Posts by SarahH

Thanks for all the help! These suggestions worked well and everything is up and going!

<hugs!>

Are these errors after boot up or before?

The screen turns on …. The Windows loading screen shows on the screen for about 10 seconds and then the error pops up

Thanks again!

Hi guys! This time I'm getting help for a friend, so any advice you could offer would be awesome!

So my friend has a laptop, but it won't power up anymore and it gets errors like these when it tries to:

Extended Test: Service Tag HT4D0C1

(IDE Disk Test)

1) Error Code - 0F00:0244
Msg: Block 6431959: Uncorrectable data error or media is write protected

2) Error Code - 0F00: 1A44 (IDE Disk Verify Test)
Msg: Block 6431959: Uncorrectable data error or mediat is write protected

He has Windows XP on it with McAfee AntiVirus and he hasn't made any changes to his laptop lately. He just turned it on one morning and these things started happening.

Any help would be really appreciated as always! Thanks for all your help over the years!

Sarah

Kind of weird what is happening really!

My computer and internet seem to be working fine, then for the last few days, the internet will just stop working. It won't slow down, nothing strange happens on the screen that I can see, but all of the sudden my internet drops.

The weird thing is that the only thing that fixes it is rebooting the computer. I've tried hard rebooting and powercycling the modem, but that doesn't do it. Which is why I think there's something screwy going on with the computer? So I decided to come get the experts help again! Only real changes I've made in the last few days are installing SP 3 and windows messenger and any required updates from Microsoft.

Oh! Also, sometimes when I would pull the power to my modem just to boost my speed, I would get what reminded me of the sasser or blaster virus - that my computer was shutting down in 60 seconds. Any idea why it would do that just from having a cable disconnected?

Thanks as always! <hugs>

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:29 AM, on 9/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~2\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program …

Also, just to let you know, I've tried to do the Trend Micro House Call scan 3 times now, and everytime it makes my computer reboot. Is there a virus out there that causes a reboot if it's detected? Or could there be other things at work?

I just reformatted and re-installed a few months ago too.

Hello all, I just received a Phisher e-mail and I heard that you're mainly going to be receiving this if some spyware or Trojan is on your computer. So, I was wondering if anyone knew of a good anti-Trojan scan to download? Also, here is my Hijack this log if anyone could see if they spot anything strange on here, that would be great!

Logfile of HijackThis v1.99.1
Scan saved at 10:47:41 AM, on 2/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\LMPDPUI.EXE
C:\Program Files\ISS\BlackICE\blackd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brad\Desktop\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
…

Oh, also, here is an updated Hijack This! Log. Did I get it all out?

Logfile of HijackThis v1.99.1
Scan saved at 4:51:21 AM, on 10/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\MATLAB7\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\NukeNabber\nukenabber.exe
C:\Program Files\AnalogX\MaxMem\maxmem.exe
C:\Program Files\WindowBlinds\wbload.exe
D:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Startup: nukenabber.lnk = C:\Program Files\NukeNabber\nukenabber.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' …

Those log entries are indicating probes/connection attempts from the outside world; they aren't indicative of activity by malicious programs on your computer. If your firewall software is sucessfully blocking these queries, you should be OK.

In addition to a firewall, you can tighten up your security even more by making configuration changes to Windows' services (system-level programs which provide certain functions). Windows, by default, runs more than a few unnecessary and potentially vulnerable services, so it's a good idea from a security standpoint to limit some of these services or disable them entirely. This isn't something that you should do if you're not familiar with services though, as modifying the wrong services can cause all sorts of trouble.

A list of suggested service settings which will secure your computer more thoroughly can be found here:
http://www.tweakhound.com/xp/security/page_3.htm

Okay, so you're saying since the attacks/probes are showing up in my firewall list, then that means they *are* being blocked?

Sorry, I'm new to the whole firewall thing :(. This was given to me by a friend with no instructions :(.

1. If the hits are being reported as coming from the outside world, that's normal; there are a lot of malicious programs and people out there trying random IPs and network ports to see if they can find a way into your system.
Do your firewall logs give you any specific details? If so, you might want to post some of them so that we can get a better idea of what the hits are all about.

