Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My Documents page opens twice for every reboot of WINXP3 :

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: My Documents page opens twice for every reboot of WINXP3 :

Unread postby snagarjunas » March 1st, 2010, 1:08 pm

Hello Wingman,

1. Any problem executing the instructions?
Absolutely there was no problem executing the instructions.

2. MBAM scan results
Malwarebytes' Anti-Malware 1.44
Database version: 3809
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/1/2010 9:54:29 PM
mbam-log-2010-03-01 (21-54-29).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|I:\|J:\|)
Objects scanned: 235230
Time elapsed: 1 hour(s), 15 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\S-1-5-21-8884958561-9447100109-981184978-4281\sysdate.exe (Worm.Autorun.B) -> Delete on reboot.
C:\System Volume Information\_restore{6E94F5D8-70C7-486B-9235-61FB3E9918E8}\RP167\A0145437.exe (Trojan.Dropper) -> Not selected for removal.
F:\softwares\RegistryEasy.exe (Rogue.Installer) -> Quarantined and deleted successfully.

3. How is the computer behaving?
The computer is behaving in the same way as before: opening "My Docs" page once for every reboot.


Let me know if anything more to be done.


Thanks,

Nagarjun S.
snagarjunas
Regular Member
 
Posts: 26
Joined: February 12th, 2010, 3:13 pm
Advertisement
Register to Remove

Re: My Documents page opens twice for every reboot of WINXP3 :

Unread postby Wingman » March 1st, 2010, 3:00 pm

Hello snagarjunas,

Did you create and run (merge) the fix.reg file successfully?

Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: My Documents page opens twice for every reboot of WINXP3 :

Unread postby snagarjunas » March 2nd, 2010, 2:05 pm

Hello Wingman,

Yes, it was successful.


Let me knw if anything more to be done to solve this issue.


Thanks,

Nagarjun S.
snagarjunas
Regular Member
 
Posts: 26
Joined: February 12th, 2010, 3:13 pm

Re: My Documents page opens twice for every reboot of WINXP3 :

Unread postby Wingman » March 2nd, 2010, 4:08 pm

Hello snagarjunas,

Please check: Start > All Programs > Startup ... make sure there is no reference to Explorer.exe or your My Documents folder.
Are you the only user of this computer? If No... please also check the All Users Startup folder for any reference to Explorer or My Documents.
If either of these is found in either of the Startup folders, please delete it.

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
ERUNT - Emergency Recovery Utility NT
Please run this again, as changes may have occurred between the last run and now. Better to be safe than to be sorry.
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Run:
  1. Please navigate to Start >> All Programs >> ERUNT... double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
ESET NOD32 Online Scan
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
** Make sure you are using an account that has Administrative privileges **
    Press the "ESET Online Scanner" button.
  1. Check the box next to "YES, I accept the Terms of Use."
  2. Click "Start"... a window will open... it may appear nothing is happening... please be patient.
  3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  4. Click "Start". Make sure that the options:
    • Remove found threats is UNCHECKED
    • Leave the "default" settings under Advanced as they are, if not set , please check:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
  5. Click "Start"... ESET scanner will begin to download the virus signatures database.
    When the signatures have been downloaded, the scan will start automatically.
  6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
  7. Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste the contents of log.txt in your next reply.
Remember to enable your Anti-virus protection... before continuing!

Step 3.
Re-run - RSIT (Random's System Information Tool)
You should still have this program on your desktop.
  1. Double click on RSIT.exe to run it.
  2. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced.<<will be maximized
  3. Please post ONLY the "log.txt", file contents in your next reply.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. ESET scan results.
  3. RSIT log.txt file contents.
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: My Documents page opens twice for every reboot of WINXP3 :

Unread postby Wingman » March 4th, 2010, 7:31 pm

3 Day Response
Hello...
It has been 2 days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?
  • Are you having problems understanding or following my instructions?
  • Did you receive help elsewhere or resolve the problem yourself?
Just let me know what's going on otherwise...
After 24 hrs., if you have not replied to this thread... it will be closed!
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: My Documents page opens twice for every reboot of WINXP3 :

Unread postby snagarjunas » March 5th, 2010, 12:19 pm

Hello Wingman,

There was no free time to follow the procedure.

How ever, I will do it by the EOD.


