Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WinXP Disk Drive Busy after Startup


  • Please log in to reply
15 replies to this topic

#1 VegetableNazi

VegetableNazi

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 12 May 2009 - 09:59 PM

Hello,

My mother has a Dell Dimension 4550 running Windows XP SP3. About 2 days ago she started having a problem where after she boots her computer and logs in, the system stays extremely busy and she cannot click or type anything. The disk drive sounds like it is running constantly and anytime she positions the mouse over the taskbar it turns to an hourglass symbol. She has waited over an hour before and the situation does not clear so she has to power off her computer.

We are able to start the computer in Safe Mode and Safe Mode with Networking. We have tried using MSCONFIG to disable everything in her STARTUP, but we receive error "An Access Denied error was received when attempting to change a service. You may need to logon using an Administrator account to make the changes." This message appears even though we are logged on with Administrator.

We downloaded Super AntiSpyware, but when we attempt to install it we receive error "The system administrator has set policies to prevent this installation."

We were able to install and run Malwarebytes AntiMalware. A quick scan found and removed 15 Adware entries and one registry entry for AntivirusDisableNotify. I apologize that I cannot post the entire log here, but when I went back into MBAM and selected Logs this particular logfile had disappeared. I subsequently ran a MBAM Full Scan and it found 3 problems which I selected to fix. I have pasted the 2nd MBAM logfile at the bottom of this post.

One other thing that may or may not be relevant. After the first occurrence of the problem with Windows being extremely busy after logon, my mother powered off her computer and upon powering back up received error message "Dell's Disc Monitoring System has detected that drive on the primary EIDE controller is operating outside of normal specifications. It is advisable to immediately back up your data and replace your hard disc drive by calling your support desk or Dell Computer Corp. Press F1 to continue, F2 to enter setup". We pressed F1 to continue and this error has not come back.

Please let me know what action you think I should take to try to resolve this issue. Thank you very much for your help!
Regards,
-Kristine

Malwarebytes' Anti-Malware 1.36
Database version: 2118
Windows 5.1.2600 Service Pack 3

5/12/2009 10:54:30 PM
mbam-log-2009-05-12 (22-54-20).txt

Scan type: Full Scan (C:\|)
Objects scanned: 265954
Time elapsed: 52 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\gvtl (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\advantage (Adware.Vomba) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:09:49 PM

Posted 13 May 2009 - 08:20 PM

Please reboot your computer
Update mbam and run a FULL scan
Please post the results

If you downloaded Superantispyware to you Desktop, try renaming the .exe to .scr and see if it will install

From your description, I'm more inclined to believe that you have a damaged hard drive ready to fail
Dell's diagnostic utility already told you that.
When it finally starts popping up all of the time it will be too late
Find out the make of the hard drive (It will tell you in Device Manager) and go to the manufacturer's support sitr.
In their drivers and download section, they will have a diagnostic utility that you can burn to a cd and run
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 VegetableNazi

VegetableNazi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 14 May 2009 - 10:35 PM

Hi Mark,

Thanks for your reply. I downloaded the Western Digital Data Lifeguard Diagnostics program to a boot diskette and ran both a QUICK test as well as an EXTENDED test. They both came up with "NO ERRORS FOUND."

I tried to rename the SuperAntiSpyware.exe to .scr and run it, but all that happened was I got a Windows Installer window with a help-like display of the parameters for msiexec. It reminded me of the kind of display you get when you type in an incorrect parameter and the program shows you all the correct options you can specify. It did not successfully install SuperAntiSpyware.

I did update and rerun MBAM with a FULL scan. Here are the results. I'd certainly appreciate any additional advice or suggestions you might have for me.

Sincerely,
-Kristine

Malwarebytes' Anti-Malware 1.36
Database version: 2118
Windows 5.1.2600 Service Pack 3

5/14/2009 7:41:27 PM
mbam-log-2009-05-14 (19-41-27).txt

Scan type: Full Scan (C:\|)
Objects scanned: 266682
Time elapsed: 47 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:09:49 PM

Posted 15 May 2009 - 07:39 PM

See if you can get Dr Web Cure It to run


Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

ALSO

Please download and run Process Explorer

http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Under file and save as, create a log and post here

copy and paste into a reply
---------------------------


Instead of using Msconfig, try Autoruns:
http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 VegetableNazi

VegetableNazi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 16 May 2009 - 08:21 PM

Hi Mark,

Thanks for your advice. I did what you suggested and things are looking better now. The Dr.Web CureIT Complete scan found and cured one trojan. Here's the log:

sdccinfo.dll;C:\WINDOWS\SYSTEM32;Trojan.Click.origin;;

Now she can actually use her PC after it boots and she logs on. The disk drive still sounds busy, but it isn't preventing her from executing programs like it was before. Also, it did allow her to install SuperAntiSpyware which we weren't able to do before.

