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-13 06:42:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-13 06:41:45 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-02-25 23:26:22 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-12 04:01:07 ----D---- C:\3dcfe820f9fbff27988c788b3010
2009-02-12 04:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-01-23 18:04:46 ----D---- C:\Documents and Settings\Home\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-01-23 18:00:30 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-01-23 17:59:26 ----D---- C:\Program Files\Adobe Reader 9 Installer
2009-01-23 17:58:14 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-01-23 17:58:12 ----D---- C:\Program Files\NOS
2009-01-14 23:09:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$[/quote]

======List of files/folders modified in the last 3 months======

2009-04-12 05:13:59 ----D---- C:\WINDOWS\Prefetch
2009-04-12 05:13:45 ----D---- C:\WINDOWS\Temp
2009-04-11 16:06:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-11 16:06:07 ----SD---- C:\WINDOWS\Tasks
2009-04-11 16:03:55 ----D---- C:\WINDOWS
2009-04-11 16:03:41 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-04-11 16:03:22 ----D---- C:\MDT
2009-04-11 16:03:18 ----D---- C:\WINDOWS\system32
2009-04-11 16:02:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-11 07:27:23 ----D---- C:\rsit
2009-04-11 07:01:05 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-11 07:00:48 ----D---- C:\Program Files\SpywareBlaster
2009-04-09 15:52:43 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-04-09 15:52:40 ----D---- C:\Program Files\Viewpoint
2009-04-06 18:08:47 ----SD---- C:\Documents and Settings\Home\Application Data\Microsoft
2009-04-01 14:18:08 ----RD---- C:\Program Files
2009-04-01 14:13:44 ----D---- C:\WINDOWS\system32\drivers
2009-04-01 14:13:17 ----SHD---- C:\WINDOWS\Installer
2009-04-01 14:01:45 ----D---- C:\WINDOWS\system
2009-03-31 16:39:26 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-03-31 16:06:25 ----RSD---- C:\WINDOWS\Fonts
2009-03-31 16:02:21 ----D---- C:\Program Files\Common Files\Microsoft Shared

16

Tech Clinic / test

« on: April 15, 2009, 06:10:46 PM »

[quote name=\'djkwik\' post=\'461339\' date=\'Apr 15 2009, 06:07 PM\']Here is the next segment...

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-04-01 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-24 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-04-01 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-24 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-24 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-04-01 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-16 16132608]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-24 136600]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
""= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-04-01 1932568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2003-12-13 630915]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\BACKWE~1.EXE [2003-06-08 16432]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

C:\Documents and Settings\Home\Start Menu\Programs\Startup
Microsoft Works Calendar Reminders.lnk - C:\Program Files\MSWorks\Calendar\WKCALREM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-04-01 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft  Fax Console"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"[/quote]

Hopefully here is the rest of the log (nope...it wouldn't take it, so two more segments it is)...

======List of files/folders created in the last 3 months======

2009-04-01 14:13:44 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-04-01 14:13:34 ----D---- C:\Documents and Settings\Home\Application Data\AVGTOOLBAR
2009-04-01 14:13:22 ----D---- C:\Program Files\AVG
2009-04-01 14:13:21 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-04-01 14:10:40 ----A---- C:\Program Files\avg_free_stf_en_85_285a1462.exe
2009-03-31 16:02:24 ----D---- C:\WINDOWS\system32\Viewers
2009-03-31 16:01:41 ----D---- C:\Program Files\MSWorks
2009-03-31 15:59:35 ----D---- C:\Program Files\Microsoft Works and Money
2009-03-13 06:42:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-13 06:42:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-13 06:41:45 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-02-25 23:26:22 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-12 04:01:07 ----D---- C:\3dcfe820f9fbff27988c788b3010
2009-02-12 04:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-01-23 18:04:46 ----D---- C:\Documents and Settings\Home\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-01-23 18:00:30 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-01-23 17:59:26 ----D---- C:\Program Files\Adobe Reader 9 Installer
2009-01-23 17:58:14 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-01-23 17:58:12 ----D---- C:\Program Files\NOS
2009-01-14 23:09:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

17

Tech Clinic / test

« on: April 15, 2009, 06:07:38 PM »

[quote name=\'djkwik\' post=\'461338\' date=\'Apr 15 2009, 06:03 PM\']Hey, I got that much to work.  I guess I'll just piece it together.  here's more of the log...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7069 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job[/quote]

Here is the next segment...

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-04-01 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-24 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-04-01 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-24 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-24 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-04-01 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-16 16132608]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-24 136600]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
""= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-04-01 1932568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2003-12-13 630915]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\BACKWE~1.EXE [2003-06-08 16432]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

C:\Documents and Settings\Home\Start Menu\Programs\Startup
Microsoft Works Calendar Reminders.lnk - C:\Program Files\MSWorks\Calendar\WKCALREM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-04-01 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft  Fax Console"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

18

Tech Clinic / test

« on: April 15, 2009, 06:03:39 PM »

[quote name=\'djkwik\' post=\'461337\' date=\'Apr 15 2009, 06:01 PM\']Logfile of random's system information tool 1.04 (written by random/random)
Run by Home at 2009-04-12 05:13:54
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 211 GB (90%) free of 235 GB
Total RAM: 1022 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:03 AM, on 4/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Home\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Home.exe[/quote]


Hey, I got that much to work.  I guess I'll just piece it together.  here's more of the log...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7069 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

19

Tech Clinic / test

« on: April 15, 2009, 06:01:42 PM »

[quote name=\'djkwik\' post=\'461270\' date=\'Apr 14 2009, 05:12 PM\']Well, it seems to always let me post a couple of words or lines, but not my log....will wait until I hear back for another suggestion...[/quote]

Logfile of random's system information tool 1.04 (written by random/random)
Run by Home at 2009-04-12 05:13:54
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 211 GB (90%) free of 235 GB
Total RAM: 1022 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:03 AM, on 4/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Home\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Home.exe

20

Tech Clinic / test

« on: April 14, 2009, 05:12:06 PM »

[quote name=\'djkwik\' post=\'461269\' date=\'Apr 14 2009, 05:09 PM\']Guestolo, you suggested I try to reply to a current topic.  I tried a test and it worked, but still couldn't get an RSIT log to post, so I am trying to do it in this reply as suggestd:


And it did not work...I am going to see if this part works......[/quote]


Well, it seems to always let me post a couple of words or lines, but not my log....will wait until I hear back for another suggestion...