Thanks,

Nagarjun S.
snagarjunas
Regular Member
 
Posts: 26
Joined: February 12th, 2010, 3:13 pm

Re: My Documents page opens twice for every reboot of WINXP3 :

Unread postby Wingman » March 5th, 2010, 12:34 pm

No problem. :)
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: My Documents page opens twice for every reboot of WINXP3 :

Unread postby snagarjunas » March 5th, 2010, 2:25 pm

Hi Wingman,

I have started the scanning process and because of lot of stuff it is taking more than expected time.

Give me some time to post the files required for the issue.


Thanks,

Nagarjun S.
snagarjunas
Regular Member
 
Posts: 26
Joined: February 12th, 2010, 3:13 pm

Re: My Documents page opens twice for every reboot of WINXP3 :

Unread postby Wingman » March 5th, 2010, 2:48 pm

No problem. I know you have other things going on as well.
As long as I know your working on it. :)
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: My Documents page opens twice for every reboot of WINXP3 :

Unread postby snagarjunas » March 6th, 2010, 2:13 am

Hello Wingman,

1. Any problem executing the instructions?
Absolutely there was no problem executing the instructions.

2. ESET scan results.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ab25b8c69d4f904f8b868e7967debfb7
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-03-06 06:06:28
# local_time=2010-03-06 11:36:28 (+0530, India Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 641918 641918 0 0
# compatibility_mode=8192 67108863 100 0 37624 37624 0 0
# scanned=99574
# found=1
# cleaned=0
# scan_time=4038
F:\softwares\esnips.exe probably a variant of Win32/BHO.NWL trojan 00000000000000000000000000000000 I

3. RSIT log.txt file contents.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-03-06 11:40:44
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (17%) free of 20 GB
Total RAM: 958 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:58 AM, on 3/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\K7 Computing\Common\K7SysTry.exe
C:\Program Files\K7 Computing\K7TSecurity\Common\K7TSecurity.exe
C:\WINDOWS\flashmute.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\K7 Computing\K7TSecurity\Common\K7TSMngr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\K7 Computing\Common\K7EmlPxy.exe
C:\Program Files\K7 Computing\K7TSecurity\K7AntiVirus\K7RTScan.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\TBU11\SpeedBitVideoDownloader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [K7SystemTray] "C:\Program Files\K7 Computing\Common\K7SysTry.exe"
O4 - HKLM\..\Run: [K7TSStart] "C:\Program Files\K7 Computing\K7TSecurity\Common\K7TSecurity.exe"
O4 - HKLM\..\Run: [FlashMute] C:\WINDOWS\flashmute.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.way2gamez.com/Jsp/play.jsp?gameid=td104"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBF22DD0-4D56-475F-A65C-6F5A81BB0965}: NameServer = 202.153.32.2,202.153.32.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate1ca62c053e4acfe) (gupdate1ca62c053e4acfe) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: K7Computng - EMail Proxy Server (K7EmlPxy) - K7 Computing Pvt Ltd - C:\Program Files\K7 Computing\Common\K7EmlPxy.exe
O23 - Service: K7RealTime AntiVirus Services (K7RTScan) - K7 Computing Pvt Ltd - C:\Program Files\K7 Computing\K7TSecurity\K7AntiVirus\K7RTScan.exe
O23 - Service: K7TotalSecurity Manager (K7TSMngr) - K7 Computing Pvt Ltd - C:\Program Files\K7 Computing\K7TSecurity\Common\K7TSMngr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8712 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1417001333-1177238915-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1417001333-1177238915-500UA.job
C:\WINDOWS\tasks\Schedule Task Weekly.job
C:\WINDOWS\tasks\SpeedOptimizer Startup.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{114E22D0-BB77-4EE8-8C40-73F1695AE81B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}]
SBCONVERT Class - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll [2009-10-19 2655736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1056498-D09A-41E4-864B-505EDD640D9E}]
SBCONVERT Class - C:\Program Files\SpeedBit Video Downloader\TBU11\SpeedBitVideoDownloader.dll [2009-07-05 2498056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-18 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-12 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-06-18 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}]
GrabberObj Class - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll [2009-10-19 185944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-18 259696]
{0329E7D6-6F54-462D-93F6-F5C3118BADF2} - SpeedBit Video Downloader - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll [2009-10-19 2655736]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"K7SystemTray"=C:\Program Files\K7 Computing\Common\K7SysTry.exe [2007-10-10 28672]
"K7TSStart"=C:\Program Files\K7 Computing\K7TSecurity\Common\K7TSecurity.exe [2007-10-10 38168]
"FlashMute"=C:\WINDOWS\flashmute.exe [2006-03-12 221184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-03-01 4670968]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-18 39408]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-03-20 1312256]
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-12 133104]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe [2009-06-05 468408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eSnips]
C:\Program Files\eSnips\ClientGW.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
C:\Program Files\Software Informer\softinfo.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spellcheck]
C:\WINDOWS\splckr\32_twunk.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TypingSatellite]
d:\SOFTWA~1\Typing\KBOOST.EXE []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-31 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rohos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Rohos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b81bc05a-779b-11de-a5fb-0016763a7c6f}]
shell\AutoRun\command - K:\folder.tmp/tmp.exe
shell\explore\command - K:\folder.tmp/tmp.exe
shell\open\command - K:\folder.tmp/tmp.exe