Here's the log from Process Explorer. Please let me know if you think there's anything suspicious or if you want me to take any additional actions. Thanks again for your help! -Kristine

Process PID CPU Description Company Name
System Idle Process 0 95.45
procexp.exe 1124 3.03 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
services.exe 712 1.52 Services and Controller app Microsoft Corporation
wmpnscfg.exe 316 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
wmpnetwk.exe 2696 Windows Media Player Network Sharing Service Microsoft Corporation
WkUFind.exe 1856 Microsoft® Works Update Detection Microsoft® Corporation
winlogon.exe 664 Windows NT Logon Application Microsoft Corporation
upsd.exe 2532 upsd Delta
System 4
svchost.exe 2276 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1052 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 880 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 956 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1096 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1160 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2040 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 588 Generic Host Process for Win32 Services Microsoft Corporation
SUPERAntiSpyware.exe 452 SUPERAntiSpyware Application SUPERAntiSpyware.com
spoolsv.exe 1488 Spooler SubSystem App Microsoft Corporation
smss.exe 560 Windows NT Session Manager Microsoft Corporation
QTTask.exe 1848 QuickTime Task Apple Inc.
nvsvc32.exe 2100 NVIDIA Driver Helper Service, Version 52.16 NVIDIA Corporation
notepad.exe 2792 Notepad Microsoft Corporation
msiexec.exe 3268 Windows® installer Microsoft Corporation
MpfSrv.exe 1988 McAfee Personal Firewall Service McAfee, Inc.
mDNSResponder.exe 420 Bonjour Service Apple Inc.
mcsysmon.exe 2560 McAfee SystemGuards Service McAfee, Inc.
Mcshield.exe 1748 On-Access Scanner service McAfee, Inc.
McSACore.exe 676 SiteAdvisor McAfee, Inc.
McProxy.exe 1652 McAfee Proxy Service Module McAfee, Inc.
McNASvc.exe 1432 McAfee Network Agent McAfee, Inc.
mcmscsvc.exe 1348 McAfee Services McAfee, Inc.
mcagent.exe 1868 McAfee Integrated Security Platform McAfee, Inc.
lsass.exe 724 LSA Shell (Export Version) Microsoft Corporation
jusched.exe 1828 Java™ Platform SE binary Sun Microsystems, Inc.
jucheck.exe 2656 Java™ Update Checker Sun Microsystems, Inc.
iTunesHelper.exe 1876 iTunesHelper Module Apple Inc.
iPodService.exe 4012 iPodService Module Apple Inc.
Interrupts n/a Hardware Interrupts
iexplore.exe 3740 Internet Explorer Microsoft Corporation
hpztsb07.exe 1928 HP
hphmon04.exe 1920 HPHmon04 Hewlett-Packard
hphipm11.exe 3956 PML Driver HP
hpgs2wnf.exe 124 hpgs2wnf Module
hpgs2wnd.exe 1840 hpgs2wnd Hewlett-Packard
GoogleToolbarNotifier.exe 440 GoogleToolbarNotifier Google Inc.
explorer.exe 1700 Windows Explorer Microsoft Corporation
EasyShare.exe 1368 Kodak EasyShare Software Eastman Kodak Company
DPCs n/a Deferred Procedure Calls
Directcd.exe 288 DirectCD Application Roxio
ctfmon.exe 296 CTF Loader Microsoft Corporation
csrss.exe 640 Client Server Runtime Process Microsoft Corporation
AppleMobileDeviceService.exe 380 Apple Mobile Device Service Apple Inc.
alg.exe 2072 Application Layer Gateway Service Microsoft Corporation
ACService.exe 276 ArcSoft Connect Service ArcSoft Inc.
ACDaemon.exe 1948 ArcSoft Connect Daemon ArcSoft Inc.

