Jump to content


Photo

Problem at start up


  • This topic is locked This topic is locked
45 replies to this topic

#1 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 28 February 2006 - 09:02 PM

Today I helped a friend update her resume and then attempted to write it to a CD. I was using Roxio Drag to Disc. At first, it wouldn't work and I thought maybe I was using a bad CD. I put in a fresh CDR and it worked just fine. Later when I restarted my computer, at start-up, I got a pop up saying "No disk in drive, insert disk in drive." It's not specifying which drive or giving any other information. It's giving me the options to Cancel, Try Again or Continue. Even hitting Cancel, it pops right back up. I end up having to hit Cancel numerous times to get it to finally stop. I've edited my start-up programs thinking that maybe something was trying to run at start-up, all with no changes. I've run out of ideas. As it's been quite some time since I've posted, I'll also include my HJT log. Any help you can offer would be great!! Thanks in advance.


Logfile of HijackThis v1.99.1
Scan saved at 7:02:49 PM, on 2/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1135244869623
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1135244721480
O17 - HKLM\System\CCS\Services\Tcpip\..\{57920D28-E11D-43A3-BE55-35C31EEE8894}: NameServer = 205.188.146.145
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#2 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 05 March 2006 - 07:12 PM

This is a puzzle.

Ordinarily it would be because you left something like Explorer running (it automatically restarts) and it had a drive such as A: open when you rebooted.

Or, one of your programs has data on a removable drive.

Just in case, though, please do this.
Please download, install, and update the NEW free version of Ewido trojan scanner:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
  • If ewido finds anything, it will pop up a notification. Select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Then post the Ewido log and a new HijackThis log, and let us know if you still get ""No disk in drive, insert disk in drive."".
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#3 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 05 March 2006 - 07:23 PM

Also, wild guess, you could try fixing this startup (won't affect the file itself)
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe

Mark the box next to it, click 'Fix checked", and reboot.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#4 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 05 March 2006 - 11:37 PM

Hmmm, you may be onto something. As I'm downloading Ewido, I tried your second suggestion. I checked O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe and then clicked Fix Checked. I haven't rebooted yet, I'm still downloading Ewido. As soon as I clicked fix checked and closed HiJackthis, my Spybot Tea timer prompted me to "Allow Change." As soon as I clicked "Allow" the same pop up came up. This one definately said to insert disk into drive F. Again, I had to click "Cancel" about 4 times before it would stop. Does this help at all? I'll continue with my download of Ewido and go from there.

#5 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 05 March 2006 - 11:55 PM

When you fix that line in HijackThis, you are just preventing it from starting automatically with windows, and you won't see any difference until after you reboot,

You can still run dvd43_tray.exe manually when needed. Info here: http://www.castlecop...5031-dvd43.html

Your Ewido scan will take quite a long time but it is very thorough.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#6 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 06 March 2006 - 12:10 PM

Dear returnofsid, :)

(Note: Please read through these instructions a couple of times before executing the steps in this post.)

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop.
******************************

Welcome to the SWI forums. :)
******************************

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

You can reenable TeaTimer once your system is clean.
**************************************************

I believe the problem you are experienceing is to due either with a "corrupt driver" on your CD-R or CD-RW or DVD/RW (i.e. which is probably installed as your F: drive) drive or it has something to do with your "Roxio Drag to Disk" software.

Can please tell me in detail what type of "CD-R and/or CD-RW and/or DVD/RW" drive you have (i.e. list the manufacturer name, model number and serial number if possible)?

I am assuming you use your A: drive as a floppy drive, and the E: drive as a CD-ROM drive exculsively, can you please confirm this in detail?
**********************************

Next, when you are prompted with the following "no disk is detected and to insert disk into drive", instead of "canceling" this prompt, insert a "blank CD-R" disk into your F: drive and press the "Continue" or "OK" button. There may be a possiblity that the "Roxio Drag to Disk" software did not complete a certain task/taks and by inserting a "blank CD-R" disc into the drive and pressing the "Continue" or "OK" button, you will help this software to complete its task/tasks.
************************************

Note: This part is important.

Next, if the above does not work, I found this following link: http://aumha.org/win5/a/xpcd.php. It describes how to Burning CDs in Windows XP. What is interesting about this link, is that led me to the the following link:

http://support.micro...om/?kbid=324129. The title of this articile is the following: "How to troubleshoot issues that occur when you write data to a CD-R or CD-RW optical disc in Windows XP".

I want you to search/look on this page for the section that says "There is no disc in the drive. Please insert a writable CD into drive" and try to execute the instructions in that section. It basically says that you need to uninstall your current "driver" for your drive (i.e. F: drive) and reinstall this "driver" for the this drive (i.e. F: drive), because the "driver" for this drive may be "corrupted".

Restart your computer and then please post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps. :)

Edited by rambro, 06 March 2006 - 01:04 PM.


#7 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 06 March 2006 - 01:15 PM