2. There are a couple of loose ends in your HJT log; have it fix these entries:

R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)

Thanks for the cleanup advice! Here are a lot of the hits that have happened today...

Time, Event, Intruder, Count
10/4/2005 5:52:59 PM, TCP_Probe_SQL, ROBERT-8107CAF3, 2
10/4/2005 5:51:43 PM, TCP_Probe_MSRPC, YOUR-US67PI6LUV, 1
10/4/2005 5:51:35 PM, TCP_Probe_Gnutella, adsl-2-84-104.mia.bellsouth.net, 45
10/4/2005 5:50:58 PM, TCP_Probe_MSRPC, dialup-4.240.48.176.Dial1.Phoenix1.Level3.net, 3
10/4/2005 5:50:04 PM, TCP_Probe_MSRPC, dialup-4.240.156.5.Dial1.Phoenix1.Level3.net, 2
10/4/2005 5:46:07 PM, TCP_Probe_Other, B-MAN, 5
10/4/2005 5:44:50 PM, TCP_Probe_NetBIOS, dialup-4.240.123.224.Dial1.Phoenix1.Level3.net, 2
10/4/2005 5:39:47 PM, TCP_Probe_MSRPC, dialup-4.240.198.12.Dial1.Phoenix1.Level3.net, 2
10/4/2005 5:31:44 PM, TCP_Probe_Gnutella, adsl-69-235-202-37.dsl.irvnca.pacbell.net, 3
10/4/2005 5:31:21 PM, TCP_Probe_NetBIOS, dialup-4.240.150.206.Dial1.Phoenix1.Level3.net, 2
10/4/2005 5:28:19 PM, TCP_Probe_MSRPC, MIREYA-VXN28WS2, 1
10/4/2005 5:25:19 PM, TCP_Probe_Other, pool-151-199-116-76.roa.east.verizon.net, 4
10/4/2005 5:24:14 PM, TCP_Probe_MSRPC, dialup-4.240.75.112.Dial1.Phoenix1.Level3.net, 4
10/4/2005 5:20:13 PM, UDP_Probe_Other,

Hello everyone! Well, I took your advice, and went ahead and reinstalled and reformated. Now I seem to be getting a lot of hits on my firewall for some reason.

I'm wondering if there is a virus on here that's nasty and keeps getting past my AV Scans, or some horrible spyware or something? So, I did a Hijack This! log for you masters to take a look at please! :)

I have BlackIce firewall, Norton AntiVirus, Microsoft Anti-Spyware, Spybot, and Adaware. These are all updated, and I just ran them today. And voila! Here is my log! :)

Logfile of HijackThis v1.99.1
Scan saved at 11:01:01 AM, on 10/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\MATLAB7\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1128319371\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1128319371\ee\AOLServiceHost.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\NukeNabber\nukenabber.exe
D:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
O4 - …

Hello all,

Well, I've had similar problems like this in the past, but now this is the worst. It started with The Sims 2. It played fine for a while, but then it started to get holes in the pixels, and after about 15 minutes, the game would freeze up and I'd have to hold in the power button to shut off the PC. I tried both my CD Burner and DVD Drive to play this, both with same results.
Then I got Chessmaster, and it works fine for about 15 minutes, then freezes up the PC.
I was originally thinking something along the lines of bad DVD/CD Rom Drives, or perhaps cables not connected right, but yesterday I ran an old screen saver that worked just fine about a year ago. This isn't like a major high end graphics screen saver, but it's still pretty cool.
So, I play this screen saver that worked fine last year, but now when it runs, it locks up and freezes my PC just like my games in my DVD/CD Rom drives do.
I'm thinking now it's probably a Video Card problem? Could it be I need to replace my vid card? I've tried reinstalling drivers, this doesn't do anything. Also, I haven't reformatted in about 2 years now (I know, it's overdue), could this possibly have anything to do with it? Everything else works fine, it's just anything to do with games or high-end video seems to …

maybe its your codec, or your video drive, try reinstalling quicktime, WMV, quicktime, and video driver. Im not sure how to reinstall your video drive but, you could look it up. Maybe some of these people know.

I've reinstalled my video drivers, and that seemed to help for about a day, then it went back to the same thing :(.

Hi guys!