#6 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:09:49 PM

Posted 17 May 2009 - 05:35 PM

You have all sorts of unnecessary items running at Startup. It is going to take me awhile to research the list to make suggestions
Now that you have SAS downloaded, why don't you run and post a scan




ATF
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

------------------------------------

SAS,may take a long time to scan
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#7 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:09:49 PM

Posted 17 May 2009 - 09:52 PM

Download and install one more item for me, please

Codestuff Starter Control Panel

http://www.snapfiles.com/get/starter.html
Open it and Click on the Startups tab

After the lists populates, Click on File, then Save as Plain Text and save to your Desktop.
Copy and paste the log in your response
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#8 VegetableNazi

VegetableNazi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 18 May 2009 - 06:42 AM

Good morning, I ran ATF, SAS and Starter. Here are the logs. Thanks again for all your help!!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/16/2009 at 10:47 PM

Application Version : 4.26.1002

Core Rules Database Version : 3896
Trace Rules Database Version: 1844

Scan type : Complete Scan
Total Scan Time : 01:25:12

Memory items scanned : 601
Memory threats detected : 0
Registry items scanned : 5511
Registry threats detected : 1
File items scanned : 45751
File threats detected : 150

Adware.Tracking Cookie
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@sitebrand.discountdance[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@statcounter[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@atdmt[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@kontera[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@doubleclick[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@www.googleadservices[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@imediablast[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@ads.addesktop[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@dmtracker[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@www.discountdance[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@atwola[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@advertising[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@revsci[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@statse.webtrendslive[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@anad.tacoda[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@at.atwola[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine jackman@www.eztrackz[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@ads.cnn[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@www.accountonline[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@questionmarket[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@ads.lucidmedia[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@sales.liveperson[7].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@sales.liveperson[6].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@lfstmedia[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@icc.intellisrv[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@media-general[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@www.purecountrymusic[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@stampinup.112.2o7[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@rotator.adjuggler[3].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@ads.cnn[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@h.starware[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@discountdance[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@spamblockerutility[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@i.screensavers[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@netgear.122.2o7[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@mediamatters[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@try.screensavers[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@tremor.adbureau[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@ad.yieldmanager[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@rambler[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@dealtime[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@jumps.ez-tracks[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@tracking.foxnews[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@casalemedia[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@tribalfusion[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@ads.pointroll[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@tacoda[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@adlegend[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@pt.crossmediaservices[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@www.peoplefinders[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@www.ez-tracks[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@countryweekly[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@emailfinder[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@eztracks.aavalue[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@ads.addynamix[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@peoplefinders[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@discountmugs[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@ads.scrapbook[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@antactica.ad.adnetwork.com[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@adprofile[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@countryedge[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@shoplocl.adbureau[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@sales.liveperson[8].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@lynxtrack[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@ez-tracks[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@reunion.adbureau[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@sales.liveperson[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@s4.shinystat[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@stats.gamestop[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@v.peoplefinders[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@base.liveperson[3].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@insight.coupons[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@screensavers[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@yieldmanager[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@www.click2houston[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@ads.cheapflights[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@centralmediaserver[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@smileycentral[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@eyewonder[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@base.liveperson[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@www.shockcounter[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@www.traffic[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@trvlnet.adbureau[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@ad.associatedcontent[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@iframe.mediaplazza[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@adserver.hispavista[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@tracking.gajmp[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@trackmydough[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@clubcountry[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@iad.liveperson[3].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@shinystat[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@celebritysexyteeth[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@ads.ireport[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@cdn3.specificmedia[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@magnet.traffic[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@ads.heraldnet[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@sales.liveperson[4].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@iacas.adbureau[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@www.findingjoymovie[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@richmedia.yahoo[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@clickondetroit[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@click2houston[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@collective-media[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@sales.liveperson[5].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@ads.financialcontent[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@findingjoymovie[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@specificmedia[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@dancewearelite[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@affiliates.millnicmedia[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@ads.digitalmedianet[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@wwww.toseeka[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@invitemedia[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@ads.damson[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@more-banners[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@sitestat.mayoclinic[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@rotator.adjuggler[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@ads.healthcare[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@toseeka[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@toplisted[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@videoegg.adbureau[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@accountonline[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@media.legacy[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@www.hillsboroughcounty[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@tag.adknowledge[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@viacom.adbureau[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@sales.liveperson[3].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@oddcast[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@www.4yourstats[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@mediauk[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@caloriecount.about[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@chitika[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@www.toseeka[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@banners.sys-con[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@www.3dstats[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@advertising.marketnetwork[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@www.oberon-media[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@onlinerewardcenter[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@ads.techguy[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@mediageneral[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@www.directnetadvertising[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@purecountrymusic[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@www.purecountrymusic[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@socialmedia[1].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@adserve.surveysuperrewards[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@www.clickondetroit[2].txt
C:\Documents and Settings\Lorraine Jackman.LORRAINE\Cookies\lorraine_jackman@ads.admanage[2].txt
C:\Documents and Settings\LocalService\Cookies\system@overture[2].txt
C:\Documents and Settings\LocalService\Cookies\system@server.iad.liveperson[1].txt
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Cookies\system@2o7[1].txt

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-1123561945-1220945662-682003330-1004\SOFTWARE\FunWebProducts

STARTER LOG:

Name,Value,Section,Enabled,Description,Company
"AdaptecDirectCD",""C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"","Registry - Machine Run","1","DirectCD Application (DirectCD)","Roxio"
"Adobe Reader Speed Launch.lnk","C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe","Startup - Current User","1","",""
"Adobe Reader Speed Launcher",""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"","Registry - Machine Run","1","Adobe Acrobat SpeedLauncher (Adobe Acrobat)","Adobe Systems Incorporated"
"Advanced SystemCare 3",""C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup","Registry - User Run","1","",""
"AppleSyncNotifier","C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe","Registry - Machine Run","1","AppleSyncNotifier (MobileMe)","Apple Inc."
"ArcSoft Connection Service","C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe","Registry - Machine Run","1","ArcSoft Connect Daemon (ArcSoft Connect)","ArcSoft Inc."
"ctfmon.exe","C:\WINDOWS\system32\ctfmon.exe","Registry - User Run","1","CTF Loader (Microsoft® Windows® Operating System)","Microsoft Corporation"
"DW6","","Registry - User Run","1","",""
"Event Reminder.lnk","C:\Program Files\Broderbund\PrintMaster\PMremind.exe /Q","Startup - Current User","1","Reminder Application","Mattel Inc."
"FlashPath Monitor.lnk","C:\Program Files\SmartDisk\FlashPath\sdstat.exe","Startup - Current User","1","FPSMstat MFC Application (FPSMstat Application)","SmartDisk Corporation"
"Forget Me Not.lnk","C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe","Startup - Current User","1","Reminder Application (American Greetings CreataCard Spiritual Expressions 6.0)","TLC Productivity Properties LLC"
"HPDJ Taskbar Utility","C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe","Registry - Machine Run","1"," (HP DeskJet)","HP"
"HPHmon04","C:\WINDOWS\System32\hphmon04.exe","Registry - Machine Run","1","HPHmon04 (hp photosmart)","Hewlett-Packard"
"HPHUPD04",""C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"","Registry - Machine Run","1","HPHupd04 (hp photosmart)","Hewlett-Packard"
"iTunesHelper",""C:\Program Files\iTunes\iTunesHelper.exe"","Registry - Machine Run","1","iTunesHelper Module (iTunes)","Apple Inc."
"Kodak EasyShare software.lnk","C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx","Startup - Current User","1","Kodak EasyShare Software","Eastman Kodak Company"
"Kodak EasyShare software.lnk","C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx","Startup - All Users","1","Kodak EasyShare Software","Eastman Kodak Company"
"mcagent_exe",""C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey","Registry - Machine Run","1","McAfee Integrated Security Platform (McAfee SecurityCenter)","McAfee, Inc."
"Microsoft Works Update Detection","C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe","Registry - Machine Run","1","Microsoft® Works Update Detection (Update Detection Module)","Microsoft® Corporation"
"MUPS.lnk","C:\Program Files\Belkin Bulldog Plus\MUPS.exe","Startup - Current User","1","",""
"NvCplDaemon","RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup","Registry - Machine Run","1","NVIDIA Display Properties Extension (NVIDIA Compatible Windows 2000 Display driver, Version 52.16 )","NVIDIA Corporation"
"nwiz","nwiz.exe /install","Registry - Machine Run","1","NVIDIA nView Wizard, Version 52.16 ","NVIDIA Corporation"
"QuickTime Task",""C:\Program Files\QuickTime\QTTask.exe" -atboottime","Registry - Machine Run","1","QuickTime Task (QuickTime)","Apple Inc."
"Share-to-Web Namespace Daemon","C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe","Registry - Machine Run","1","hpgs2wnd (Hewlett-Packard hpgs2wnd)","Hewlett-Packard"
"SunJavaUpdateSched",""C:\Program Files\Java\jre6\bin\jusched.exe"","Registry - Machine Run","1","Java™ Platform SE binary (Java™ Platform SE 6 U11)","Sun Microsystems, Inc."
"SUPERAntiSpyware","C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe","Registry - User Run","1","SUPERAntiSpyware Application (SUPERAntiSpyware)","SUPERAntiSpyware.com"
"swg","C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe","Registry - User Run","1","GoogleToolbarNotifier","Google Inc."
"WMPNSCFG","C:\Program Files\Windows Media Player\WMPNSCFG.exe","Registry - User Run","1","Windows Media Player Network Sharing Service Configuration Application (Microsoft® Windows® Operating System)","Microsoft Corporation"