======List of files/folders created in the last 1 months======

2010-03-05 22:40:24 ----D---- C:\Program Files\ESET
2010-02-26 22:40:31 ----D---- C:\_OTM
2010-02-26 00:14:04 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-23 22:52:09 ----D---- C:\rsit
2010-02-23 21:27:00 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2010-02-23 21:26:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-23 21:26:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-22 17:55:10 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-21 11:45:27 ----D---- C:\WINDOWS\ERDNT
2010-02-21 11:43:06 ----D---- C:\Program Files\ERUNT
2010-02-14 20:32:22 ----D---- C:\Program Files\Nitro PDF
2010-02-14 20:03:28 ----D---- C:\Program Files\Okdo Word Rtf to Excel Converter
2010-02-14 12:13:00 ----A---- C:\WINDOWS\system32\WNASPI32.DLL
2010-02-13 00:34:27 ----D---- C:\Program Files\Trend Micro
2010-02-12 13:47:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-12 13:43:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-12 13:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-12 13:43:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-12 13:43:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-12 13:43:04 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-12 13:42:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$

======List of files/folders modified in the last 1 months======

2010-03-06 11:40:52 ----D---- C:\WINDOWS\Prefetch
2010-03-06 11:34:07 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype
2010-03-06 11:06:47 ----D---- C:\WINDOWS\system32\inetsrv
2010-03-06 09:40:26 ----D---- C:\WINDOWS\Temp
2010-03-06 09:38:40 ----D---- C:\Program Files\Mozilla Firefox
2010-03-06 07:14:01 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-06 07:14:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-05 22:40:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-05 22:40:24 ----RD---- C:\Program Files
2010-03-05 21:53:48 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-05 16:06:51 ----D---- C:\Documents and Settings\Administrator\Application Data\skypePM
2010-03-04 13:53:11 ----A---- C:\WINDOWS\POD.INI
2010-03-02 20:22:57 ----D---- C:\WINDOWS
2010-03-01 21:57:15 ----D---- C:\WINDOWS\system32\drivers
2010-03-01 21:57:15 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-26 22:41:00 ----D---- C:\WINDOWS\system32
2010-02-26 22:05:46 ----SHD---- C:\WINDOWS\Installer
2010-02-26 21:56:57 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-26 00:14:35 ----HD---- C:\WINDOWS\inf
2010-02-26 00:14:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-26 00:14:32 ----D---- C:\WINDOWS\ie8updates
2010-02-26 00:14:20 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-24 13:12:15 ----SHD---- C:\RECYCLER
2010-02-24 12:53:04 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2010-02-23 22:40:57 ----D---- C:\WINDOWS\Help
2010-02-22 22:17:49 ----D---- C:\Documents and Settings\Administrator\Application Data\U3
2010-02-18 23:39:18 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2010-02-14 20:32:25 ----A---- C:\WINDOWS\primopdf.ini
2010-02-14 20:05:06 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2010-02-13 23:05:53 ----D---- C:\WINDOWS\Debug
2010-02-12 13:47:00 ----A---- C:\WINDOWS\system32\MRT.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 K7TdiHlp;K7TDI Helper Service; \??\C:\WINDOWS\system32\drivers\K7TdiHlp.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 K7Sentry;K7Sentry; \??\C:\WINDOWS\system32\drivers\K7Sentry.sys []
R2 pxrts;pxrts; C:\WINDOWS\System32\drivers\pxrts.sys [2010-02-04 49352]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-31 1333760]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 P16X;FM801A PCI Audio (WDM); C:\WINDOWS\system32\drivers\FM801A.sys [2007-11-30 1293312]
R3 pxkbf;pxkbf; C:\WINDOWS\System32\drivers\pxkbf.sys [2010-02-04 24496]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-01-18 80512]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-10-19 4034048]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-14 20992]
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-09-18 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-09-18 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-09-18 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-09-18 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-09-18 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-09-18 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-09-18 90800]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-31 376832]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 K7EmlPxy;K7Computng - EMail Proxy Server; C:\Program Files\K7 Computing\Common\K7EmlPxy.exe [2008-02-06 79128]
R2 K7RTScan;K7RealTime AntiVirus Services; C:\Program Files\K7 Computing\K7TSecurity\K7AntiVirus\K7RTScan.exe [2007-10-09 38168]
R2 K7TSMngr;K7TotalSecurity Manager; C:\Program Files\K7 Computing\K7TSecurity\Common\K7TSMngr.exe [2007-10-10 140568]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-30 516096]
S2 gupdate1ca62c053e4acfe;Google Update Service (gupdate1ca62c053e4acfe); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-11 133104]
S2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
S2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-18 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