Well, those system processes for Viewpoint weren't present in normal or Safe Mode, and the C:\Program Files\Viewpoint wasn't present either.

So, I fixed the selected problems and here's my new log!

Logfile of HijackThis v1.99.1
Scan saved at 1:03:15 PM, on 4/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\taskswitch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
F:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\SpywareGuard\sgbhp.exe
F:\Hijack This\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - f:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 …

Go ahead and follow all of Crunchie's instructions in post #2.

Do you use Viewpoint Mananger? It is spyware related and I would recommend removing it. Here is one opinion:
http://www.2-spyware.com/file-viewmgr-exe.html
You can use Google to search for more inofrmation before you decide whether to keep it or not.

Remember to reboot and post a new log after following Crunchie's instructions.

You know I've always wondered what Viewpoint Manager was. I was cleaning out old programs and saw it in the add/remove programs and I thought it was weird, had no idea what it was, so I left for exactly that reason.

I went to add/remove programs and removed the Viewpoint Manager. Is this enough? Or do I need to find some registry keys or other things related to it that are bad?

Also, I did what Crunchie said, and here is my revised Hijack This log :) Thanks again!!

Logfile of HijackThis v1.99.1
Scan saved at 3:25:45 AM, on 4/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
F:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
F:\Hijack This\HijackThis.exe

Thanks again, Crunchie! You've saved me so much already, sorry to keep messing things up :(. Don't know how it happens, ugh, I try to be careful.

I noticed that new DL of Hijack this last night after I posted, but I wasn't able to get to the site to DL it because of the problems I mentioned before. It let me DL it today, so I just went ahead and posted the new log for you instead of doing the things you mentioned in the above post to make sure I do everything I need after I had the updated Hijack log.

Thanks again, you're the best!

Logfile of HijackThis v1.99.1
Scan saved at 2:03:13 PM, on 4/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
F:\Program Files\SpywareGuard\sgmain.exe
F:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Documents and Settings\BRD\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Program …

Hello again!

Over the last few days, strange things have been happening. I've run my Ad Aware SE, my Spybot, I use Firefox when I browse, but I'm still having trouble. I'm connected to the internet, because I can talk on AIM, but when I try to browse with either Firefox or IE (Backup), the pages won't display. I have been unplugging my modem, then plugging it back in, and this seems to be a temporary fix. A few minutes later, I can't browse again, it can't find any sites even though I'm connected with cable modem.

Just now, I couldn't get to this site, but I could get to others. A few minutes later, I tried, and now I can get to this site to post this for help. So, hopefully this log will help getting everything up and running like it should again.

Thanks again! This site has saved me many times!

Logfile of HijackThis v1.98.2
Scan saved at 8:52:01 PM, on 4/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\SpywareGuard\sgmain.exe
F:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
…

Hello,

Whenever I play movies in WMP, or Quick Time, or Real Player, after a few minutes, the screen that the movie is playing in starts flashing green very fast. Then the programs starts running slow and I have to turn it off, then open it back up to stop the green flashing.

And then I have to keep repeating the process every few minutes. Any ideas on why it does this?? Any help would be greatly appreciated!!

Sarah

Should I delete these as well? The Negligiable objects that Ad Aware finds, or is it okay to leave them?

Just not sure which ones I should rid myself of.

Thanks again! Love this site and all your help!

Sarah

Thanks everyone!

I'll get that other one that I"ve never heard of before (IE-Spypad).

Thank yoU!

Is this a good anti-spyware? Anyone know if it's worth it? It's the type of one where you have to buy it from the store. Is this as good as Spybot or Ad Aware?

Nothing bad there. Probably one of those Microsoft gremlins :).
Every now and then this old PC of mine requests a password, even though I have set it to remember it.

Oh, okay, nothing to worry about then?

So, where can I find out how to read Hijack logs? Is there a site where I can go to learn how to read them, to find out what's going on? What's wrong and what I need to do to fix things?

Sarah

Hello again,

Usually when I turn my computer off, then turn it back on, everything is fine. However, the last time I did it, my computer did a chkdsk when it started up, the one that says "It is strongly recommended that you continue this".

I was wondering why it would do this? I didn't do anything other than what I normally do when turning it off. But when I turned it on it did the scan.

I ran Norton (found nothing) Spybot (Found nothing) and Ad Aware (Found a few things), but other than that I don't see what could be wrong. Here is my Hijack log.

Thanks again!

Logfile of HijackThis v1.98.2
Scan saved at 9:39:10 PM, on 11/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\CursorXP\CursorXP.exe
F:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
F:\Program Files\Hijack This\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj …

Try to reset your TCP/IP, this usually works:

Click on Start, then click on Run, and type this in:

netsh int ip reset c:\resetlog.txt

Then click "ok"

A black box should appear and disappear if you typed this in correctly.

Then restart your PC and try to connect again, you should be able to see those pages.

Hello,

With peoplepc, when you get a bartshell error, you can't open the login screen or get on the internet. I heard that this bartshell is some kind of a virus? Is this true? And is it related to PeoplePC?

I don't have peoplepc, I'm just trying to help a friend with peoplepc who can't get on the internet right now.

Thanks for any help!

Sarah

Hi again,

A decent Uninstaller program does a bit more than simply clean out registry entries. Some compare programs and their installers against a database and removes them completely, while other types may monitor the installation process and then track system changes programs make so they can be effectively removed later.

Your Uninstaller
Advanced Uninstaller Pro

Try booting into 'Safe Mode' and uninstalling Panda. You haven't given any details about the error messages you receive, or the version of Panda you have, but you might simply have program components loaded which are blocking the uninstall.

If you still can't uninstall from Safe Mode, try following these instructions from the Panda support team:

Thanks again for the info! Just a quick question...are you saying I should install one of those uninstall programs, THEN go into safe mode and use the uninstall program? (I chose Your Uninstaller! based on reviews over the other)

I'm sorry I don't have the time at the minute to find a better alternative, but please note that Easycleaner is NOT an Uninstaller. It's a Registry Cleaner, and a potentially dangerous tool in the hands of the inexperienced.

Yeah, I'm pretty dangerous. However, all I do is follow the instructions. It just says clean out the registry (things that no longer have valid entries and don't point to anything). Then I clean out shortcuts that no longer exist...I haven't seen any problems doing this, does that sound okay?

Also, with the uninstaller program, I REALLY need to uninstall Panda ANtivirus, because I tried to uninstall it the normal way, an error occured while trying to uninstall, now it won't let me uninstall it at all. I tried to reinstall it so I could uninstall it again, but it won't let me install over it, even though it's the same thing, the same version. Will this uninstall that you're talking about do that for me?

Not really no...however, I just moved my computer and switched from DSL to Cable, and it doesn't seem to be doing that weird reboot thing. Maybe the DSL was doing something weird to my computer?

First thing you may want to do is update your HijackThis to version 1.98.2 and post a fresh log. :)

Thanks Deonnanicole, I didn't know there was a newer version!

Okay, here is the fresh log, thanks again :)

Logfile of HijackThis v1.98.2
Scan saved at 1:58:13 PM, on 9/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
F:\Program Files\SpywareGuard\sgmain.exe
F:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - f:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - …

Okay everyone, thanks for the info.

Catweazle, what would you suggest for me to get for an uninstall program? I have something called EasyCleaner 2.0 that has an uninstall function on it right now. Is there something better I should get?

I saw PC Bug Doctor on download.com and I was wondering if any here has used it or if it does what it says it does? Fixing problems that often require a system restore or reinstall and registry problems and things. Any of this true? Is it worth doing a free scan or buying the program?

Hello,

Every time I restart my computer, or turn it on after a shut down, it gets as far as the blue login screen where you choose your user, then it reboots. Sometimes it will do it 2 or 3 times, other times it goes up as high as 10. Usually it stops doing this when I manually hit the reset button, but sometimes not.

I have windows XP Pro, Service Pack 1 with most of the updates.
Any ideas?

Sorry, also have another question. I'm stupid, so don't shoot me!
I have Norton on my computer, and I opened up the systray, and the icon has an exclamation point on top of it, and when I right click and choose enable real time protection, it doesn't do anything :(. Any ideas on that one?

Hello, I'm having trouble with my XP Pro system! When I turn it on, it gets to the blue login screen, then instantly reboots. Sometimes it only does it one to three times, other times it goes on for about 10 times. Any ideas?

Here is my hijack this log:

Logfile of HijackThis v1.97.7
Scan saved at 2:01:40 AM, on 9/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\SpywareGuard\sgmain.exe
F:\Program Files\SpywareGuard\sgbhp.exe
f:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
f:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
F:\Program Files\Hijack This\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DSL Connection Tool] C:\Program Files\MSN\MSNIA\dslmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] F:\PROGRA~2\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE …

How is your page caching set up in your Internet Options control panel? The settings are under the "settings" button of the Temporary Internet Files section of the General tab of the control panel. In the "check for new versions of stored pages" options, force it to "every visit to page" and see what happens.

Thanks DMR, I think that did it! It was set to "never". How did it get changed to never? I know 100% that I didn't do it :cry:

Hello,

Every time I open up my Internet Explorer, and type in the address of the site I want to visit, when it gets to that site, it opens up the way it was the last time I got there. It used to be when I visited a site, the explorer would automatically refresh it, so I'd be viewing new forums/threads/news. Now I have to manually click refresh everywhere I go to see what's new.

I admit this isn't a big problem, all I have to do is manually click refresh, but I was just wondering what was causing this problem and how to correct it.

Thanks!

Unless someone can come up with a better solution SarahH, then yes, that would be a reasonable course of action.

I 'shudder', however, at the use of system utilities like the one you mention, but that's just me!

How come? It's called EasyCleaner, and it's freeware. Do these things delete important registries sometimes? It was recommended to me by Crunchie.

I've had my share of Panda Antivirus 7.0 Platinum edition (I remember the name well).
I could uninstall it after waiting for half an hour for every command that it took. It was conflicting with an existing anti-virus program: Sophos...one of my colleagues had installed it without my knowing. So I installed Panda, I must say I'll never do it again...though I never had your problem that it can't uninstall, I did only get the install program. This was with Win XP, might I ask what your OS is?

I use windows XP also :(. I have a registry cleaner. Should I just delete Panda then use the Registry cleaner? It cleans out all registry codes that don't point anywhere.

Or should I do something else?

Definitely do NOT delete the thing. That will only make things worse. Please try reinstalling the program then uninstalling it again.

Well, I tried to install it again, and as it started up it said, "Panda Anti Virus is alread installed, you'll have to uninstall it before you install again"

Then it gave me the directions on how to go to start/control panel blah blah to remove the program. And, since it's screwed up, I can't do that because when I click on the add/remove programs nothing happens :(.

Any other suggestions?

Hello, I went to uninstall Panda Antivirus this morning. However, as it was starting to, it was bringing up the install wizard instead of the uninstall wizard. So, I cancelled it and tried again. It said that I needed to restart the computer, because of the bad install/uninstall so it could try again.

Well, I've restarted several times, and when I go into the control panel to remove Panda (I click on add/remove Panda) it doesn't do anything. And I can't find an Uninstall in the actual Panda Antivirus Folder.

So, my question is, do I just delete the Panda file? Is this as good as uninstalling or no?

I just reinstalled about 6 months ago, and I got all the updates today

the log looks clean ,not sure why you adaware freezes ,berhaps try running it in safe mode .
As for the spoolsv.exe it part of winxp ,it doesent mater if you ahve a printer installed ,not sure why you would be getting the error message .

Reboot to SAFE mode to run Adaware
How to start computer in safe mode

What about my Adobe that keeps crashing when I open? A friend said it might have something to do with the registry. But why does it work in one account, but not in the other one?

Also, my Ad-aware keeps freezing. It will start the scan, get to about 14,858 files scanned, then freeze up. Any ideas on this?

spoolsv.exe =a service that stores printer jobs and forwards them to the printer when it is ready,
it also can be virus releated depending on where its located on you computer ,if you have hijackthis [if not download it in my signature ]on your compute run it and post a log .

Logfile of HijackThis v1.97.7
Scan saved at 9:51:34 AM, on 5/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN\MSNIA\dslmon.exe
C:\WINDOWS\System32\taskswitch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\PROGRA~2\ZONELA~1\ZONEAL~1\zlclient.exe
F:\Program Files\TrojanHunter 3.8\THGuard.exe
C:\WINDOWS\System32\RUNDLL32.EXE
F:\Program Files\SpywareGuard\sgmain.exe
F:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\AIM95\aim.exe
F:\Program Files\Hijack This\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DSL Connection Tool] C:\Program Files\MSN\MSNIA\dslmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - …

On my Adobe Photoshop program, when I open it in my XP system, it gets all the way through the startup process then crashes. However, I created a new account, and when I open Adobe Photoshop in that XP account, it works just fine.

Also, when I logged back on to my normal XP account, my firewall detected something called spoolsv.exe trying to access the internet.

So, I don't know if it's due to all the spyware stuff that I've been dealing with with Crunchie over the past week, or if it's something else? Why would a program work on one account and not another? And anyone know what this spoolsv.exe is?

Thanks again for all the help! These boards are great!!! :D

I've just gone through my previous posts & there is no mention of Noadware that I can see. I wondered why I had not heard of it?? I think perhaps you may have got it somewhere else??
I can almost guarantee you though that the program is junk. There are a lot of programs that offer a free download then tell you that you have to pay to remove what it finds. I have never recommended a program that works that way. Just a rip off & what they find is probably already written into the program to come up automatically. As soon as you pay, voila, gone. Nothing wrong to start with. You know what I mean??
If Adaware & spybot never found it, I would feel pretty secure. There is nothing in your log either, so trash the program.
Reset your system restore point & you'll be sweet.

Go & have a read here. http://www.netrn.net/archives2/000499.html

Okay, thanks so much Crunchie! I've learned a lot and hopefully these last few things will clear me up for good :). Oh, I also figured out the thumbsup/down symbol and added good words for you! CRUNCHIE IS THE BEST!!!

I presumed that you found that key with Adaware? If so, run Adaware again & have it fix it.

No, I found it with another link you posted called NoAdware v2.01. The only way I can fix it with that is if I pay $30.00. I was hoping you might know how to get rid of it without going that route :). I've run AdAware and Spybot several times, and the key still shows up :(.

That log looks good. Boot into safe mode & clear out the contents of that Temp folder that the MkkuZz.exe is in. Show hidden files/folders to view it. Boot back to normal. Run TrojanHunter again & see if it sniffs out anything else.
You can clear this key too. HKEY_LOCAL_MACHINE\software\clRegKey Danger: Severe

How do I find the reg key? With reg lite?

Update:
I put in HKEY_LOCAL_MACHINE\software\clRegKey into Reglit, and it gave me a big list of things. How do I know what to delete?

P.S. Thanks again for everything!!!

I was wondering if it's possible to scan something before installing it to see if it contains spyware. I download free fonts, and I'd like to check just those files to see if they have spyware before installing. Any way to do this, or do I just take my chances and scan my computer after installing fonts?

I don't really understand this spyware device :(. I installed it, turned it on, but there is no scanning procedure that I can find.

Download signed ActiveX controls are prompt

Download unsigned AcitveX controls are Prompt, and it's telling me I should put it in disable.

Should I do this?

Kind of confused with this product. How do I use it? :(

That log is clean. Try goinghere for another scan & see how that works. If there is an option to clean, select that too. Are your own virus definitions up-to-date?
You can also try TROJANHUNTER to weed out those trojans.
Delete bridge.dll from the recycle bin, empty your temporary internet files & include offline files, empty any other temp folder (there is one where you will have to show hidden folders).
Your restore point is disabled? Yes.

Thanks, Crunchie! The TrojanHunter made the Lkqyfy.exe visible so I could delete it. However the TrojanHunter said one of these files *MIGHT* be a Trojan, so I wanted to post it on here first and see what you thought before I went and deleted it:

Found possible trojan file: C:\Documents and Settings\BRD\Local Settings\Temp\optimize.exe/MkkuZz.exe (SDBot)

On your NoAdware scan, it came up with this:

HKEY_LOCAL_MACHINE\software\clRegKey Danger: Severe

And here is my newest Hijack this log:

Logfile of HijackThis v1.97.7
Scan saved at 3:04:49 PM, on 5/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN\MSNIA\dslmon.exe
C:\WINDOWS\System32\taskswitch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\PROGRA~2\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
F:\Program …