#9 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:09:49 PM

Posted 18 May 2009 - 11:38 AM

Again, it will take me awhile, but I'll post back
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#10 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:09:49 PM

Posted 18 May 2009 - 03:34 PM

Uncheck the boxes by these entries.
This will only prevent them from running at startup and will not disable the program

You might want to print a copy of this

------------------------



AdaptecDirectCD

Adobe Reader Speed Launch.lnk

Advanced SystemCare 3

AppleSyncNotifier" - Only useful if you subscribe to Apple's MobileMe service and use an iPod on this computer. Otherwise, ditch it.

ArcSoft Connection Service

ctfmon.exe - MS Office language bar

"DW6 - The weather channel - not really needed

Event Reminder.lnk

FlashPath Monitor.lnk

Forget Me Not.lnk
---------------------------------------------------------
These 3 are for your HP Printer. I do not believe they need to run at startup
If for some reason the printer acts up, you can always recheck the box

HPDJ Taskbar Utility

HPHmon04

HPHUPD04
-----------------------------------------------------

iTunesHelper
------------------------------------------------

You don't need this program at all. I would uninstall it. You do not need it for your camera.Microsoft's editor is better
If you want it, at least uncheck the box

Kodak EasyShare software.Software

Kodak EasyShare software.lnk
--------------------------------------

Microsoft Works Update Detection

NvCplDaemon - You only need this if you're going to overclock your nVidia video card

nwiz - nVidia's control panel, not needed at startup

QuickTime Task - For Quicktime player not needed at startup
---------------------------------

Share-to-Web Namespace Daemon - "HP's exclusive Share-to-Web software makes it easy to share content with others through our affiliate Internet websites." In other words an application that allows users to upload scanned images to their personal webpages if desired. Available via Start -> Programs
I'd uncheck the box
--------------------------------------------------

SunJavaUpdateSched

swg

WMPNSCFG - Up to you I would ditch it. Here's a description - http://www.bleepingcomputer.com/startups/W....exe-17104.html
-------------------------------------------------------------------


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 13 or the most recent one..
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.

Did you recently have trouble installing a program? I ask because I see the Windows Installer running in Process Explorer

You should see a noticable difference when you start the computer
Let me know how it runs
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#11 VegetableNazi

VegetableNazi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 18 May 2009 - 08:43 PM

Wow! Yes, there is a big difference starting the computer - it's much faster now. We're not sure why the Windows installer program is running - my mom did mention that she recently had trouble getting the game Boggle to install, that's the only thing we can think of. At this point, the computer seems to be performing much faster. Do you think we're in the clear now? Again, many thanks for your help!
-Kristine

#12 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:09:49 PM

Posted 19 May 2009 - 03:31 PM

Let's do one more thing
Download the Windows Installer Cleanup Utility:
http://support.microsoft.com/kb/290301
Open it and see if Boggle is listed and if it is click on it to highlight it and select Remove
--------------------------------------

Then update and run one more full scan of Malwarebytes
Then we can wrap this up
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#13 VegetableNazi

VegetableNazi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 20 May 2009 - 06:31 AM

Good morning,

I ran the Windows Installer Cleanup tool, but there was no listing for Boggle. I also updated MBAM and ran another scan which said "No malicious items were found." I've pasted the log below. I think things are looking good. BTW, I used some of these same tools on my own computer and was able to improve its startup performance quite a bit also. Thank you again so very much for your help. My mom's computer is running much better and I've learned a lot!

Regards, Kristine

Malwarebytes' Anti-Malware 1.36
Database version: 2156
Windows 5.1.2600 Service Pack 3

5/20/2009 7:24:54 AM
mbam-log-2009-05-20 (07-24-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 248910
Time elapsed: 1 hour(s), 23 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:09:49 PM

Posted 20 May 2009 - 07:39 PM

Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

-------------------------------

[/list]Tips to protect yourself against malware and reduce the potential for re-infection:
• "Simple and easy ways to keep your computer safe".
• "How did I get infected?, With steps so it does not happen again!".
• "Hardening Windows Security - Part 1 & Part 2".
• "IE Recommended Minimal Security Settings" - "How to Secure Your Web Browser".

• Avoid gaming sites, underground web pages, pirated software, crack sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#15 VegetableNazi

VegetableNazi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 23 May 2009 - 01:42 PM

Sorry it took me so long to reply. I created the new System Restore Point and ran Cleanmgr. Thank you again so very much for your help! -Kristine




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users