4. How is the computer behaving?
My computer is behaving the same way as before.


Let me know if any thing more to be done.


Thanks,

Nagarjun S.
snagarjunas
Regular Member
 
Posts: 26
Joined: February 12th, 2010, 3:13 pm

Re: My Documents page opens twice for every reboot of WINXP3 :

Unread postby Wingman » March 6th, 2010, 9:42 am

Hello snagarjunas,

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

You didn't indicate in your last reply, whether you had done this check or not...

Step 1.
Please check: Start > All Programs > Startup ... make sure there is no reference to Explorer.exe or your My Documents folder.
Are you the only user of this computer? If No... please also check the All Users Startup folder for any reference to Explorer or My Documents.
If either of these is found in either of the Startup folders, please delete it.

Step 2.
Check Scheduled Tasks (XP)
I need information about your Scheduled Tasks. If you know about the task below, please explain, otherwise:
  1. Click Start... click All Programs... click Control Panel... then click Scheduled Tasks.
    or
    Click Start... click All Programs... Open Accessories... select System Tools... then click Scheduled Tasks.
  2. The Schedule Tasks, user interface window should open, showing a list of the scheduled tasks.
  3. Locate the following job/task:
    Schedule Task Weekly.job
    SpeedOptimizer Startup.job
  4. Right click on the item ... select Properties.
  5. Highlight and copy the information in the "Run" entry box... paste that information into your next reply for each "task" listed, above.

Step 3.
You have the "Sony Ericsson PC Suite"... Application Launcher... This starts when you start your computer. This "launcher" can be used to synchronize your phone with your computer. It can include your "My Documents"folder.
Please check this application to see if it is attempting to synchronize your My Documents folder, when started. If so... disable that synchronization.
Reboot your computer and see if your My Documents folder opens when your start your computer.
If you are unsure how to do this, that's OK, we can stop the process another way... just let me know.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Scheduled Task jobs... info on what they execute.
  3. Sony Ericsson start up process synchronizing your My Documents?
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: My Documents page opens twice for every reboot of WINXP3 :

Unread postby snagarjunas » March 7th, 2010, 1:58 am

Hi Wingman,

1. Any problem executing the instructions?
No Problem.

2. Scheduled Task jobs... info on what they execute.
Schedule Task Weekly.job
"C:\Program Files\Registry Easy\RE.exe" -Scan
SpeedOptimizer Startup.job
c:\progra~1\speedo~1\SPO.exe /minimized

3. Sony Ericsson start up process synchronizing your My Documents?
- In Start > All Programs > Start > there are only 2 items named "Adobe Reader Speed Launch" & "Adobe Gamma Loader"
- Start > Run > msconfig > I have unchecked SonyErricson application launcher and rebooted the machine and there was no avail.