Okay, I’ve turned off Tea Timer and rebooted. Earlier, I also checked DVD43 in HiJackThis and checked fix checked. When the prompt came up to insert a disk into the drive, it didn’t indicate which drive. I put a blank CD-R into drive F, which is a DVD-RW drive. It is a HP dvd writer, model #530i. This has no affect and the prompts continue. I’ve tried clicking “Try Again” and “Continue.” Neither work. Oh and Drive A is my floppy, which also either isn’t working properly or the floppies I have are damaged. Drive C and D are my hard drives, Drive E is a DVD Rom and Drive F is a DVE-RW. I’ve also got a Drive G??? Which I will address next.
There is another issue that I failed to mention. I’ll feel really dumb if this is the problem and I didn’t mention it….but I think that may be the case. For awhile now, I’ve had an icon on my tool bar that I am unfamiliar with. When I hover over it, it says “Safely Remove Hardware.” When I click on it, I get “Safely remove USB Mass Storage Device-Drive (G:)” As far as I know, I don’t have any such drive. I’ll now explain what happens when I follow the steps to remove it. I click the icon again and get “The USB Mass Storage Device has been disabled and can now safely be removed,” and the icon disappears. So I go to my Hardware Device Manager to look for it. Near the bottom and under the category of USB Controllers, I have “USB Mass Storage Device” with a yellow exclamation mark to the left of it. I right click on it and click “Uninstall” It says it has successfully been uninstalled and asks me to restart my computer. Since I’m typing this as I go through the steps, I haven’t restarted yet. I’m actually typing it in Word and after rebooting will see what happens and let you know. Then I’ll copy it all into the forum. This is the second time I’ve taken all of these steps to uninstall this drive. The first time, when I rebooted, I did NOT get the prompt to insert a disk into the drive. I then checked my Device Manager and the USB Mass Storage Device did NOT show up. However, it somehow reinstalled itself without me doing anything. Could this possibly be the USB cable I have plugged into the back of my tower that my Kodak Camera uses? My Camera is only plugged in when I am uploading pictures. Otherwise, the cord is plugged into the tower and just hanging off the front of my desk. Okay, I will now reboot the computer, which should finish the uninstall of the mysterious USB Mass Storage Device.
After rebooting, I did NOT get the prompt to insert a disk into the drive but I do have the icon in my tool bar to Safely Remove Hardware. It is also still appearing in my Device Manager. When I right click on it in the Device Manager, and then click properties, I’m seeing that it’s location is “Location 0 (MP500)” MP500 is my Cannon Pixma MP500 printer. LOL This is really strange. I have removed this device twice now. Every since installing this new printer, when I turn it on, I get a prompt that says “This USB device can perform faster if you connect it to a Hi-Speed USB 2.0 port. For a list of available ports, click here.” However, when I click it says that no Hi-Speed USB ports are available. I will now try rebooting, without attempting to remove the Mass Storage device again, to see if I get the prompt to insert a disk.
Okay, I just rebooted and got the prompt to insert a disk into the drive…again, not specifying which drive. I am still seeing the icon to Safely Remove Hardware in my toolbar as well. So it would seem that when I first uninstall the Mass Storage Device and reboot to complete the uninstall, I don’t get this prompt. But then the device is reinstalling itself somehow and then I get the prompt. I hope I haven’t confused things beyond all hope!!! I will await your response and in the meantime, I will read through the links you provided on troubleshooting CD-Rs.


Now I will give you the results of the Ewido Scan as well as a new HiJack This log.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:44:42 PM, 3/5/2006
+ Report-Checksum: 7A38BF11

+ Scan result:

:mozilla.7:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\z6zqjqra.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\z6zqjqra.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\z6zqjqra.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\z6zqjqra.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\z6zqjqra.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\z6zqjqra.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\z6zqjqra.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kids\Cookies\kids@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kids\Cookies\kids@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kids\Cookies\kids@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Kids\Cookies\kids@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Kids\Cookies\kids@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Kids\Cookies\kids@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Kids\Cookies\kids@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Kids\Cookies\kids@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Kids\Cookies\kids@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Kids\Cookies\kids@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.384:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.410:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.438:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Counted : Cleaned with backup
:mozilla.454:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.472:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.503:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.504:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.505:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.506:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.507:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.508:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.509:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.510:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.511:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.548:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.549:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.550:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.551:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.553:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.554:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0qzy459a.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0qzy459a.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0qzy459a.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0qzy459a.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0qzy459a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0qzy459a.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0qzy459a.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0qzy459a.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0qzy459a.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0qzy459a.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0qzy459a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0qzy459a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0qzy459a.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0qzy459a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0qzy459a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0qzy459a.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0qzy459a.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0qzy459a.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup


::Report End



Logfile of HijackThis v1.99.1
Scan saved at 10:46:49 AM, on 3/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1135244869623
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1135244721480
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#8 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 06 March 2006 - 02:24 PM

Dear returnofsid, :)

I wouldn't worry about the "Safely Remove Hardware", icon in your system tray, it is safe. That icon gets activated when you plug in a device through your USB port (i.e. your Kodak Camera - try unplugging your USB cable too - otherwise leave it alone).

I want you to stop uninstalling the hardware associated with that icon when it shows up in your system tray!!!

However, if the Safely Remove Hardware icon bothers you, here is a couple of links you can look at:

http://www.tech-reci...ws_tips598.html
http://www.helpwithw...P/howto-07.html
***************************************

Next, back to the business at hand, I guess with this DVE-RW drive (i.e. F: drive), you have the ability to burn CD-R discs using your "Roxio Drag to Disk" software.

Since inserting a blank CD-R disc in your DVE-RW drive when prompted did not solve your problem. I would try re-installing the driver for your DVE-RW device and see if that works.

In your last post, you basically went off on a tangent (i.e. just following the instructions), but lets now see if you can re-install that driver for your DVE-RW drive.

Good Luck :)

#9 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 06 March 2006 - 02:54 PM

Sorry about all the misdirection. Was just trying to figure out of this device I know nothing about could be the problem. Okay, I've gone through the steps to uninstall and reinstall the DVD-RW driver, using the install disk that came with it. First I uninstalled the driver and reinstalled....using the directions from the link you sent me earlier. I then rebooted and am still having the same issue. Could it possibly be that the DVD-RW drive itself is damaged?

#10 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 06 March 2006 - 03:35 PM

Dear returnofsid, :)

I went to Hewlett-Packard's website: http://www.hp.com.

I was searching for a firmware update to your "HP DVD Writer dvd530i" drive, I came upon this link:

http://h10025.www1.h...en&cc=us&os=228

Under "Firmware"

Download "HP DVD530 Firmware Update" and install (i.e. HP will provide you with directions).

Note: Try looking through www.hp.com to confirm that this is the right driver for this drive.

rambro :)

#11 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 06 March 2006 - 04:53 PM

I had already downloaded and installed that firmware. I did that as soon as uninstalling and reinstalling the driver didn't work. However, I do think I've hit on something....Through the Device Manager, I disabled my drives one at a time, rebooting in between each one. If nothing changed, I re-enabled that particular drive. I started with F, then E and finally A. When I disabled drive A: and rebooted, I didn't get the prompt to insert disk. Just to make sure, I rebooted 3 times, still no problem. I then re-enabled drive A:, rebooted and got the prompt to insert disk. Needless to say, it's now disabled again and I've rebooted twice with no problems. I don't like not having it enabled but maybe the drive itself is bad. In the near future, I'll swap it out with a different drive and see if that makes a difference. I'm still confused as to why, on the couple occassions that it did designate a drive to insert a disk into, it designated drive F:. I'm just all kinds of confused.

#12 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 06 March 2006 - 08:17 PM

Dear returnofsid, :)

Please right click on the "My Computer" on your desktop and choose the "Properties" option, In the "System Properties" dialog box, please select the "Hardware" tab and press the "Device Manager" button. Under the DVD-CD-ROM drives expand the "plus" sign and tell me what is says under this option. Under the "Floppy disk drive" expand the "plus" sign and tell me what it says under this option. Take note (i.e. tell me) if their are any "yellow" marks under these options.

Next, I want you to go to the "bios" of your computer. You can get to your bios, by restarting your comuter and press either the "F2" or "Delete" key on your keyboard when your computer is restarting.

Once you are in the "bios" of your computer, I want you to go to the "Advanced" menu and navigate to the "Diskette Configuration" and see if your Floppy drive is recognized.

I then want you to "Esc" out of the "Diskette Configuration" option and go to the "Boot" menu and tell me your "boot" sequence order for example:

1st boot device =
2nd boot device =
3rd boot device =
4th boot device =
5th boot device =
etc...

Then I want you to "Esc" out the bios and choose the option to "Exit discarding changes" and go back into windows.

Let me know in detail what you find out.

rambro :)

#13 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 06 March 2006 - 10:59 PM

Alright Rambro, I printed out your instructions so I could follow them while logged off.

First Step: Under DVD/CD-ROM in Device Manager, it lists “HP DVD Writer 530i” and “JLMS-XJ-HD166S.” These are my DVD-RW and DVD-ROM. To the left of them are the icons without any marks of any kind through them. There are also no yellow or red marks.

Second Step: Under Floppy Disk Drives, it lists “Floppy Disk Drive” with a red X through the icon to the left of it. I assume this is because I disabled it earlier. Now I will reboot and get into BIOS.

In the Advanced section of Bios, I was unable to locate anything called “Diskette Configuration.” However I will list what is there from top down.

Quick Boot is Enabled
Boot devices are as follows
#1 IDE-0
#2 Floppy
#3 CD-Rom

Try Other Boot Devices – Yes
S.M.A.R.T. for Hard Disks – Disabled
Floppy Drive Swap – Disabled
Floppy Drive Seek – Disabled

#14 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 06 March 2006 - 11:42 PM

Dear returnofsid, :)

I want you to go to the "bios" of your computer. You can get to your bios, by restarting your comuter and press either the "F2" or "Delete" key on your keyboard when your computer is restarting.

Once you are in the "bios" of your computer, I want you to go to the "Advanced" menu and navigate to the "IDE Configuration". I want you to list the following for me:

Primary IDE master =
Primary IDE slave =
Secondary IDE master =
Secondary IDE slave =

"Esc" out of the "IDE Configuration" option. Then I want you to "Esc" out the bios and choose the option to "Exit discarding changes" and go back into windows.

I also want to know if your computer system recognizes your hard drive.

Let me know in detail what you find out.

rambro :)

#15 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 07 March 2006 - 01:57 AM

Alright, I've done as you asked...and one of us doesn't know as much about BIOS as we think. I'm not saying it's you so please don't take offense. However, the last two things you've had me look for in my BIOS don't exist...or if they do, they're invisible. First was "Diskette Configuration" and now it's "IDE Configuration" I looked for both of those in the Advanced settings of BIOS. No such luck...maybe it's me. I was able to locate something similar to what you're asking about in my Standard CMOS settings. It's not called "IDE Configuration" but does list the things you asked for. Here is what they are set at.

Primary IDE Master - Auto
Primary IDE Slave - Auto
Secondary IDE Master - Auto
Secondary IDE Slave - Auto

As for if my computer is recognizing my hard drive, I know there is a place to go to find that out but I don't remember where it is. I do have 2 hard drives and both seem to be working as I'm able to boot up my computer and I'm also able to access things that are on both hard drives. I hope this answers the questions you asked...if not, please let me know. So far, since disabling my floppy drive, I haven't had a single instance of the pop up asking me to insert a disk. However, I have had problems with my computer freezing up on me quite a bit since then. Sometimes it freezes up after booting up and sometimes it freezes up before completing boot up.

#16 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 07 March 2006 - 08:51 AM

Dear returnofsid, :)

Note: For each type of computer the "bios" might be set up a bit differently.

When I go into the "bios" of my computer, go to the "Advanced" menu and choose the "IDE Configuration". I have the following setup

Primary IDE master = 1st hard drive
Primary IDE slave = 2 nd hard drive
Secondary IDE master = DVD-ROM
Secondary IDE slave =CD-R/CD-RW drive

The following information you gave me:

Primary IDE Master - Auto
Primary IDE Slave - Auto
Secondary IDE Master - Auto
Secondary IDE Slave - Auto


Basically, tells me "nothing" new (i.e. but nice try). :)

One of the possiblities I was looking for was that your hard drive was not being recognized by your computer system, which would cause something like the following message: "no disk is detected and to insert disk into drive".
*********************************************

I would like you to make sure that your cable connections on your two hard drives, DVD drives and floppy drive are secure in your computer. That all your drives have power going to them and (if possible) see if the jumpers settings are set correctly for your two hard drives, your DVD-ROM drive and your DVD-ROM writer (i.e. just do a quick physical check).

I would like you to go back into your bios and change the boot sequence to the following:

#1 Floppy
#2 CD-Rom
#3 IDE-0 (hard drive - master)


Then I would like you to go into windows, uninstall the driver for the floppy drive and reinstall in it through "Plug and Play" or if you have the driver for the floppy re-install the driver.

Let me know in detail how your computer system is running after performing the above steps. :)

#17 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 07 March 2006 - 11:39 AM

Alright, I changed my boot order to what you specified, booted into windows with no problems. Uninstalled my floppy drive controller and floppy drive, through the device manager. Then, using Add New Hardware in the Control Panel, reinstalled my floppy drive. Then I rebooted again. I did NOT get the pop up telling me to insert a disk. So far, everything seems to be going fine. Floppy is now enabled. As for the information about the IDE configuration...mine matches yours except that my secondary slave is a DVDRW. Physically, everything seems to be plugged in snuggly and my jumpers are all set correctly. Hope this information helps.

#18 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 07 March 2006 - 12:40 PM

Okay, I'm back...I'd left the computer running while away for awhile. When I came back to it, everything was frozen up. I couldn't move my mouse, keyboard didn't work and couldn't CTRL/ALT/Delete even. I had to hold down the power button to power down the system. Then upon reboot, it froze up and I had to do it again. Finally got it to boot up. This has been going on intermittently for a couple of days now. So far, I haven't got the prompt that started this whole post though....so that's good.

#19 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 07 March 2006 - 01:21 PM

Dear returnofsid, :)

Ok, your last two posts sound somewhat promising. :)

I would like you to clear the cookies from your Mozilla's FireFox browser. Here is how it is done.

Open up the FireFox browser.

Go to the "Tools" menu and select the "Options" option under the Tools menu.
The Options dialog box should pop up, choose the "Privacy" icon (i.e. the icon looks like a lock).
In the "Privacy" page choose the "Cookies" tab.
Under the "Cookies" tab press the "Clear Cookies Now" dialog box.
*****************************************************

Please register (it's free, don't worry) with PCPitStop and run the full diagnostic tests on your computer here: http://www.pcpitstop...top/default.asp. When the tests are complete, a results page will pop up. Click "Share these results with TechExpress" on the left-hand side. Then copy the URL provided and post it here for me in a reply to this post.
*****************************************************

Dear returnofsid, I want to look over your hijackthis log, and see if I can spot anything for you to fix. I will post back to you.

rambro :)

#20 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 07 March 2006 - 06:21 PM

Well, the computer freezing problem seems to be getting worse. More and more often, when I start up my computer, in continually tries to restart. It will get to the opening page where it tells me about my video card and then goes to the memory test page...after that, it goes to the page where it asks me if I want to start in Safe mode, Safe mode with network, safe mode with command prompts, the last working mode or normal start up mode. No matter which one I choose, it returns to the very beginning of the start up process. It will do this 3 or 4 times before finally starting up. Sometimes it won't ever start up and just freezes. Once I get into Windows, it seems to run okay for awhile and then freezes again. I'll post a new log but I'm wondering if this could be a hardware problem. It all seemed to start a couple days ago.


Logfile of HijackThis v1.99.1
Scan saved at 4:21:03 PM, on 3/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsu...asp/tgctlsr.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1135244869623
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1135244721480
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#21 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 07 March 2006 - 06:49 PM

Dear returnofsid, :)

Did you go here yet?

Please register (it's free, don't worry) with PCPitStop and run the full diagnostic tests on your computer here: http://www.pcpitstop...top/default.asp. When the tests are complete, a results page will pop up. Click "Share these results with TechExpress" on the left-hand side. Then copy the URL provided and post it here for me in a reply to this post


Can you tell me what Internet Service Provider (ISP) you are using?

Can you tell me how you are connecting to the Internet (i.e. cable modem, dialup, DSL, etc.)?

#22 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 07 March 2006 - 07:05 PM

Dear returnofsid, :)

Looking at your last post, I noticed some new software you installed on your computer.

I see a new file sharing program called: Shareaza

and I think you have a new ISP - comcast.

Do you care to come clean and tell me the new software you have installed on your computer since post #7 in this thread.

The reason why I ask, is that you are having problems with your computer, wouldn't you want to install this software after your computer is functioning somewhat normally again.

Do you think this freezing problem might have something to do with this new software?

rambro :)

#23 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 07 March 2006 - 09:37 PM

Dear returnofsid, :)

(Note: You might not find some of the lines to fix in the HijackThis application, don't worry about it, just fix the lines you can find.)

(Note: Please read through these instructions a couple of times before executing the steps in this post.)

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
******************************

Please download and run a Free Trial of Trojan Hunter at http://www.misec.net...rojanHunter.exe. Please restart your computer.

Please run the Housecall online virus scan located at: http://housecall.tre.../start_corp.asp. Follow the prompts to scan your hard drive for viruses. Select the "Autoclean" option so that Housecall will remove any viruses from your system. When the scan is finished, please restart your computer.

Then please run the Panda scan here: http://www.pandasoft...n_principal.htm. Delete any viruses found, and restart your computer.
*******************************

Download, install, update, configure and run a scan with Ad-Aware SE at the following link: http://rstones12.gee...areSE_setup.htm

Restart your computer.
*************************

Run HijackThis and click "Scan." Place checks next to the following entry/entries (if they exist):

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

Optional Fixes

I highly recommend that you fix these items:

Logitech Desktop Messenger comes with software that automatically checks for software upgrades AND new products, services and special offerings from Logitech. This software can also collect information about you. The following link describes how to disable Logitech Desktop Messenger: http://www.logitech....=5331?AD=PE_FAQ. I suggest fixing the following lines.

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

Dear returnofsid, the following lines are optional fixes to stop unnecessary programs from running on startup, which may increase computer system performance. I highly recommend you to fix these items:

This is is a task tray icon which is used as a shortcut to a number of QuickTime related features. You really don't need this in your system tray. It is safe to remove this from your startup. QuickTime's most common purpose is for watching movies commonly in the .mov format. I suggest you fix this line.

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

wkfud.exe - The Marketing Feature for Microsoft Works 6.0 which displayes a few advertisments. This process can be safely terminated. If you want this feature then don't fix this line.

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

WksSb.exe - The Works Portfolio tool lets you collect and organize text and pictures from the Web or your favorite program. Can be prevented from starting from a setting within Portfolio. Please fix this line, because this program can be run other than in startup and this will increase the performance of your computer.

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

nwiz.exe - Associated with the newer versions of nVidia graphics cards drivers. Allows you to immensely improve desktop layouts by setting preferences and optimizations. However, this isn't necessary for the operation of your system. If you want this feature then don't fix this line.

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

Adobe Gamma Loader.exe - Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. If you want this feature then don't fix this line.

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required - Note: if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show.

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE


Close all browser and other windows except for HijackThis, and click "Fix Checked" button to finish the repair. Close the HijackThis application.

Please reboot your computer into Safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu). For additional help in booting into Safe Mode, see the following site: http://www.pchell.co.../safemode.shtml

Next, make sure your PC is configured to show hidden files. Here is how to do this:

Windows XP

* Click "Start".
* Open "My Computer".
* Select the "Tools" menu and click "Folder Options".
* Select the "View" Tab.
* Under the "Hidden files and folders" heading select "Show hidden files and folders".
* Make sure "Hide extensions for known file types" is unchecked
* Uncheck the "Hide protected operating system files (recommended)" option.
* Click "Yes" to confirm.
* Click "OK".

Here is a link for further explanation: http://www.xtra.co.n...1916458,00.html

Please clean out temporary and Temporary Internet files. Go to Start -> Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

Restart your computer in normal mode, and then please post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps. :)

#24 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 07 March 2006 - 09:56 PM

Okay, before I follow any of the above suggestions, I'll tell you what new software I've installed. No the new software has nothing to do with the problems as I was having the problems before installing any new software. As for Shareaza, I've had it on my system and running perfectly fine for the past 2 years. Not sure why it'd be showing up as new.
Since the problems started, I've installed WinPatrol and Comcast Cable internet. That's it. I installed WinPatrol based on a previous post in reply to my problems and I installed Comcast because I got Cable internet and it was a scheduled install. Yes, I would like to have got the computer fixed before installing Comcast but wasn't able to.
Now I will go back and read your last few posts and follow those suggestions. Thank you.

#25 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 07 March 2006 - 10:16 PM

So far, I've only done the PCPitStop test. I did click the share button and this should be the URL....if I did it correctly...lol.

http://www.pcpitstop...ess/default.asp

It did give me a result of a minor problem with IE, however I rarely use IE and usually use Mozilla. The only time I use IE is for Window's Updates or for tests that are run in IE.

I will continue following the rest of your above mentioned suggestions. Hope these PCPitstop test results help.

#26 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 08 March 2006 - 02:49 AM

Alright, I have finished with all of your above suggestions. The TrendMicro scan took forever because my computer kept freezing up during it so I'd have to reboot and start over. But it's done. Panda soft did find some spyware and I'm going to run it again to make sure I've got it all deleted. I will now supply you with a new HiJackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 12:47:13 AM, on 3/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\sol.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\America Online 9.0\shellmon.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsu...asp/tgctlsr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1135244869623
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1135244721480
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#27 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 08 March 2006 - 04:36 AM

Dear returnofsid, :)

So far, I've only done the PCPitStop test. I did click the share button and this should be the URL....if I did it correctly...lol.


Ok, can you please repeat the instructions for the PCPitStop test. You did not do it correctly. I really need that information. The following may help:

To use TechExpress, you must be a registered user of the site and test your PC so that we have some results to analyze. If you are already a registered user, run a new test or select a saved result. If not, click here to register, it's free! Take a look around this page to see what TechExpress can do for you.


Ok, I given these "PCPitStop test instructions" to three other users, and they were able to follow it correctly, therefore I believe the instructions can be done. Please repeat those instructions.

rambro :)

#28 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 08 March 2006 - 02:37 PM

Will do....be back in a bit with a URL.

#29 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 08 March 2006 - 02:46 PM

DUH...didn't see the big, bright, yellow bar earlier with the link to share. Here ya go.


http://www.pcpitstop...WSG0WQK0FJSV4CR

#30 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 08 March 2006 - 06:53 PM

Dear returnofsid, :)

Nice job on your last post you sent me. Thanks for that url. :)

I was looking at your test results from PCPitstop and under the "Windows" Section, I found the following:

Hibernate enabled - Yes

HIBERFIL.SYS present - Yes

Sleep/Resume policy in use Yes


The above items in maybe be a factor, in why your computer is freezing. I would like you to do the following:

Open the Windows Control Panel
Double-click Power Options
Click the Hibernate tab, de-select the 'Enable hibernate" check box, and then click Apply.
Restart your computer and hiberfil.sys will be automatically deleted.


If you change your mind in the future and would like to use hibernation, go to the Windows Help & Support Center and search for 'enable hibernation'. It should be the first result.

To read a little more about how hiberfil/hibernate policy may be affecting your computer read here:
http://www.softwarep...fil-sys-xp.html

See also this related link: http://techrepublic....1-5630184.html#
****************************************

The following is optional - but this is what I have on my computer - You may want to implement these settings on your computer

Open the Windows Control Panel.
Double-click Power Options.
Click the "Power Schemes" Tab.
Under the "Power Schemes" section choose "Home/Office Desk" in the drop-down list box.
Under the "Settings for Home/Office Desk power scheme" section:
In the "Turn off monitor" drop-down list box, choose "Never".
In the "Turn off hard disks" drop-down list box, choose "Never".
In the "System standby" drop-down list box, choose "Never".

**********************************

Please rerun the PCPitstop test again and see if the three options I mentioned in this post are turn off (i.e. that they say "No").
**************************************

In addition, let me know in detail how your computer system is running after performing the above steps. :)

#31 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 08 March 2006 - 10:06 PM

Alright, I changed my hybernation settings. The other settings you suggested were already set as you suggested. Here's the link to a new test.

http://www.pcpitstop...WSG0WQK0FJSV4CR

#32 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 09 March 2006 - 12:12 AM

Dear returnofsid, :)

Lets look at the following from your latest test results at PCPitstop.

Sleep/Resume policy in use Yes


The above item maybe be a factor, in why your computer is freezing. I would like you to do the following:

The following is optional - but this is what I have on my computer - You may want to implement these settings on your computer

Open the Windows Control Panel.
Double-click Power Options.
Click the "Advanced" Tab.
Under the "Power buttons" section:
In the "When I press the power button on my computer" drop-down list box, choose "Shut down".
In the "When I press the sleep button on my computer" drop-down list box, choose "Do nothing".


See the following link as a reference: http://www.computerh...es/ch000735.htm.
**********************************

Please rerun the PCPitstop test again and see if the above option I mentioned in this post is turned off (i.e. that it says "No").
**************************************

In addition, let me know in detail how your computer system is running after performing the above steps. :)

Edited by rambro, 09 March 2006 - 12:17 AM.


#33 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 09 March 2006 - 10:07 AM

Alright, Power Button was set to shut down already and sleep button, which I don't even have on my tower is now set for do nothing. I've had my computer pretty much on for the past 24 hours, except for a couple reboots and the only problem is a slow start up. No freezing up once it's in Windows anymore. Here's my latest test results.



http://www.pcpitstop...WSG0WQK0FJSWQQR

#34 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 09 March 2006 - 10:40 AM

Dear returnofsid, :)

I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

Restart your computer.
  • Open Hijackthis, In the lower right corner click the "Config..." (Configuration) button.
  • Once in the "Configuration" panel, click "Misc Tools" button.
  • Then click the "Open Uninstall Manager..." button.
  • The "Add/Remove Programs Manager" panel should appear.
  • In this panel click the "Save list" button.
  • Save the "uninstall_list.txt" file to its default location.
  • Then copy and paste the notepad text that appears in the generated "unistall_list.txt" file in a reply to this post.


#35 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 09 March 2006 - 03:53 PM

WOW...this list sure lists a lot more things than the Add/Remove Software in Window's Control Panel....Here you are....

1Click DVD Copy 4.2.9.2
Ad-Aware SE Personal
Adobe Photoshop 7.0
Adobe Reader 6.0
Adobe SVG Viewer 3.0
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
ArcSoft PhotoStudio 5.5
ArcSoft ShowBiz DVD 2
AVG Free Edition
Canon MP Navigator 2.0
Canon MP500
Canon Utilities Easy-PhotoPrint
CardRd81
CCScore
C-Media 3D Audio
Comcast High-Speed Internet Install Wizard
ComcastSUPPORT
CR2
DiscWizard for Windows
DVD43 v3.7.0
DVDXCopy Platinum 4.0.3
Easy CD & DVD Creator 6
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
ewido anti-malware
FaxTools
Google Toolbar for Internet Explorer
HijackThis 1.99.1
HLPIndex
HLPPDOCK
HLPRFO
HP DVD Writer
HP Software Update
J2SE Runtime Environment 5.0 Update 6
Kodak EasyShare software
KSU
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.71
Macromedia Flash Player 8
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft XML Parser and SDK
Mozilla Firefox (1.5.0.1)
Notifier
NVIDIA Drivers
OmniPage SE 2.0
OTtBP
OTtBPSDK
Panda ActiveScan
PC Pitstop Optimize 1.0v
Photo Explosion
PowerDVD
Pure Networks Port Magic
QuickTime
RealPlayer Basic
RecordNow!
Registry Mechanic 5.1
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
SFR
Shareaza version 2.2.1.0
SHASTA
SKIN0001
SKINXSDK
Sonic Update Manager
Spybot - Search & Destroy 1.3
SpywareBlaster v3.5.1
TrojanHunter 4.2
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Viewpoint Media Player
VPRINTOL
VSO CopyToDVD 3
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinPatrol
WinZip
WIRELESS
Yahoo! Messenger

#36 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 09 March 2006 - 10:32 PM

Dear returnofsid, :)

Since you have a number of DVD creation software programs and photograph editing software on your computer, you may want to "maximize" the memory on your computer from 512 MB to 1 GB. See the following link as a reference: http://www.sysopt.co...cle.php/3533021.

Here is a link I have found that scans your computer system, and tells you what memory you will need:

http://www.crucial.c...og=uslp_scanner (i.e. I haven't run this program on my computer, so if you know what memory your computer takes then don't run this program.)
********************************

Here are some programs you may want to uninstall, These are optional uninstalls.

Viewpoint Manager provides automatic updates for ViewPoint products such as ViewPoint Media Player (and it comes bundled with AOL, AOL Instant Messenger, Compuserve, etc). This program can be run manually via Start -> Settings -> Control Panel by enabling auto-updates temporarily, re-booting and then disabling again. However, Viewpoint Manager is a media player often installed without the users' knowledge. If you do not want this software on your computer, then please uninstall it.

Uninstall the following program/programs through Add/Remove programs:

Viewpoint Media Player

Use the following link as a reference: http://ask-leo.com/viewmgrexe.html
**************************

Through google, I found out the following:

ComcastSUPPORT - Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove Programs.

Uninstall the following program/programs through Add/Remove programs:

ComcastSUPPORT

Use the following link as a reference: http://castlecops.co...astSUPPORT.html
*****************************

From your previous posts you said you switched to a different "Internet Service Provider" (ISP) called Comcast. I assuming your old "Internet Service Povider" was AOL. If I am correct, you may want to uninstall the following AOL Programs.

AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services

Note 1: I believe with Comcast, they give you a number of e-mail accounts, therefore you could forward your e-mail from your existing AOL account (i.e. if you have one) to your Comcast account (i.e. before unistalling AOL, check to see that the e-mail from your AOL account is forwarded to you new e-mail account).

Note 2: You can access the Internet "directly" through either "Internet Explorer" and "FireFox", therefore you don't have to access your browser through your AOL account (i.e. therefore, cutting out the "middle man", that is, AOL).

Note 3: You can install the AOL instant messaging software program, independent of having the full blown version of AOL (i.e. though I use an early version of AOL instanta messaging, I don't like the newer versions).
******************************

Through google, I didn't find much information on AOL Uninstaller. It was listed with a bunch of other "Uninstallers", see the following link: http://www.freedownl...ninstaller.html.

Since you have the windows "Add/Remove" program via the "control panel" and if you know that this program is part of AOL, then:

Uninstall the following program/programs through Add/Remove programs:

AOL Uninstaller (Choose which Products to Remove)

Please restart your computer and then post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps. :)

#37 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 11 March 2006 - 11:29 PM

I haven't been able to do any of the above yet. I'll make sure and get to it tomorrow. Just haven't had time on the computer yet. However, today, it took 4 or 5 tries to even get the computer to boot up.

#38 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 14 March 2006 - 12:10 PM

Sorry it's taken me so long to get back to the forum. I've deleted two of my DVD creation programs. Neither was working properly anyway. I've also deleted View Point Media Player and Comcast Support. I know that AOL fills the computer with all kinds of junk, however, I do still use AOL so don't want to delete it completely. I'm unsure if I can uninstall AOL Coach Version or not. If I can unninstall it and still have access to AOL, I'll do so. Does anyone know the answer to that?
Also, over the weekend, my kids were on my computer quite a bit and I ended up with some Malware, I think I got rid of it all but will post a new HiJackThis log to be viewed. It came up as being associated with WhenU.com. I wasn't sure if you wanted me to also post a HJT uninstall log again also so I will.
I do agree with your suggestion about getting more RAM. As soon as I'm able to afford that, I plan to do just that! Thanks!!

Logfile of HijackThis v1.99.1
Scan saved at 10:07:40 AM, on 3/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsu...asp/tgctlsr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1135244869623
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1135244721480
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

And now for my HJT open/uninstall log.

Ad-Aware SE Personal
Adobe Photoshop 7.0
Adobe Reader 6.0
Adobe SVG Viewer 3.0
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
ArcSoft PhotoStudio 5.5
ArcSoft ShowBiz DVD 2
AVG Free Edition
Canon MP Navigator 2.0
Canon MP500
Canon Utilities Easy-PhotoPrint
CardRd81
CCScore
C-Media 3D Audio
Comcast High-Speed Internet Install Wizard
CR2
DiscWizard for Windows
DVD43 v3.7.0
DVDXCopy Platinum 4.0.3
Easy CD & DVD Creator 6
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
ewido anti-malware
FaxTools
Google Toolbar for Internet Explorer
HijackThis 1.99.1
HLPIndex
HLPPDOCK
HLPRFO
HP DVD Writer
HP Software Update
J2SE Runtime Environment 5.0 Update 6
Kodak EasyShare software
KSU
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.71
Macromedia Flash Player 8
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft XML Parser and SDK
Mozilla Firefox (1.5.0.1)
Notifier
NVIDIA Drivers
OmniPage SE 2.0
OTtBP
OTtBPSDK
Panda ActiveScan
PC Pitstop Optimize 1.0v
Photo Explosion
PowerDVD
Pure Networks Port Magic
QuickTime
RealPlayer Basic
RecordNow!
Registry Mechanic 5.1
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
SFR
Shareaza version 2.2.1.0
SHASTA
SKIN0001
SKINXSDK
Sonic Update Manager
Spybot - Search & Destroy 1.3
SpywareBlaster v3.5.1
TrojanHunter 4.2
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
VPRINTOL
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinPatrol
WinZip
WIRELESS
Yahoo! Messenger

#39 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 14 March 2006 - 02:03 PM

Dear returnofsid, :)

(Note/Disclaimer: Hi returnofsid, in this next post, I would like you run another antivirus scan. When you download and install this application, it likes to install itself in a temporary folder by default, which is not a good idea. The thing is that if you ever tried to do a Disk Cleanup of your system (which is a good idea and should be done frequently) these files will be deleted and the program will not run. My instructions below, will give you a way to install this program, without it installing itself (by default) in a temporary folder which could be deleted (you probably should have the winzip application on your computer to install the application to a different directory.). See also the link on removing temporary files: http://www.tech-reci...cipes&rx_id=463. Good Luck!) :)

I would like you to download a program to your computer that will check for bad, hidden, files that the HijackThis program may not recognize.

Please create a folder on your desktop and rename it to something like "MWAV or MWAV application".

Please download the free MWAV antivirus tool from here: ftp://ftp.microworldsystems.com/download/tools/mwav.exe.

Save the downloaded "executable file" to this folder and "extract it" to this folder. Do a search for a file called mwavscan.com and double click on this file. The MWAV antivirus tool application should run.

(Note #1: The application will ask you if you want to purchase this product say "NO".)

Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window in a reply to this post.

(Note #2: When you run the MWAV antivirus tool scan, I do not want the log produced when pressing the view log button. When you run this application to scan your computer, you will see two panes or panels. By pressing the "view log button" it will give you the information in the top pane or panel. I want you to post the information in the bottom pane or panel. The title for the bottom pane/panel should say: Virus Log Information. Please post the information in the bottom pane/panel in a reply to this post.)

(Note #3: Some users were having trouble copying the information in the bottom pane or panel. To copy the information from the bottom pane or panel, highligt the information in the "bottom pane/panel" with your mouse then on your keyboard press the following keys simultaneously: Ctrl + c. This will copy the information in the bottom pane to your clipboard. Then open up your notepad application, and paste the information from your clipboard into notepad and save the notepad file as "mwav.txt". Or you can past the contents of the clipboard directly into your next post using the paste function or pressing the following keys on your keyboard simultaneously, Ctrl + v.)

Please restart your computer and then post a new HijackThis log, along with the log from the MWAV antivirus tool application.

In addition, let me know in detail how your computer system is running after performing the above steps. :)

#40 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 15 March 2006 - 12:01 AM

Alright, here's that log you asked for. This is just a copy and paste from the bottom pane of the scan. The details below this pane said that it found 18 Critical Objects and 25 Errors. Hope this helps. I haven't had any problems with the computer freezing up today. The only time I seem to have any problem is when attempting to use my DVD-RW drive. I'll add a new HJT log below this log.


Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.
File C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\Cache\F9919C21d01 tagged as "not-a-virus:AdWare.Win32.SaveNow.bo". Action Taken: No Action Taken.
File C:\Downloads\DH2004Setup-dm[1].exe tagged as "not-a-virus:AdWare.Win32.Trymedia.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7C746451-818E-4A09-8F76-80BBE68E6893}\RP112\A0068036.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.bo". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7C746451-818E-4A09-8F76-80BBE68E6893}\RP112\A0068044.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.bo". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7C746451-818E-4A09-8F76-80BBE68E6893}\RP112\A0068077.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.bo". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7C746451-818E-4A09-8F76-80BBE68E6893}\RP112\A0068088.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.bo". Action Taken: No Action Taken.


Logfile of HijackThis v1.99.1
Scan saved at 10:01:13 PM, on 3/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\Mike\LOCALS~1\Temp\mexe.com
C:\DOCUME~1\Mike\LOCALS~1\Temp\kavss.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsu...asp/tgctlsr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1135244869623
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1135244721480
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#41 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 15 March 2006 - 08:01 AM

Dear returnofsid, :)

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
**************************

1) Please download the Killbox. Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox. Put a check mark next to "End explorer shell while killing file".

4) In the main screen of Pocket KillBox, go to Tools in the top menu bar, and select: Delete Temp Files.

5) Select "Delete on Reboot".

6) Copy the file names below to the clipboard by highlighting them and pressing Control-C:


C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\s168tnz5.default\Cache\F9919C21d01
C:\Downloads\DH2004Setup-dm[1].exe


7) Return to Killbox, go to the File menu, and choose "Paste from Clipboard". Now you will see, this is pasted in the "Full Path of File to Delete" field. There's a little arrow (dropdown-arrow) next to that field. If you expand it, these lines must be there together!

8) Click the red-and-white "Delete File" button.
Click "Ok" at the Delete on Reboot prompt.
Click "Ok" at the Reboot needed prompt.

(Note: As a double check, search for the files I had you delete through the Killbox application to see if they are actually deleted. Let me know in detail if they were deleted.)

Please restart your computer and then post a new HijackThis log, along with a new log from the MWAV antivirus tool application.

In addition, let me know in detail how your computer system is running after performing the above steps. :)

#42 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 15 March 2006 - 08:43 AM

Dear returnofsid, :)

I haven't had any problems with the computer freezing up today. The only time I seem to have any problem is when attempting to use my DVD-RW drive.


Ok, I found the following link from Hewlett-Packard's website:

http://h10025.www1.h...R1002_USEN#N324

The heading of this link is the following: "HP DVD Writer DVD530i - HP DVD Writer DVD530 Product Specifications"

From this web page it says the following:

Processor/RAM - 800 MHz Intel Pentium III processor or equivalent (1.6 GHz Intel Pentium IV processor or equivalent recommended)


From your PCPitstop test results, your processor speed is the following:

AMD Athlon, 1250 MHz


Therefore, this could be causing some of your problems when you use your DVD-RW drive.

rambro :)

#43 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 28 March 2006 - 05:36 PM

Alright, it's been awhile since I've posted because I figured out my problem and it took a bit of time to fix it...lol. The problem was a failing hard drive. It failed about a week ago. I've replaced it and am up and running again. The first thing I did after installing Win XP was to install AVG 7.1 Plus Firewall. Then I installed Ad-Aware, HiJackThis and Spybot S&D. I'm going to review this entire post and install some of the other software that you'd suggested I install.
I've also reinstalled AOL...unfortunately, I do want to continue using AOL. Also, unfortunately, when you install AOL...it installs all kinds of things I'd rather not have but don't know what I can and cannot delete. I have gone through msconfig....doing a google search on each entry and disabled those that I learned it was safe to disable.
I'll now post a HiJackThis log for your review. Any suggestions of other things I can disable or delete to improve my system would be appreciated. By the way...since installing the new hard drive, I've had no problem at all with my system.




Logfile of HijackThis v1.99.1
Scan saved at 3:35:56 PM, on 3/28/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\AOL\1143514668\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1143514668\ee\AOLServiceHost.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\common files\aol\1143514668\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1143514668\ee\AOLServiceHost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\AOLMediaPlaybackControl.exe
C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\AOLMediaPlaybackControl.exe
C:\Program Files\HiJackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1143514668\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1143493735548
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143493723130
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#44 LDTate

LDTate

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 534 posts

Posted 28 March 2006 - 07:03 PM

Hello returnofsid.
rambro has been called in to work and ask me to see if I can help out.

I've also reinstalled AOL...unfortunately, I do want to continue using AOL

This has me a little confused. If you don't want to use it, why did you install it?

#45 returnofsid

returnofsid

    Member

  • Full Member
  • Pip
  • 91 posts

Posted 29 March 2006 - 01:23 PM

Re-read my post that you quoted please...lol. I said "Unfortunately, I DO want to use AOL." Unfortunate, because I know it adds a lot of crap to my system other than JUST AOL.

#46 LDTate

LDTate

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 534 posts

Posted 29 March 2006 - 01:38 PM

I really don't see anything else that needs removed. We can give this a go:

lets see if this will help speed it up.

Backup your Registry...
- Press "CTRL - ALT - DEL" keys all at the same time to start "Task Manager"
- In the Task Manager window click on "File", then from the drop-down menu select "New Task (Run...)"
- In the "Create New Task" window enter\type "regedit" (without quotes)
- Once Regedit opens click on the FILE menu and select Export
- Save the file as backup. Save the file somewhere you will remember and not delete.
IMPORTANT: make sure to set the export range to ALL



I recommend you download RegSeeker. Extract it to it's own folder, open and double click RegSeeker.exe to start the program. Maximize the window and click clean registry. Check all sections and click OK. When the scan is complete, verify the backup box in lower left corner is checked and click the select all button, then select all again. Then right click within the search results and select delete. Run it again and again, deleting everything it finds until it finds nothing. Reboot and make sure your programs are working properly, control panel and add/remove programs windows open, etc (basically just do a quick check of everything). In the event anything was 'broken', you can open RegSeeker, click backups and double click any/all files to put the information back. A reboot may be required for the effects to be seen. Reboot When done.

NOTE: To be extra safe you can choose to only remove the items in RED.




Member of UNITE
Support SpywareInfo Forum - click the button