4. How is the computer behaving?
The same way as before.



Thanks,

Nagarjun S.
snagarjunas
Regular Member
 
Posts: 26
Joined: February 12th, 2010, 3:13 pm

Re: My Documents page opens twice for every reboot of WINXP3 :

Unread postby Wingman » March 7th, 2010, 12:44 pm

Hello snagarjunas,

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
ERUNT - Emergency Recovery Utility NT
Please run this again, as changes may have occurred between the last run and now. Better to be safe than to be sorry.
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Run:
  1. Please navigate to Start >> All Programs >> ERUNT... double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
OTM
  1. Please download OTM.exe...by Old Timer. Save it to your desktop.
  2. Double click on OTM.exe to run it.
    If you receive the "Open File - Security Warning", please press Run.
  3. Please copy and paste the text in the Code box below, into OTM (1).
    Please refer to the OTM screen image below, for reference.
    Warning: Do not type it out... errors could damage your machine.
    Code: Select all
    :Processes
    :Reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spellcheck]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TypingSatellite]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b81bc05a-779b-11de-a5fb-0016763a7c6f}]
    :Commands
    [EmptyTemp]
    [Start Explorer]
    [Reboot]

    Please refer to this image to use OTM.exe

    Image
  4. Click on MoveIt! (2)
  5. The end results of the processing will be in 2 places:
    • The Results window on the right side of the OTM screen.
    • A log (text) file created in "C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log"
  6. Copy all the text from the Results window... Open Notepad, paste the OTM results into the Notepad file, save it on your desktop.
  7. Click Exit (3) when done.
  8. Please paste the entire content from the OTM (Results) window (Notepad file) or the OTM log file, in your next reply.
NOTE: If your computer did not automatically reboot... please reboot it (normally) now!
Caution: Be careful of what you copy and paste with this tool. OTM is a powerful program, designed to move highly persistent files and folders and is intended by the developer to be used under the guidance and supervision of a trained malware removal expert.


Step 3.
SystemLook
Please download SystemLook.exe... by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Double-click SystemLook.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?"... press the Run button.
  2. Highlight and copy the following entries: ... into SystemLook's main text entry window.
    Code: Select all
    :filefind 
    userinit.exe
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named "SystemLook.txt"
  4. Please post the contents of the SystemLook.txt file in your next reply.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. OTM scan log contents.
  3. SystemLook.txt contents.
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: My Documents page opens twice for every reboot of WINXP3 :

Unread postby snagarjunas » March 8th, 2010, 1:18 pm

Hello Wingman,

1. Any problem executing the instructions?
Steps were clear so, execution process went cool.

2. OTM scan log contents.
All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spellcheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TypingSatellite\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b81bc05a-779b-11de-a5fb-0016763a7c6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b81bc05a-779b-11de-a5fb-0016763a7c6f}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 148123043 bytes
->Temporary Internet Files folder emptied: 45771246 bytes
->FireFox cache emptied: 86909987 bytes
->Google Chrome cache emptied: 80770315 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NAGARJUN-BD982A

User: NetworkService
->Temp folder emptied: 98304 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 377337 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 29809472 bytes

Total Files Cleaned = 374.00 mb


OTM by OldTimer - Version 3.1.9.0 log created on 03082010_223901

Files moved on Reboot...
File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_5cc.dat not found!

Registry entries deleted on Reboot...

3. SystemLook.txt contents.
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 22:46 on 08/03/2010 by Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "userinit.exe"
C:\WINDOWS\system32\dllcache\userinit.exe --a--c 26112 bytes [12:00 14/04/2008] [12:00 14/04/2008] A93AEE1928A9D7CE3E16D24EC7380F89
C:\WINDOWS\system32\userinit.exe --a--- 26112 bytes [12:00 14/04/2008] [12:00 14/04/2008] A93AEE1928A9D7CE3E16D24EC7380F89

-=End Of File=-


Thanks,

Nagarjun S.
snagarjunas
Regular Member
 
Posts: 26
Joined: February 12th, 2010, 3:13 pm

Re: My Documents page opens twice for every reboot of WINXP3 :

Unread postby Wingman » March 8th, 2010, 8:28 pm

Hello snagarjunas,

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

I'm starting to run out of ideas here...
Please check in MSCONFIG... Startup tab... to see if there is an "explorer.exe" entry present. If it is, please remove the checkmark (UNCHECK), click OK, then restart your computer. Let me know if the problem remains.

Also you can check in Control Panel > Folder Options> View tab...
Check to see if the entry "Restore previous folder windows at logon" is checked... if it is, UNCHECK it. Reboot and see if you still have the problem.

Please let me the outcome of these checks and any steps you took.

Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 303 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware