# Sluggish computer - HJT error



## Android (Oct 31, 2006)

Very sluggish computer. First time I ran HJT, it had a popup window saying a registry problem. Then tried it again and it seemed to work fine. Here is a HJT log. I'll follow up with other logs as instructed (TSG Sys Info, etc)...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:58:35 AM, on 5/26/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\System32\NMSSvc.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\nvsvc32.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
E:\My Documents E\FirefoxPortable\App\firefox\firefox.exe
E:\My Documents E\FirefoxPortable\App\firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Desktop\Security & Maintenance\Diagnostic Programs & Websites\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Windows\COUPON~1.DLL
O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~2\Toolbar\grabber.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - (no file)
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: JackVanImpe.lnk = ?
O4 - Startup: Prayer.lnk = ?
O4 - Global Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.keepvid.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160622631387
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://freetrial.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Windows\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\System32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - - (no file)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 11469 bytes


----------



## Android (Oct 31, 2006)

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel Pentium III processor, x86 Family 6 Model 8 Stepping 6
Processor Count: 1
RAM: 511 Mb
Graphics Card: NVIDIA RIVA TNT2/TNT2 Pro , 16 Mb
Hard Drives: C: Total - 19084 MB, Free - 3753 MB; D: Total - 1907726 MB, Free - 1625727 MB; E: Total - 95605 MB, Free - 29701 MB; G: Total - 476937 MB, Free - 184148 MB; 
Motherboard: Compaq, 0684h, , X123DYSZA008
Antivirus: AVG Anti-Virus Free Edition 2011, Updated: Yes, On-Demand Scanner: Enabled


----------



## Android (Oct 31, 2006)

I have DDS and try running it. A small black window opens then rapidly closes, then nothing happens. In your instructions, it says "Disable any script blocker you may have as they may interfere and then double-click the DDS.scr to run the tool" but I don't know how to disable a script blocker. Please advise. Now I'll move on to GMER...


----------



## Android (Oct 31, 2006)

As mentioned in the Administrator's guidance here...
http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

1. Copy and paste the HijackThis log. (DONE)
2. Copy and paste the contents of the DDS.txt file. (NOT YET DONE, SEE PRIOR MESSAGE)
3. Upload as an attachment the Attach.txt file. There is no need to zip it as suggested in the DDS instructions (NOT YET DONE, SEE PRIOR MESSAGE)
4. Copy and paste the contents of the ark.txt file. (DONE BELOW, ARK.TXT output from GMER below, also attached as a JPG)

============

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-26 12:57:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD200BB-60AUA1 rev.18.20D18
Running: GMER 4o9wqoz6.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwlyqpod.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF890E738]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF890E7DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF890E878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF890E914]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 4A0 804E2B0C 4 Bytes JMP 8F0523A1 
.text C:\Windows\System32\DRIVERS\nv4_mini.sys section is writeable [0xF7FA8340, 0xFFF3F, 0xF8000020]
.text C:\Windows\System32\nv4_disp.dll section is writeable [0xBF012300, 0x234A20, 0xF8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Ahead Software AG)
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Ahead Software AG)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\[email protected] Optus (Australia) via 1812
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\[email protected] 
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\[email protected] 
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\[email protected] 
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\[email protected] 
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\[email protected] 1812
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\[email protected] FG
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\[email protected] FG
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\[email protected] [email protected],0011EFG
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\[email protected] 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\[email protected] Optus (Australia) via 008551812
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\[email protected] 
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\[email protected] 
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\[email protected] 
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\[email protected] 
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\[email protected] 008551812
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\[email protected] FG
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\[email protected] FG
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\[email protected] [email protected],0011EFG
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\[email protected] 1

---- EOF - GMER 1.0.15 ----


----------



## Android (Oct 31, 2006)

As mentioned in the 3rd message, DDS will not run because of a script blocker, and the guidance at...
http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html
provided no info on how to do this. I was able to do a screen capture of the small black window that flashes open and close, which is attached. If it helps, my antivirus program used is AVG Free.

More details on performance, with Internet Explorer, it bogs down with just one window & tab open. With Chrome, it bogs down with about 10 windows open, the same with Firefox Portable. With the full version of Firefox, there's better performance, but still is far less performance than what I previously had. Your assistance would be appreciated.


----------



## Android (Oct 31, 2006)

Seemed to get DDS to work, followed guidance at...
http://www.avgforums.com/viewtopic.php?f=7&t=1145
where_ "You could setup an exclusion in Tools>Advanced>Resident Shield>Excluded Items"_

=============

.
DDS (Ver_11-05-19.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by Administrator at 13:45:33 on 2011-05-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.45 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\svchost -k DcomLaunch
svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\inetsrv\inetinfo.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\System32\NMSSvc.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\system32\nvsvc32.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgsrmax.exe
C:\Windows\System32\svchost.exe -k imgsvc
E:\My Documents E\FirefoxPortable\App\firefox\firefox.exe
E:\My Documents E\FirefoxPortable\App\firefox\plugin-container.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Documents and Settings\Administrator\Desktop\Security & Maintenance\Diagnostic Programs & Websites\dds.scr
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mail.yahoo.com/
uSearch Bar = hxxp://home.peoplepc.com/search
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: TTB000000 Class: {62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} - c:\windows\COUPON~1.DLL
BHO: SBCONVERT Class: {a1056498-d09a-41e4-864b-505edd640d9e} - c:\program files\speedbit video downloader\toolbar\SpeedBitVideoDownloader.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {c451c08a-ec37-45df-aaad-18b51ab5e837} - PDFCreator Toolbar Helper
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~2\toolbar\grabber.dll
TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - 
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\SpeedBitVideoDownloader.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\jackva~1.lnk - g:\videos, education, documentaries\questionable media\JackVanImpe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\prayer.lnk - g:\Prayer
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bittor~1.lnk - c:\program files\bittorrent\bittorrent.exe
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: Refresh Pa&ge with Full Quality
IE: Refresh Pi&cture with Full Quality
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: keepvid.com
Trusted Zone: microsoft.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160622631387
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T26L/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\xwxm9cmg.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.f344.mail.yahoo.com/ym/ShowFolder?rb=Inbox
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\[email protected]\components\xpavgtbapi.dll
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\xwxm9cmg.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\xwxm9cmg.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Move Media Player: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\my documents e\firefoxportable\app\firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: [email protected] - c:\program files\avg\avg10\toolbar\firefox\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R1 ClntMgmt;Compaq Client Management Driver;c:\windows\system32\drivers\Clntmgmt.sys [2006-12-20 53324]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S1 cpqp6cpu;Compaq CPU driver;c:\windows\system32\drivers\cpqp6cpu.sys --> c:\windows\system32\drivers\cpqp6cpu.sys [?]
S2 aawservice;Lavasoft Ad-Aware Service; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-14 135664]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-9 947528]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-14 135664]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
.
=============== Created Last 30 ================
.
2011-05-22 22:36:23	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-05-22 22:36:23	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-05-22 22:36:23	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-05-22 22:36:23	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-05-22 22:36:23	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-05-22 22:36:23	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-05-22 22:36:23	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin.dll
2011-05-20 07:03:31	6962000	----a-w-	c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{b224c784-bd08-4d14-b8e3-dac1a3d357a4}\mpengine.dll
2011-05-19 16:03:40	--------	d-----w-	c:\program files\EMCO
2011-05-19 16:00:53	709456	----a-w-	c:\windows\is-EQULS.exe
2011-05-19 15:57:00	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-19 15:56:58	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-18 04:27:33	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-15 12:55:20	73728	----a-w-	c:\windows\system32\javacpl.cpl
.
==================== Find3M ====================
.
2011-04-15 01:28:42	134480	----a-w-	c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-14 09:07:59	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-04-05 04:59:56	297168	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2011-03-16 20:03:20	32592	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2011-03-07 05:33:50	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-03-03 13:21:11	1857920	----a-w-	c:\windows\system32\win32k.sys
2007-09-17 02:26:04	2293712	----a-w-	c:\program files\FLV PlayerFCSetup.exe
.
============= FINISH: 13:49:49.99 ===============


----------



## Android (Oct 31, 2006)

Ok, did all 4 parts of the guidance, plus the Tech Support Guy System Info Utility output (2nd message above), and some more info 2 messages up from this one. Will await your guidance. Thank you.


----------



## Android (Oct 31, 2006)

Something that jumps out at me, I don't use PeoplePC anymore, haven't for years.


----------



## Android (Oct 31, 2006)

Anything else I need to do to get this going? Another peculiar symptom is that it takes many minutes for one of my browsers, Firefox, to shut down. It might appear closed on the desktop screen & taskbar, but it remains for minutes open in the Windows Task Manager / Processes window, with Mem Usage slowly going down.


----------



## Android (Oct 31, 2006)

bump


----------



## Android (Oct 31, 2006)

bump


----------



## Cookiegal (Aug 27, 2003)

Please download Malwarebytes' Anti-Malware from *Here*.

Double Click *mbam-setup.exe* to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.*


----------



## Android (Oct 31, 2006)

Thanks Cookiegal. This is the result of the quick scan...

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6754

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/2/2011 3:16:48 PM
mbam-log-2011-06-02 (15-16-48).txt

Scan type: Quick scan
Objects scanned: 162675
Time elapsed: 19 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## Cookiegal (Aug 27, 2003)

Please run the following on-line scanner:

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\EsetOnlineScanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## flavallee (May 12, 2002)

Android:

I received your private message, so I'm replying back to you here. 

Cookiegal is assisting you and is much more qualified to assist you in the "Virus & Other Malware Removal" section than I am.

There are some things that I can assist you with, but that will have to wait for now.

---------------------------------------------------------------


----------



## Android (Oct 31, 2006)

ESET was running for hours, but then seemed to get hung up at around 50 percent. I had it also scanning Archive and "potentially unsafe applications" in addition to the default (Remove found threats, potentially unwanted applications, & enable anti-stealth technology). I'm running it again (hopefully it won't get hung up), but below was the log file after the first interrupted scan...


[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=3ba1668afffa214c9b4e102743dafe14
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-03 08:22:38
# local_time=2011-06-03 04:22:38 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777173 100 95 0 50127058 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63481
# found=5
# cleaned=5
# scan_time=18451
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\31\743fee9f-18e3ee86	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\32\774dcea0-620729ec	Java/Exploit.CVE-2009-2843.B trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\34\187b0ca2-607084e8	a variant of Java/Exploit.CVE-2009-2843.B trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\43\752509ab-3bb5b285	a variant of Java/Exploit.CVE-2009-2843.B trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\WINDOWS\CouponsBar.dll	probably a variant of Win32/Adware.Softomate.AD application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
[email protected] as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=3ba1668afffa214c9b4e102743dafe14
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-03 08:40:19
# local_time=2011-06-03 04:40:19 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777173 100 95 0 50146496 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=990
# found=0
# cleaned=0
# scan_time=72


----------



## Android (Oct 31, 2006)

Btw at the bottom of the ESET screen it had the message "Another antivirus program was detected. This may affect the performance and quality of the scan."


----------



## Android (Oct 31, 2006)

Here's the latest ESET scan with...
# archives_checked=false
# unsafe_checked=false
I can run it again with these two checked, but it might take a day for it to scan. Also noticed it placed some files into quarrantine during the first scan.

=============

[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=3ba1668afffa214c9b4e102743dafe14
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-03 08:22:38
# local_time=2011-06-03 04:22:38 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777173 100 95 0 50127058 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63481
# found=5
# cleaned=5
# scan_time=18451
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\31\743fee9f-18e3ee86	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\32\774dcea0-620729ec	Java/Exploit.CVE-2009-2843.B trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\34\187b0ca2-607084e8	a variant of Java/Exploit.CVE-2009-2843.B trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\43\752509ab-3bb5b285	a variant of Java/Exploit.CVE-2009-2843.B trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\WINDOWS\CouponsBar.dll	probably a variant of Win32/Adware.Softomate.AD application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
[email protected] as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=3ba1668afffa214c9b4e102743dafe14
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-03 08:40:19
# local_time=2011-06-03 04:40:19 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777173 100 95 0 50146496 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=990
# found=0
# cleaned=0
# scan_time=72
[email protected] as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=3ba1668afffa214c9b4e102743dafe14
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-03 11:30:55
# local_time=2011-06-03 07:30:55 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777173 100 95 0 50147277 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=82835
# found=0
# cleaned=0
# scan_time=9524


----------



## Cookiegal (Aug 27, 2003)

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
In *Additional Scans *section put a check in Disabled MS Config Items and EventViewer logs
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## Android (Oct 31, 2006)

That scan didn't take that long. Attached is OTS.txt from the scan.


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.

```
[Kill All Processes]
[Unregister Dlls]
[Win32 Services - Safe List]
YN -> (aawservice) Lavasoft Ad-Aware Service [Auto | Stopped] -> 
[Registry - Safe List]
< FireFox Extensions [Program Folders] > -> 
YN -> No name found -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} [HKLM] -> [TTB000000 Class]
YN -> {C451C08A-EC37-45DF-AAAD-18B51AB5E837} [HKLM] -> Reg Error: Key error. [PDFCreator Toolbar Helper]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" [HKLM] -> Reg Error: Key error. [PDFCreator Toolbar]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" [HKLM] -> Reg Error: Key error. [PDFCreator Toolbar]
YN -> WebBrowser\\"{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
YN -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BitTorrent.lnk -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &Clean Traces -> [C:\Program Files\DAP\Privacy Package\dapcleanerie.htm]
YN -> Download &all with DAP -> [C:\Program Files\DAP\dapextie2.htm]
YN -> Refresh Pa&ge with Full Quality -> Reg Error: Value error. [Reg Error: Value error.]
YN -> Refresh Pi&cture with Full Quality -> Reg Error: Value error. [Reg Error: Value error.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}:Exec [HKLM] -> [Button: PalTalk]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Reg Error: Key error.]
YN -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key error.]
YN -> Microsoft XML Parser for Java [HKLM] -> file://C:\Windows\Java\classes\xmldso.cab [Reg Error: Key error.]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files\AVG\AVG8\avgemc.exe" -> [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe]
YN -> "C:\Program Files\AVG\AVG8\avgnsx.exe" -> [C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe]
YN -> "C:\Program Files\AVG\AVG8\avgupd.exe" -> [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe]
YN -> "C:\Program Files\BitTorrent\bittorrent.exe" -> [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent]
[Files/Folders - Created Within 360 Days]
NY ->  2 C:\Windows\*.tmp files -> C:\Windows\*.tmp
[Files/Folders - Modified Within 360 Days]
NY ->  7 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp
NY ->  7 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp
NY ->  67 C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp
NY ->  67 C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp
NY ->  67 C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp
NY ->  2 C:\Windows\*.tmp files -> C:\Windows\*.tmp
[Alternate Data Streams]
NY -> @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
NY -> @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
NY -> @Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD060F93
NY -> @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
[Empty Temp Folders]
[EmptyFlash]
[Start Explorer]
[Reboot]
```


----------



## Android (Oct 31, 2006)

Hi. Did as you wrote, and then Windows unexpectedly tried to shut down. I didn't get a message box saying it was finished or clicked an OK button. I waited for about an hour, but the monitor was still stuck on the "Windows Shutting Down" screen, so I did a cold boot. After it booted up, a notepad window opened with the information cut & pasted below. I'll next follow-up with another HJT log...

==========
All Processes Killed
[Win32 Services - Safe List]
Service aawservice stopped successfully!
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BitTorrent.lnk moved successfully.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BitTorrent.lnk not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Clean Traces\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download &all with DAP\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Refresh Pa&ge with Full Quality\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Refresh Pi&cture with Full Quality\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}:Exec\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\Contains\Files\ not found.
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\Microsoft XML Parser for Java\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgemc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgnsx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgupd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe deleted successfully.
[Files/Folders - Created Within 360 Days]
C:\Windows\SET3.tmp deleted successfully.
C:\Windows\SET7.tmp deleted successfully.
[Files/Folders - Modified Within 360 Days]
C:\Windows\Temp\85spszsb.TMP deleted successfully.
C:\Windows\Temp\SBC1C.tmp deleted successfully.
C:\Windows\Temp\SBC3.tmp deleted successfully.
C:\Windows\Temp\SBC9.tmp deleted successfully.
C:\Windows\Temp\SBCF.tmp deleted successfully.
C:\Windows\Temp\ubx7fqjc.TMP deleted successfully.
C:\Windows\Temp\upc0ek8j.TMP deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\12.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\div10.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\div11.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\div12.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\div13.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\div14.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\div15.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\div16.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\div17.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\div18.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\div19.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\div1A.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\div2.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\div3.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\div4.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\div5.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\div6.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\div7.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\div75.tmp\div76.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\div75.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\div8.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\div9.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\divA.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\divB.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\divC.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\divD.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\divE.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\divF.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\is-KLMK7.tmp\mbam.dll deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\is-KLMK7.tmp folder deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache1657556010682117002.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache2239920605958203206.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache2408781091504828854.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache2551381561331691915.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache2607045119184388236.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache2660046918218665640.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache3283320519575487469.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache4318781738729773511.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache4380332914766788149.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache4562492576674831587.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache4926494171883285582.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache6852873592081023111.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache7629926604843720543.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache8633319334664789752.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache8844090534517424126.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache8889125300287942896.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\NOD4851.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\sv1jp.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\sv2h2.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\sv3hi.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\sv3i6.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\sv406.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\sv5hc.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\sv77e.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\sva0m.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\svgdc.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\svidn.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\svlig.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\svm79.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\svm9k.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\svmie.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\svmkg.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\svnc6.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\svo9n.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\svpd9.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF3AA4.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF55CA.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF5A98.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF62C2.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6D85.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF772C.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE6D.tmp deleted successfully.
[Alternate Data Streams]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CD060F93 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 843355745 bytes
->Temporary Internet Files folder emptied: 56358165 bytes
->Java cache emptied: 60934966 bytes
->FireFox cache emptied: 80629975 bytes
->Google Chrome cache emptied: 253867076 bytes
->Apple Safari cache emptied: 720896 bytes
->Flash cache emptied: 1091 bytes

User: All Users

User: CPQ11071319824

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33193 bytes
->Flash cache emptied: 56466 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49554 bytes

User: NetworkService
->Temp folder emptied: 1594547 bytes
->Temporary Internet Files folder emptied: 315136165 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 148886014 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1877543 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 41403 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,682.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: CPQ11071319824

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.43.0 fix logfile created on 06052011_175443

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 8 for New Folder.zip\New Folder\Questions, answers on ordination ceremony www.pittsburghcatholic.org newsarticles_more.phtml id=1720 Pittsburgh Catholic Newspaper - News and Features.htm not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 8 for New Folder.zip\New Folder\www.washtimes.com national 20041226-114858-7878r.htm College activists protest left bias - The Washington Times Nation-Politics - December 27, 2004.htm not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 7 for New Folder.zip\New Folder\www.washtimes.com national 20041226-114858-7878r.htm College activists protest left bias - The Washington Times Nation-Politics - December 27, 2004.htm not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 5 for New Folder.zip\New Folder\eBay item 6169851381 (Ends Apr-11-05 185525 PDT) - Eucharist from Mass w- Pope John Paul II in 1998 +Xtras_files\eBayISAPI_files\iframefooter_tracking.js not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 4 for ThomasMerton - Cocktails for a Cause, a happy hour to benefit Planned Parenthood of Western Pennsylvania - Display Item Form.zip\ThomasMerton - Cocktails for a Cause, a happy hour to benefit Planned not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 3 for ThomasMerton - Cocktails for a Cause, a happy hour to benefit Planned Parenthood of Western Pennsylvania - Display Item Form.zip\ThomasMerton - Cocktails for a Cause, a happy hour to benefit Planned not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 3 for New Folder.zip\New Folder\www.washtimes.com national 20041226-114858-7878r.htm College activists protest left bias - The Washington Times Nation-Politics - December 27, 2004.htm not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 12 for New Folder.zip\New Folder\www.washtimes.com national 20041226-114858-7878r.htm College activists protest left bias - The Washington Times Nation-Politics - December 27, 2004.htm not found!

Registry entries deleted on Reboot...


----------



## Android (Oct 31, 2006)

BTW, I never knew I had Apple Safari installed. Also, there seems to be alot more free space on my HDDs. Did this clean up old baggage that wasn't needed? Just interested in knowing what happened.


----------



## Android (Oct 31, 2006)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:17:49 PM, on 6/5/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Windows\system32\nvsvc32.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
E:\My Documents E\FirefoxPortable\App\firefox\firefox.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
E:\My Documents E\FirefoxPortable\App\firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Desktop\Security & Maintenance\Diagnostic Programs & Websites\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~2\Toolbar\grabber.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: JackVanImpe.lnk = ?
O4 - Startup: Prayer.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.keepvid.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160622631387
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://freetrial.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Windows\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\System32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - - (no file)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 11160 bytes


----------



## Cookiegal (Aug 27, 2003)

Yes, we cleaned out a lot of stuff in the temp folders. You should delete the contents of the temp folders and Temp Internet files regularly. I also removed remnants of still had from AVG8. When you install a new version of any program you should run the uninstaller, then if there is a removal tool (as there is for AVG) run that as well and then reboot before installing the latest version. The reboot will ensure a complete uninstallation as some files can only be removed on reboot.

Rescan with HijackThis, close all other browser windows, place a check mark beside the following entries and then click on "Fix Checked".

*O23 - Service: Lavasoft Ad-Aware Service (aawservice) - - (no file)*

How are things with the system now?


----------



## Android (Oct 31, 2006)

Well, when I tried the "limiting factor" Internet Explorer, which ran on only one window & tab, anything more would bring it to a near-halt, it still ran like a slug. Not much noticeable improvement. Firefox runs ok, but not much better than before. Still takes a long time to shut down and reboot. It wasn't like this a few months ago. I haven't tried defragging the HDD in awhile, maybe a month or two, and it's been a very long time since I had so much free space on the C drive (about 30% free now). So I'll try that later today, defragmentation.


----------



## Cookiegal (Aug 27, 2003)

Yes, try to do a defrag and see if it helps. We'll run more tools to see if anything turns up.

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Click *Scan*.

Upon completion of the scan, click *Save log* then save it to your desktop and post that log in your next reply for review. 
*Note - do NOT attempt any Fix yet. *


----------



## flavallee (May 12, 2002)

Cookiegal:

Do you mind if I jump in and assist Android with the startup load?

-----------------------------------------------------------------


----------



## Cookiegal (Aug 27, 2003)

Not at all flavallee.


----------



## flavallee (May 12, 2002)

Android:

Click Start - Run, then type in *MSCONFIG* , then click OK - "Startup" tab.

Remove the checkmark in these startup entries:

*Windows Defender* - or - *MSASCui*

*DivXUpdate*

*Adobe Reader Speed Launcher* - or - *Reader_sl*

*Adobe ARM* - or - *AdobeARM*

*QuickTime Task* - or - *QTTask*

*BitTorrent DNA* - or - *btdna*

*NvMediaCenter* - or - *NVMCTRAY.DLL,NvTaskbarInit*

and any other entries that have *Nv* or *Adobe* or *Reader* as part of the name.

After you're done, click Apply - OK/Close - Exit Without Restart.

Click Start - Run, then type in *SERVICES.MSC* , then click OK.

Expand the window that appears so you can see the list more clearly.

Double-click one at a time on these service entries to open their properties window:

*Lavasoft Ad-Aware Service

AVG Security Toolbar Service

Google Update Service

InstallDriver Table Manager

InCD Helper

Java Quick Starter

NVIDIA Driver Helper Service

Windows Defender*

If "Startup Type" is set on Automatic, change it to Manual, then click Apply - OK.

If "Startup Type" is already set on Manual, close the properties window for that entry.

After you're done, close the window, then restart the computer.

A small System Configuration Utility window will appear on the desktop during startup.

Ignore its message and do NOT(!) change it back to Normal Startup mode.

Put a checkmark in the lower left of that window, then click OK to close it.

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then submit it here.

----------------------------------------------------

*Lavasoft Ad-Aware

Spybot - Search & Destroy

Windows Defender*

should all be uninstalled, as there are better and more user-friendly replacements for them.

----------------------------------------------------


----------



## Android (Oct 31, 2006)

Ok, here's the scan from that aswMBR program. I'll follow up with that MSConfig guidance.

====

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-07 22:01:47
-----------------------------
22:01:47.985 OS Version: Windows 5.1.2600 Service Pack 3
22:01:47.985 Number of processors: 1 586 0x806
22:01:47.985 ComputerName: CPQ11071319824 UserName: Administrator
22:01:53.863 Initialize success
22:02:02.205 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
22:02:02.245 Disk 0 Vendor: WDC_WD200BB-60AUA1 18.20D18 Size: 19092MB BusType: 3
22:02:02.245 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
22:02:02.245 Disk 1 Vendor: Maxtor_6L100P0 BAJ41G20 Size: 95611MB BusType: 3
22:02:02.295 Disk 0 MBR read successfully
22:02:02.305 Disk 0 MBR scan
22:02:02.305 Disk 0 unknown MBR code
22:02:02.316 Disk 0 scanning sectors +39085200
22:02:02.366 Disk 0 scanning C:\Windows\system32\drivers
22:02:26.010 Service scanning
22:02:29.915 Disk 0 trace - called modules:
22:02:29.975 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys 
22:02:29.975 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b26ab8]
22:02:29.985 3 CLASSPNP.SYS[f85b5fd7] -> nt!IofCallDriver -> \Device\00000073[0x82baa9b8]
22:02:30.035 5 ACPI.sys[f852c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82bab3d8]
22:02:30.035 Scan finished successfully
22:03:00.940 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
22:03:01.000 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"


----------



## Android (Oct 31, 2006)

In MSCONFIG, I couldn't find NvMediaCenter - or - NVMCTRAY.DLL,NvTaskbarInit

In SERVICES.MSC, there were two Google Update Service...
Google Update Service (gupdate) and Google Update Service (gupdatem)

Both were set to Manual. I tried to restart, but the system hung. Waited 6 hours, and then cold-booted. System wanted to start in Safe Mode, but I chose Normal. The Configuration Utility window appeared on the desktop during startup and I put a checkmark in the lower left of that window & clicked OK to close it.

Noticed that the Services tab in MSCONFIG had all of those items you had under SERVICES.MSC checked. I'll now run a new HJT scan. Should I also uninstall Lavasoft Ad-Aware, Spybot - Search & Destroy, and Windows Defender as shown at the end of your message?


----------



## Android (Oct 31, 2006)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:46:41 AM, on 6/8/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\inetsrv\inetinfo.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Administrator\Desktop\Security & Maintenance\Diagnostic Programs & Websites\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~2\Toolbar\grabber.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: JackVanImpe.lnk = ?
O4 - Startup: Prayer.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.keepvid.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160622631387
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://freetrial.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Windows\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\System32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - - (no file)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 10404 bytes


----------



## flavallee (May 12, 2002)

Go back to Start - Run - MSCONFIG - OK - "Startup" tab.

Write down only the names in the "Startup Item" column that still have a checkmark.

Make sure to spell them exactly as you see them there.

Submit those names here in a vertical list.

-------------------------------------------------------------------

Do NOT(!) uncheck any entries in the "Services" tab.

--------------------------------------------------------------------

Yes, uninstall *Lavasoft Ad-Aware* and *Spybot - Search & Destroy* and *Windows Defender*.

-------------------------------------------------------------------


----------



## Android (Oct 31, 2006)

Ok, I removed SpyBot S&D and Windows Defender. I don't think Ad-Aware was installed. I had it installed some time ago though. I also tried to uninstall something that looked strange, CouponBar, but it wouldn't allow me to do it. The screen just flashed a bit and went back, with no error message. A JPG capture of the "Add or Remove Programs" window with CouponBar is attached. The removal of SpyBot asked me to reboot, so I'll do that now and then go into MSCONFIG again.


----------



## flavallee (May 12, 2002)

I can't see the rest of your programs in your screenshot, but from what I can see, I strongly suggest that you uninstall

*EasyCleaner* (a very outdated registry and file cleaner from ToniArts)

*Eusing Free Registry Cleaner*

Registry cleaners will do little-to-nothing to improve speed, but what they can do is damage the Windows operating system and break some of your programs.

---------------------------------------------------------------

I'm not familiar with

*EMCO Malware Destroyer 6*

so I don't know how reliable or effective it is.

----------------------------------------------------------------


----------



## Android (Oct 31, 2006)

Ok, but I liked EasyCleaner's ability to search for duplicates across many hard drives, file management, and such. Is there an up-to-date and better program to use than EasyCleaner?


----------



## flavallee (May 12, 2002)

*ToniArts EasyCleaner* was great for searching for and deleting obsolete and useless files, but it hasn't been updated in several years, so I wouldn't advise continuing to use it.

You won't get any recommendation for any registry cleaner/booster/optimizer/tuneup type program from me. Using them is one of the best ways to trash your computer.

----------------------------------------------------------------


----------



## Android (Oct 31, 2006)

Understood, but are there any freeware programs out there that does what EasyCleaner did for searching/deleting obsolete & duplicate files? Attached are screen capture JPGs from "Add or Remove Programs". CouponBar still can't be removed.


----------



## Android (Oct 31, 2006)

continued.


----------



## Android (Oct 31, 2006)

last one. I'll now get that list from MSCONFIG...


----------



## Android (Oct 31, 2006)

Ok, attached are captures of MSCONFIG Startup and Services. In the Startup tab, there's only the few (7) above the highlighted bar. I wonder if Verizonservicepoint is necessary.

In the Services tab, every single one is checked, too many to count. The first one is Ad-Aware, which I believe is uninstalled, did that weeks ago.


----------



## Cookiegal (Aug 27, 2003)

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.

Also:

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## flavallee (May 12, 2002)

You should've unchecked "Show Updates" before you submitted those screenshots because your Add Or Remove Programs list is showing all the Windows updates and hotfixes besides the installed programs and add-ons.

---------------------------------------------------------------

These old java versions need to be uninstalled:

*Java(TM) 6 Update 5

Java(TM) 6 Update 7*

---------------------------------------------------------------

Follow Cookiegal's instruction in her last reply.

----------------------------------------------------------------


----------



## Android (Oct 31, 2006)

HJT uninstall_list.txt
========

7-Zip 4.65
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Apple Application Support
Apple Software Update
AVG 2011
AVG 2011
AVG 2011
BitTorrent
Bonjour
Castle Constructor 1.0
Catholic Prayer Book
Compaq EAB Software
Conquest 4.0
CouponBar
Critical Update for Windows Media Player 11 (KB959772)
Digital Video Repair version 2.2.0.1
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
Download Accelerator Plus (DAP)
EMCO Malware Destroyer 6
ESET Online Scanner v3
Express Rip
Freecorder Toolbar
Freecorder Toolbar 3.0 Application
Google Chrome
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ieSpell
InCD
Intel(R) Network Connections Drivers
Intel(R) PROSet II
InterActual Player
IrfanView (remove only)
iSilo
Java(TM) 6 Update 25
Java(TM) 6 Update 5
Java(TM) 6 Update 7
KeepV Flash Converter
KRISTAL Audio Engine
L&H TTS3000 British English
LaCie USB2 Storage Driver
Malwarebytes' Anti-Malware version 1.51.0.1200
[email protected]
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Suite
NVIDIA Windows 2000/XP Display Drivers
OpenOffice.org 3.2
PaltalkScene
Panda ActiveScan
PCFriendly
PDFCreator
PDFCreator Toolbar
PhoneTools
PlayLinc
PowerDVD
QuickTime
Security Advisor
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SoundTap
SpeedBit Video Accelerator
SpeedBit Video Downloader
SpywareBlaster 4.4
Stations of the Cross 1.0
Stations of the Cross, v6.0
Switch
The Last Portion of Stations of the Cross 1.0
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Verizon Broadband Toolbar
Verizon PC Security Checkup
Verizon Servicepoint 1.5.20
VideoLAN VLC media player 0.8.6h
WavePad Sound Editor
WD Diagnostics
Windows Defender Signatures
Windows Internet Explorer 8
Windows Media Player 11
Windows XP Service Pack 3


----------



## Android (Oct 31, 2006)

Would the list above replace the screenshots, or do you want me to do the shots again with "Show Updates" unchecked?


----------



## flavallee (May 12, 2002)

The list that you submitted for Cookiegal should suffice for now, unless she advises you to submit new screenshots.

----------------------------------------------------------------


----------



## Android (Oct 31, 2006)

Recent eventvwr.msc Errors
====

Event Type:	Error
Event Source:	Application Hang
Event Category:	(101)
Event ID:	1002
Date: 6/8/2011
Time: 2:32:35 PM
User: N/A
Computer:	CPQ11071319824
Description:
Hanging application DivX Plus Player.exe, version 10.2.1.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 44 69 76 58 20 50 DivX P
0018: 6c 75 73 20 50 6c 61 79 lus Play
0020: 65 72 2e 65 78 65 20 31 er.exe 1
0028: 30 2e 32 2e 31 2e 32 30 0.2.1.20
0030: 20 69 6e 20 68 75 6e 67 in hung
0038: 61 70 70 20 30 2e 30 2e app 0.0.
0040: 30 2e 30 20 61 74 20 6f 0.0 at o
0048: 66 66 73 65 74 20 30 30 ffset 00
0050: 30 30 30 30 30 30 000000 
====

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 6/8/2011
Time: 12:55:49 PM
User: N/A
Computer:	CPQ11071319824
Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x072e9000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 35 35 31 32 20 00.5512 
0030: 69 6e 20 75 6e 6b 6e 6f in unkno
0038: 77 6e 20 30 2e 30 2e 30 wn 0.0.0
0040: 2e 30 20 61 74 20 6f 66 .0 at of
0048: 66 73 65 74 20 30 37 32 fset 072
0050: 65 39 30 30 30 0d 0a e9000.. 
====

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 6/8/2011
Time: 12:29:50 PM
User: N/A
Computer:	CPQ11071319824
Description:
Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module unknown, version 0.0.0.0, fault address 0x02bb4a5f.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 77 6d 70 ure wmp
0018: 6c 61 79 65 72 2e 65 78 layer.ex
0020: 65 20 31 31 2e 30 2e 35 e 11.0.5
0028: 37 32 31 2e 35 31 34 35 721.5145
0030: 20 69 6e 20 75 6e 6b 6e in unkn
0038: 6f 77 6e 20 30 2e 30 2e own 0.0.
0040: 30 2e 30 20 61 74 20 6f 0.0 at o
0048: 66 66 73 65 74 20 30 32 ffset 02
0050: 62 62 34 61 35 66 0d 0a bb4a5f..
====

Event Type:	Error
Event Source:	Application Hang
Event Category:	(101)
Event ID:	1002
Date: 6/8/2011
Time: 12:03:27 PM
User: N/A
Computer:	CPQ11071319824
Description:
Hanging application vlc.exe, version 0.8.6.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 76 6c 63 2e 65 78 vlc.ex
0018: 65 20 30 2e 38 2e 36 2e e 0.8.6.
0020: 30 20 69 6e 20 68 75 6e 0 in hun
0028: 67 61 70 70 20 30 2e 30 gapp 0.0
0030: 2e 30 2e 30 20 61 74 20 .0.0 at 
0038: 6f 66 66 73 65 74 20 30 offset 0
0040: 30 30 30 30 30 30 30 0000000 
====

Event Type:	Error
Event Source:	Application Error
Event Category:	(100)
Event ID:	1000
Date: 6/8/2011
Time: 12:02:56 PM
User: N/A
Computer:	CPQ11071319824
Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 64 72 77 ure drw
0018: 74 73 6e 33 32 2e 65 78 tsn32.ex
0020: 65 20 35 2e 31 2e 32 36 e 5.1.26
0028: 30 30 2e 30 20 69 6e 20 00.0 in 
0030: 64 62 67 68 65 6c 70 2e dbghelp.
0038: 64 6c 6c 20 35 2e 31 2e dll 5.1.
0040: 32 36 30 30 2e 35 35 31 2600.551
0048: 32 20 61 74 20 6f 66 66 2 at off
0050: 73 65 74 20 30 30 30 31 set 0001
0058: 32 39 35 64 295d 
====

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 6/8/2011
Time: 12:00:15 PM
User: N/A
Computer:	CPQ11071319824
Description:
Faulting application vlc.exe, version 0.8.6.0, faulting module libcinepak_plugin.dll, version 0.0.0.0, fault address 0x00001f50.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 76 6c 63 ure vlc
0018: 2e 65 78 65 20 30 2e 38 .exe 0.8
0020: 2e 36 2e 30 20 69 6e 20 .6.0 in 
0028: 6c 69 62 63 69 6e 65 70 libcinep
0030: 61 6b 5f 70 6c 75 67 69 ak_plugi
0038: 6e 2e 64 6c 6c 20 30 2e n.dll 0.
0040: 30 2e 30 2e 30 20 61 74 0.0.0 at
0048: 20 6f 66 66 73 65 74 20 offset 
0050: 30 30 30 30 31 66 35 30 00001f50
0058: 0d 0a .. 
====

Event Type:	Error
Event Source:	Application Hang
Event Category:	None
Event ID:	1001
Date: 6/7/2011
Time: 8:51:55 PM
User: N/A
Computer:	CPQ11071319824
Description:
Fault bucket 284793663.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket: 
0008: 32 38 34 37 39 33 36 36 28479366
0010: 33 0d 0a 3.. 
====

Event Type:	Error
Event Source:	Application Hang
Event Category:	(101)
Event ID:	1002
Date: 6/7/2011
Time: 8:51:41 PM
User: N/A
Computer:	CPQ11071319824
Description:
Hanging application vlc.exe, version 0.8.6.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 76 6c 63 2e 65 78 vlc.ex
0018: 65 20 30 2e 38 2e 36 2e e 0.8.6.
0020: 30 20 69 6e 20 68 75 6e 0 in hun
0028: 67 61 70 70 20 30 2e 30 gapp 0.0
0030: 2e 30 2e 30 20 61 74 20 .0.0 at 
0038: 6f 66 66 73 65 74 20 30 offset 0
0040: 30 30 30 30 30 30 30 0000000 
====

Event Type:	Error
Event Source:	Application Error
Event Category:	(100)
Event ID:	1000
Date: 6/7/2011
Time: 8:32:50 PM
User: N/A
Computer:	CPQ11071319824
Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 64 72 77 ure drw
0018: 74 73 6e 33 32 2e 65 78 tsn32.ex
0020: 65 20 35 2e 31 2e 32 36 e 5.1.26
0028: 30 30 2e 30 20 69 6e 20 00.0 in 
0030: 64 62 67 68 65 6c 70 2e dbghelp.
0038: 64 6c 6c 20 35 2e 31 2e dll 5.1.
0040: 32 36 30 30 2e 35 35 31 2600.551
0048: 32 20 61 74 20 6f 66 66 2 at off
0050: 73 65 74 20 30 30 30 31 set 0001
0058: 32 39 35 64 295d 
====

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 6/7/2011
Time: 8:31:57 PM
User: N/A
Computer:	CPQ11071319824
Description:
Faulting application vlc.exe, version 0.8.6.0, faulting module libcinepak_plugin.dll, version 0.0.0.0, fault address 0x00001f50.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 76 6c 63 ure vlc
0018: 2e 65 78 65 20 30 2e 38 .exe 0.8
0020: 2e 36 2e 30 20 69 6e 20 .6.0 in 
0028: 6c 69 62 63 69 6e 65 70 libcinep
0030: 61 6b 5f 70 6c 75 67 69 ak_plugi
0038: 6e 2e 64 6c 6c 20 30 2e n.dll 0.
0040: 30 2e 30 2e 30 20 61 74 0.0.0 at
0048: 20 6f 66 66 73 65 74 20 offset 
0050: 30 30 30 30 31 66 35 30 00001f50
0058: 0d 0a .. 
====

Event Type:	Warning
Event Source:	Userenv
Event Category:	None
Event ID:	1517
Date: 6/5/2011
Time: 6:00:14 PM
User: NT AUTHORITY\SYSTEM
Computer:	CPQ11071319824
Description:
Windows saved user CPQ11071319824\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Android (Oct 31, 2006)

The prior list was under "Application" in Event Viewer. "System" starts off with a series of Warnings. If you want these, let me know, else I'll just put in the Errors below...


----------



## Android (Oct 31, 2006)

Event viewer, SYSTEM...
====

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 6/8/2011
Time: 10:04:03 AM
User: N/A
Computer:	CPQ11071319824
Description:
The Ati HotKey Poller service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
====

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 6/8/2011
Time: 10:04:03 AM
User: N/A
Computer:	CPQ11071319824
Description:
Timeout (30000 milliseconds) waiting for the Ati HotKey Poller service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
====

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	4
Date: 6/8/2011
Time: 9:57:41 AM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
====

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	5
Date: 6/8/2011
Time: 9:57:41 AM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
====

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 6/8/2011
Time: 6:37:55 AM
User: N/A
Computer:	CPQ11071319824
Description:
The Ati HotKey Poller service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
====

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 6/8/2011
Time: 6:37:55 AM
User: N/A
Computer:	CPQ11071319824
Description:
Timeout (30000 milliseconds) waiting for the Ati HotKey Poller service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
====

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	4
Date: 6/8/2011
Time: 6:31:41 AM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
====

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	5
Date: 6/8/2011
Time: 6:31:41 AM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
====

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 6/8/2011
Time: 5:59:39 AM
User: N/A
Computer:	CPQ11071319824
Description:
The Ati HotKey Poller service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
====

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 6/8/2011
Time: 5:59:39 AM
User: N/A
Computer:	CPQ11071319824
Description:
Timeout (30000 milliseconds) waiting for the Ati HotKey Poller service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
====

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	4
Date: 6/8/2011
Time: 5:53:33 AM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
====

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	5
Date: 6/8/2011
Time: 5:53:33 AM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
====

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 6/8/2011
Time: 5:22:06 AM
User: N/A
Computer:	CPQ11071319824
Description:
The Ati HotKey Poller service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
====

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 6/8/2011
Time: 5:22:06 AM
User: N/A
Computer:	CPQ11071319824
Description:
Timeout (30000 milliseconds) waiting for the Ati HotKey Poller service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
====

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	4
Date: 6/8/2011
Time: 5:15:48 AM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
====

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	5
Date: 6/8/2011
Time: 5:15:48 AM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
====

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7011
Date: 6/7/2011
Time: 3:16:36 PM
User: N/A
Computer:	CPQ11071319824
Description:
Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
====

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 6/7/2011
Time: 3:12:22 PM
User: N/A
Computer:	CPQ11071319824
Description:
The Ati HotKey Poller service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
====

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 6/7/2011
Time: 3:12:22 PM
User: N/A
Computer:	CPQ11071319824
Description:
Timeout (30000 milliseconds) waiting for the Ati HotKey Poller service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
====

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	4
Date: 6/7/2011
Time: 3:06:19 PM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
====

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	5
Date: 6/7/2011
Time: 3:06:19 PM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
====

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 6/6/2011
Time: 11:01:21 PM
User: N/A
Computer:	CPQ11071319824
Description:
The Ati HotKey Poller service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Go to Control Panel - Add or Remove Programs and remove these:

CouponBar
Freecorder Toolbar
Freecorder Toolbar 3.0 Application
Java(TM) 6 Update 5
Java(TM) 6 Update 7

Then reboot and post a new HijackThis log please.


----------



## flavallee (May 12, 2002)

Have you been using BitTorrent while we've been assisting you?

It appears once in the O4 log entries in post #24, but it appears twice in the O4 log entries in post #33.

-----------------------------------------------------------------


----------



## Cookiegal (Aug 27, 2003)

One of those errors seem to indicate a problem with the BIOS. See this MS article:

http://support.microsoft.com/default.aspx?scid=kb;en-us;283649&Product=winxp

However, this is not my area of expertise.


----------



## Android (Oct 31, 2006)

Cookiegal, I removed the two Javas and the two Freecorders, but again, the CouponBar will not do anything when you click on the Remove link.

Yes, I was using it to download a documentary, but it's off now (BitTorrent). I use it to download big things overnight, last night. I don't think I've used it now for a few months, until last night.

I just did a search on all my HDDs for any file or folder named couponbar, but found nothing. There's a few links here on removing CouponBar. One link describes it as Adware and as "Dangerous"...
http://www.google.com/search?q=couponbar+remove


----------



## flavallee (May 12, 2002)

I don't know why you're getting all those *ATI HotKey Poller* entries in your event viewer log because your computer specifications shows *NVIDIA Riva TNT2* graphics. Have you upgraded to ATI graphics?

Is your computer a Compaq brand? If it is, advise what the product number(P/N) on the sticker is.

-------------------------------------------------------------------


----------



## Android (Oct 31, 2006)

@Cookiegal, it states it's "by design", so is this a "good" error? It mentions Input/Output, not sure if this is related, but my internal aftermarket DVD drive in the computer hasn't worked for about a year now. The CD drive which came with the computer still works. I can pull off the case and see if there's anything funny inside. It hasn't been cleaned in years.


----------



## Android (Oct 31, 2006)

Yes flavallee, it's a Compaq. There's a silver sticker and a colorful Windows sticker. The sticker has ENL/P1.0/20E/6/256cvn US
Then there's a Serial Number beginning with X123DY...

I don't think I upgraded my graphics, could be. Not sure. I can pop the case.


----------



## flavallee (May 12, 2002)

I'm guessing it's a *Compaq Presario* brand name/model name. You don't see a model number on it anywhere?

There should be a HP/Compaq sticker with a product number or part number.

It's obvious that's a very old computer.

-------------------------------------------------------------


----------



## Android (Oct 31, 2006)

On the front on the computer, printed is "Deskpro EN". I don't do anything fancy on it, just basic office work and video watching, and internet searches. Another thing on the errors, there was a neighborhood power outage in the early afternoon yesterday, I have no UPS. Could this have caused some errors?


----------



## flavallee (May 12, 2002)

If it's a *Compaq Deskpro EN* series desktop, this is probably what you have:

http://h18000.www1.hp.com/products/quickspecs/10653_na/10653_na.html

I'm guessing that you have the Convertible Minitower model and that it came with Windows 98SE.

-------------------------------------------------------------------


----------



## Cookiegal (Aug 27, 2003)

Android said:


> @Cookiegal, it states it's "by design", so is this a "good" error? It mentions Input/Output, not sure if this is related, but my internal aftermarket DVD drive in the computer hasn't worked for about a year now. The CD drive which came with the computer still works. I can pull off the case and see if there's anything funny inside. It hasn't been cleaned in years.


I don't know. Even though they say it's by design they do recommend getting a BIOS update.

Download the Registry Search Tool By Bobbi Flekman from the following link to your desktop:

http://www.bleepingcomputer.com/files/regsearch.php

Unzip it and double click on the file to run it. If your antivirus interferes you may have to disable script blocking in the antivirus. Copy and Paste the following in the search box:

62960d20-6d0d-1ab4-4bf1-95b0b5b8783a

Copy and paste the results here please.

Also, there's a Firefox add-on for CouponBar so please delete or disable it if it can't be deleted.


----------



## Android (Oct 31, 2006)

flavallee said:


> If it's a *Compaq Deskpro EN* series desktop, this is probably what you have:
> 
> http://h18000.www1.hp.com/products/quickspecs/10653_na/10653_na.html
> 
> ...


Yes, it's the Slim Desktop version, not the minitower. It has a sticker on the side for "Windows 2000 Prefessional 1-2 CPU"


----------



## Android (Oct 31, 2006)

Cookiegal said:


> I don't know. Even though they say it's by design they do recommend getting a BIOS update.
> Download the Registry Search Tool By Bobbi Flekman from the following link to your desktop:
> http://www.bleepingcomputer.com/files/regsearch.php
> Unzip it and double click on the file to run it. If your antivirus interferes you may have to disable script blocking in the antivirus. Copy and Paste the following in the search box:
> ...


Cookiegal, the link you had went to a program called Registry Reviver, I installed it and the first run did an automatic scan where it found 619 errors. Attached are some screen captures. Also now, RR is running in the background. I couldn't find within the RR program a place to do a search for 62960d20-6d0d-1ab4-4bf1-95b0b5b8783a. I didn't press the "Fix" button within RR, but closed the window/program.

I'll look for the CouponBar add on. Should I also try some of the CouponBar removal tips found in the Google search?


----------



## Android (Oct 31, 2006)

Ok, looks like I clicked on the wrong thing at the link you provided me. LOL. Should I remove RR?

Here's a RegSearch.txt, but it seems that Registry Search might still be running as it's "hanging" with a white screen...

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 6/11/2011 8:28:30 AM for strings:
; '62960d20-6d0d-1ab4-4bf1-95b0b5b8783a'
; Strings excluded from search:
; (None)
; Search in: 
; Registry Keys Registry Values Registry Data 
; HKEY_LOCAL_MACHINE HKEY_USERS

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.TTB000000\CLSID]
@="{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.TTB000000.1\CLSID]
@="{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}"

[HKEY_USERS\S-1-5-21-2167395947-1465058494-1690550294-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}]

[HKEY_USERS\S-1-5-21-2167395947-1465058494-1690550294-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}]

[HKEY_USERS\S-1-5-21-2167395947-1465058494-1690550294-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\iexplore]

; End Of The Log...


----------



## Android (Oct 31, 2006)

Ok, it stopped "hanging" after I closed the txt window.


----------



## Android (Oct 31, 2006)

Also, not sure if it's indicative of anything, yesterday when it was running like a slug I did a Task Manager and attached is a capture of the Processes tab. There seems to be a lot of duplicate processes that was running, but what do I know...

At this time, I was running 1 window and 1 tab of Internet Explorer and 1 Window and 2 tabs of Firefox. Nothing else.


----------



## Cookiegal (Aug 27, 2003)

There is only one instance of duplicate processes that is not normal and that is avgsrmax.exe. However, this is a known bug in AVG and the developers are working on it.

I'm attaching a CouponBar.zip file to this post. It contains a CouponBar.reg file that will delete those registry entries that were found. Save it to your desktop then unzip it (extract the file) and double-click the CouponBar.reg file and allow it to merge into the registry. Once that's done reboot the machine and post a new HijackThis uninstall list please.


----------



## Cookiegal (Aug 27, 2003)

Yes, please uninstall Registry Reviver.


----------



## Android (Oct 31, 2006)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:00:07 PM, on 6/14/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\inetsrv\inetinfo.exe
C:\Windows\System32\NMSSvc.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
E:\My Documents E\FirefoxPortable\App\firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\Security & Maintenance\Diagnostic Programs & Websites\HijackThis.exe
E:\My Documents E\FirefoxPortable\App\firefox\plugin-container.exe
E:\My Documents E\FirefoxPortable\App\firefox\plugin-container.exe
E:\My Documents E\FirefoxPortable\App\firefox\plugin-container.exe
E:\My Documents E\FirefoxPortable\App\firefox\plugin-container.exe
E:\My Documents E\FirefoxPortable\App\firefox\plugin-container.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~2\Toolbar\grabber.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: BitTorrent Downloads.lnk = ?
O4 - Startup: JackVanImpe.lnk = ?
O4 - Startup: Prayer.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.keepvid.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160622631387
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://freetrial.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Windows\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\System32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - - (no file)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 10380 bytes


----------



## Android (Oct 31, 2006)

This is the HJT uninstall list, looks like CouponBar is still there...
=======

7-Zip 4.65
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Apple Application Support
Apple Software Update
AVG 2011
AVG 2011
AVG 2011
BitTorrent
Bonjour
Castle Constructor 1.0
Catholic Prayer Book
Compaq EAB Software
Conquest 4.0
CouponBar
Critical Update for Windows Media Player 11 (KB959772)
Digital Video Repair version 2.2.0.1
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
Download Accelerator Plus (DAP)
EMCO Malware Destroyer 6
ESET Online Scanner v3
Express Rip
Google Chrome
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ieSpell
InCD
Intel(R) Network Connections Drivers
Intel(R) PROSet II
InterActual Player
IrfanView (remove only)
iSilo
Java(TM) 6 Update 25
KeepV Flash Converter
KRISTAL Audio Engine
L&H TTS3000 British English
LaCie USB2 Storage Driver
Malwarebytes' Anti-Malware version 1.51.0.1200
[email protected]
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Suite
NVIDIA Windows 2000/XP Display Drivers
OpenOffice.org 3.2
PaltalkScene
Panda ActiveScan
PCFriendly
PDFCreator
PDFCreator Toolbar
PhoneTools
PlayLinc
PowerDVD
QuickTime
Security Advisor
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SoundTap
SpeedBit Video Accelerator
SpeedBit Video Downloader
SpywareBlaster 4.4
Stations of the Cross 1.0
Stations of the Cross, v6.0
Switch
The Last Portion of Stations of the Cross 1.0
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Verizon Broadband Toolbar
Verizon PC Security Checkup
Verizon Servicepoint 1.5.20
VideoLAN VLC media player 0.8.6h
WavePad Sound Editor
WD Diagnostics
Windows Defender Signatures
Windows Internet Explorer 8
Windows Media Player 11
Windows XP Service Pack 3


----------



## Android (Oct 31, 2006)

BTW, I'm pretty sure I deleted Windows Defender after Flavalee made that recommendation, but I see its Signatures are still here.


----------



## Android (Oct 31, 2006)

Attached is an error I frequently receive while browsing, "Warning Unresponsive script". Not sure what it means, but I usually just choose the "Stop Script" button or the upper right close button. But something I just noticed, the script begins with "chrome://" but I was using Firefox which seems to be the best one responsive on my computer. I haven't used Google Chrome in about a couple of weeks now. Not sure if this has to do with the "CouponBar" which still seems to have remnants on my system.

BTW, when you asked me to list my errors last week, within 24 hours prior there was a power outage, an anomaly, which may have caused some anomalous errors. If you'd like me to do that post again, since there weren't any recent outages, maybe this would be more informative about the real problem.


----------



## Cookiegal (Aug 27, 2003)

Yes, please check the Event Viewer again and post new errors that have occurred in the last 48 hours under both Application and System.


----------



## Cookiegal (Aug 27, 2003)

Also, please use the registry search tool again from post 61 and use this as the search criteria:

CouponBar


----------



## Android (Oct 31, 2006)

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 6/15/2011 6:28:11 PM for strings:
; 'couponbar'
; Strings excluded from search:
; (None)
; Search in: 
; Registry Keys Registry Values Registry Data 
; HKEY_LOCAL_MACHINE HKEY_USERS

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}]
@="CouponBar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TTB000001.IEToolbar]
@="CouponBar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TTB000001.IEToolbar.1]
@="CouponBar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TTB000001.TTB000001]
@="CouponBar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TTB000001.TTB000001.1]
@="CouponBar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTB000001.TTB000001Toolbar]
"DisplayName"="CouponBar"

[HKEY_USERS\S-1-5-21-2167395947-1465058494-1690550294-500\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="couponbar"

[HKEY_USERS\S-1-5-21-2167395947-1465058494-1690550294-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"e"="C:\\Documents and Settings\\Administrator\\Desktop\\CouponBar.zip"

[HKEY_USERS\S-1-5-21-2167395947-1465058494-1690550294-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip]
"g"="C:\\Documents and Settings\\Administrator\\Desktop\\CouponBar.zip"

[HKEY_USERS\S-1-5-21-2167395947-1465058494-1690550294-500\Software\TTB000001\Cache]
"http://couponbar.coupons.com/CBXml.asp?tc=%transcode"=dword:4c91f930

[HKEY_USERS\S-1-5-21-2167395947-1465058494-1690550294-500\Software\TTB000001\Toolbar]
"corruptedMsg"="One of the CouponBar files is corrupted or invalid. Press OK to uninstall."
"uninstallMsg"="This will remove the CouponBar from your computer! Are you sure?"
"updateMsg"="This will try to update the CouponBar from the server. Continue?"
"autoUpdateMsg"="New version of the CouponBar is available. Would you like to download and install new version?"
"lastVersionMsg"="You have the latest version of the CouponBar."
"closeAllWindowsForUpdate"="All running IE Windows will be closed before updating the CouponBar. Continue?"
"updateUrl"="http://a19.g.akamai.net/7/19/7125/1442/ftp.coupons.com/CouponsBarXML/CouponBarIE.cab"
"urlAfterUninstall"="http://couponbar.coupons.com/"
"firstURL"="http://couponbar.coupons.com/CBInstalled.asp"
"urlAfterUpdate"="http://couponbar.coupons.com/CBInstalled.asp"

; End Of The Log...


----------



## Android (Oct 31, 2006)

Alot fewer errors than before, only two in "Application" but more in "System". I noticed that in System, all errors were in repeated groups of four, only.

Event Viewer, Application
===========

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 6/15/2011
Time: 3:29:17 PM
User: N/A
Computer:	CPQ11071319824
Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x04e49292.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 35 35 31 32 20 00.5512 
0030: 69 6e 20 75 6e 6b 6e 6f in unkno
0038: 77 6e 20 30 2e 30 2e 30 wn 0.0.0
0040: 2e 30 20 61 74 20 6f 66 .0 at of
0048: 66 73 65 74 20 30 34 65 fset 04e
0050: 34 39 32 39 32 0d 0a 49292..

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 6/14/2011
Time: 3:57:18 PM
User: N/A
Computer:	CPQ11071319824
Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module divxdech264.ax, version 9.0.1.21, fault address 0x000e9294.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 35 35 31 32 20 00.5512 
0030: 69 6e 20 64 69 76 78 64 in divxd
0038: 65 63 68 32 36 34 2e 61 ech264.a
0040: 78 20 39 2e 30 2e 31 2e x 9.0.1.
0048: 32 31 20 61 74 20 6f 66 21 at of
0050: 66 73 65 74 20 30 30 30 fset 000
0058: 65 39 32 39 34 0d 0a e9294..

Event Viewer, System
===========

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 6/15/2011
Time: 6:54:18 PM
User: N/A
Computer:	CPQ11071319824
Description:
The Ati HotKey Poller service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 6/15/2011
Time: 6:54:18 PM
User: N/A
Computer:	CPQ11071319824
Description:
Timeout (30000 milliseconds) waiting for the Ati HotKey Poller service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	4
Date: 6/15/2011
Time: 6:47:50 PM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	5
Date: 6/15/2011
Time: 6:47:50 PM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

====

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 6/15/2011
Time: 10:05:13 AM
User: N/A
Computer:	CPQ11071319824
Description:
The Ati HotKey Poller service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 6/15/2011
Time: 10:05:13 AM
User: N/A
Computer:	CPQ11071319824
Description:
Timeout (30000 milliseconds) waiting for the Ati HotKey Poller service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	4
Date: 6/15/2011
Time: 9:58:45 AM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	5
Date: 6/15/2011
Time: 9:58:45 AM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

====

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 6/15/2011
Time: 6:54:08 AM
User: N/A
Computer:	CPQ11071319824
Description:
The Ati HotKey Poller service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 6/15/2011
Time: 6:54:08 AM
User: N/A
Computer:	CPQ11071319824
Description:
Timeout (30000 milliseconds) waiting for the Ati HotKey Poller service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	4
Date: 6/15/2011
Time: 6:47:23 AM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	5
Date: 6/15/2011
Time: 6:47:23 AM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

====

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 6/14/2011
Time: 5:39:15 PM
User: N/A
Computer:	CPQ11071319824
Description:
The Ati HotKey Poller service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 6/14/2011
Time: 5:39:15 PM
User: N/A
Computer:	CPQ11071319824
Description:
Timeout (30000 milliseconds) waiting for the Ati HotKey Poller service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	4
Date: 6/14/2011
Time: 5:32:52 PM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	5
Date: 6/14/2011
Time: 5:32:52 PM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........


----------



## Android (Oct 31, 2006)

BTW, I'd like to install a new USB 2.0 5-port PCI 2.1 Card, as my computer only has 2 USB ports, and they're USB 1.0 I think. I'd like to speed up my external HDDs with the 2.0 USB. Do you think I can pop the case and install this soon? I'd also clean up / vacuum the innards, as it's been probably 3-5 years since I've done this. Also, my aftermarket internal DVD drive stopped working about a year ago. Not sure if this is linked to the current problem we're trying to figure out, but I'll look in there to see if there's anything funny. Think I could do this now?

Also with the following installed programs, I don't know what they are...

Bonjour
CAPICOM
DNA
iSilo
L&H TTS3000
[email protected]
Microsoft Silverlight
PCFriendly


----------



## Cookiegal (Aug 27, 2003)

I'm attaching another zipped file called CouponBar2 to take care of the rest of those registry entries. Please save it to your desktop and unzip it then double-click the CouponBar2.reg file and allow it to merge into the registry. Then reboot and post a new uninstall list from HijackThis.

It's possible the DVD problem is creating those errors. I suggest you start a new thread for assistance with those.


----------



## Android (Oct 31, 2006)

Which of the errors do you think might be caused by the DVD, the 2 Application errors or the more frequent groups of 4 System errors? Would the errors go back to about a year or more, when my DVD was failing? If I go back 2 years, it wouldn't show the errors if it was the DVD causing them, since the DVD was working. If this gets rid of CouponBar, is there anything else that can be done?


----------



## Android (Oct 31, 2006)

HJT uninstall_list.txt - CouponBar still there.
========

7-Zip 4.65
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Apple Application Support
Apple Software Update
AVG 2011
AVG 2011
AVG 2011
BitTorrent
Bonjour
Castle Constructor 1.0
Catholic Prayer Book
Compaq EAB Software
Conquest 4.0
CouponBar
Critical Update for Windows Media Player 11 (KB959772)
Digital Video Repair version 2.2.0.1
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
Download Accelerator Plus (DAP)
EMCO Malware Destroyer 6
ESET Online Scanner v3
Express Rip
Google Chrome
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ieSpell
InCD
Intel(R) Network Connections Drivers
Intel(R) PROSet II
InterActual Player
IrfanView (remove only)
iSilo
Java(TM) 6 Update 25
KeepV Flash Converter
KRISTAL Audio Engine
L&H TTS3000 British English
LaCie USB2 Storage Driver
Malwarebytes' Anti-Malware version 1.51.0.1200
[email protected]
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Suite
NVIDIA Windows 2000/XP Display Drivers
OpenOffice.org 3.2
PaltalkScene
Panda ActiveScan
PCFriendly
PDFCreator
PDFCreator Toolbar
PhoneTools
PlayLinc
PowerDVD
QuickTime
Security Advisor
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SoundTap
SpeedBit Video Accelerator
SpeedBit Video Downloader
SpywareBlaster 4.4
Stations of the Cross 1.0
Stations of the Cross, v6.0
Switch
The Last Portion of Stations of the Cross 1.0
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Verizon Broadband Toolbar
Verizon PC Security Checkup
Verizon Servicepoint 1.5.20
VideoLAN VLC media player 0.8.6h
WavePad Sound Editor
WD Diagnostics
Windows Defender Signatures
Windows Internet Explorer 8
Windows Media Player 11
Windows XP Service Pack 3


----------



## Android (Oct 31, 2006)

On the HJT page, can't I just highlight CouponBar and click the "Delete this Entry" button?
BTW, per your suggestion in your post #78, I opened another request on the CD/DVD problem and the new card install here...
http://forums.techguy.org/hardware/1002685-cd-dvd-problems-usb-card.html


----------



## Cookiegal (Aug 27, 2003)

There were several registry entries that HijackThis wouldn't remove.

Had you run the regfix file before posting the new uninstall list?


----------



## Android (Oct 31, 2006)

No, I didn't run regfix. How do I do this? Sounds familiar, but please remind me. Thanks.

I did a search here for regfix and didn't find any clear guidance. Seemed to point to a regedit program. This made no sense and I don't want to mess things up more than they are...
http://forums.techguy.org/virus-other-malware-removal/556894-i-have-nasty-virus-need-2.html

Also Google really couldn't find much on regfix besides some after-market products. Please advise.

BTW, I was able to successfully install the new USB card and am happy with the big increase in USB speed now from 1.0 to 2.0. The CD/DVD problem, they have power (doors can open/close) but still not fully recognized/installed by Windows. Again, this is within the new request link above.


----------



## Cookiegal (Aug 27, 2003)

I'm referring to my post no. 78. Did you download that file to your desktop and run it to merge into the registry?


----------



## Android (Oct 31, 2006)

Yes, back on 6/16-17, I did this.


----------



## Cookiegal (Aug 27, 2003)

Please do this again so I can see if those entires were indeed removed or if they still exist:

Double-click on the Registry Search file that I had you download previously to run it. If your antivirus interferes you may have to disable script blocking in the antivirus. Copy and Paste the following in the search box:

CouponBar

Copy and paste the results here please.


----------



## Android (Oct 31, 2006)

Ok. Looks like the search results changed a bit, it's alot shorter. BTW, with my post about the DVD & CD drives in your Hardware section, what is the procedure in waiting for a response there? It's been a couple of days without a response thus far. Thanks.

==========
Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 6/19/2011 9:42:26 PM for strings:
; 'couponbar'
; Strings excluded from search:
; (None)
; Search in: 
; Registry Keys Registry Values Registry Data 
; HKEY_LOCAL_MACHINE HKEY_USERS

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TTB000001.IEToolbar.1]
@="CouponBar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTB000001.TTB000001Toolbar]
"DisplayName"="CouponBar"

[HKEY_USERS\S-1-5-21-2167395947-1465058494-1690550294-500\Software\Microsoft\Search Assistant\ACMru\5603]
"001"="couponbar"

[HKEY_USERS\S-1-5-21-2167395947-1465058494-1690550294-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip]
"g"="C:\\Documents and Settings\\Administrator\\Desktop\\CouponBar.zip"
"h"="G:\\BitTorrent Downloads\\couponbar2.zip"

; End Of The Log...


----------



## Cookiegal (Aug 27, 2003)

I'm attaching CouponBar3.zip file. Please do the same as you did with the others then reboot and post a new HijackThis uninstall list.


----------



## Cookiegal (Aug 27, 2003)

As for your other thread, there is no set rule for getting a response. 

Have you tried updating the drivers for the CD-Rom?


----------



## Android (Oct 31, 2006)

New HJT Uninstall list...

7-Zip 4.65
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Apple Application Support
Apple Software Update
AVG 2011
AVG 2011
AVG 2011
BitTorrent
Bonjour
Castle Constructor 1.0
Catholic Prayer Book
Compaq EAB Software
Conquest 4.0
Critical Update for Windows Media Player 11 (KB959772)
Digital Video Repair version 2.2.0.1
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
Download Accelerator Plus (DAP)
EMCO Malware Destroyer 6
ESET Online Scanner v3
Express Rip
Google Chrome
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ieSpell
InCD
Intel(R) Network Connections Drivers
Intel(R) PROSet II
InterActual Player
IrfanView (remove only)
iSilo
Java(TM) 6 Update 25
KeepV Flash Converter
KRISTAL Audio Engine
L&H TTS3000 British English
LaCie USB2 Storage Driver
Malwarebytes' Anti-Malware version 1.51.0.1200
[email protected]
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Suite
NVIDIA Windows 2000/XP Display Drivers
OpenOffice.org 3.2
PaltalkScene
Panda ActiveScan
PCFriendly
PDFCreator
PDFCreator Toolbar
PhoneTools
PlayLinc
PowerDVD
QuickTime
Security Advisor
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SoundTap
SpeedBit Video Accelerator
SpeedBit Video Downloader
SpywareBlaster 4.4
Stations of the Cross 1.0
Stations of the Cross, v6.0
Switch
The Last Portion of Stations of the Cross 1.0
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Verizon Broadband Toolbar
Verizon PC Security Checkup
Verizon Servicepoint 1.5.20
VideoLAN VLC media player 0.8.6h
WavePad Sound Editor
WD Diagnostics
Windows Defender Signatures
Windows Internet Explorer 8
Windows Media Player 11
Windows XP Service Pack 3


----------



## Android (Oct 31, 2006)

New RegSearch Scan...

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 6/20/2011 11:02:56 PM for strings:
; 'couponbar'
; Strings excluded from search:
; (None)
; Search in: 
; Registry Keys Registry Values Registry Data 
; HKEY_LOCAL_MACHINE HKEY_USERS

[HKEY_USERS\S-1-5-21-2167395947-1465058494-1690550294-500\Software\Microsoft\Search Assistant\ACMru\5603]
"001"="couponbar"

[HKEY_USERS\S-1-5-21-2167395947-1465058494-1690550294-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"h"="C:\\Documents and Settings\\Administrator\\Desktop\\CouponBar3.zip"

[HKEY_USERS\S-1-5-21-2167395947-1465058494-1690550294-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip]
"g"="C:\\Documents and Settings\\Administrator\\Desktop\\CouponBar.zip"
"h"="G:\\BitTorrent Downloads\\couponbar2.zip"
"i"="C:\\Documents and Settings\\Administrator\\Desktop\\CouponBar3.zip"

; End Of The Log...


----------



## Android (Oct 31, 2006)

How do I find any new drivers for the CD ROM? Everything came with the computer, besides the DVD which I installed. The computer didn't come with any disks.


----------



## Cookiegal (Aug 27, 2003)

I purposely didn't remove those entries because they are benign. MRUs are created whenever you do a search in the registry. And the others are the files I had you download with CouponBar in the name.

Are there any other problems for this thread?


----------



## Android (Oct 31, 2006)

Not sure. Still kinda sluggish. I guess there's no malware, but all of its resources seem to be maxed out. Any other suggestions?


----------



## Cookiegal (Aug 27, 2003)

How much RAM does it have?

What is the size of the paging file? To find that information, do this:

Click Start, and then click Control Panel. 
If in Category view, click on Click Performance and Maintenance and then click System (if in Classic view just click System). 
On the Advanced tab, under Performance, click Settings. 
On the Advanced tab, under Virtual memory, click Change. 
Don't change anything but let me know what it says the size of the initial file is as well as the maximum.


----------



## Android (Oct 31, 2006)

According to my post #2...

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel Pentium III processor, x86 Family 6 Model 8 Stepping 6
Processor Count: 1
RAM: 511 Mb
Graphics Card: NVIDIA RIVA TNT2/TNT2 Pro , 16 Mb
Hard Drives: C: Total - 19084 MB, Free - 3753 MB; D: Total - 1907726 MB, Free - 1625727 MB; E: Total - 95605 MB, Free - 29701 MB; G: Total - 476937 MB, Free - 184148 MB;
Motherboard: Compaq, 0684h, , X123DYSZA008
Antivirus: AVG Anti-Virus Free Edition 2011, Updated: Yes, On-Demand Scanner: Enabled

Two of the three RAM slots are filled. According to Flavallee's post #60, this slim desktop the maximum RAM is 512 MB.

Page file info (attached) initial 767 MB, please see attachment.


----------



## Cookiegal (Aug 27, 2003)

Isn't C the primary drive? What does it show for C?


----------



## Android (Oct 31, 2006)

Well the original 8+ year-old C drive (20 GB) is the OpSys drive. I installed another larger (100 MB) & newer (likely faster) internal HDD in drive E. Running into C drive capacity problems, I transferred the PageFile to E. Thus C has no PageFile as shown attached. The C is Western Digital WDC WD200BB-60AUA1, E is Maxtor 6L100P0, then I have two external USB HDDs. The Device Manager attachment shows these.


----------



## Android (Oct 31, 2006)

With my other TechGuy post fixing my DVD & CD drives/drivers, I was wondering if another Event Viewer system & application error check, like we've done before, might now zero in and identify the problem. This was last done in Post #76.
http://forums.techguy.org/7971008-post76.html


----------



## Cookiegal (Aug 27, 2003)

Sure, go ahead and post any errors that have occurred under both Application and System since the CD drive was fixed.


----------



## Android (Oct 31, 2006)

Event Viewer - Application

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1001
Date: 6/28/2011
Time: 8:49:23 AM
User: N/A
Computer:	CPQ11071319824
Description:
Fault bucket 1831445148.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket: 
0008: 31 38 33 31 34 34 35 31 18314451
0010: 34 38 0d 0a 48..

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 6/27/2011
Time: 4:59:38 PM
User: N/A
Computer:	CPQ11071319824
Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x07419290.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 35 35 31 32 20 00.5512 
0030: 69 6e 20 75 6e 6b 6e 6f in unkno
0038: 77 6e 20 30 2e 30 2e 30 wn 0.0.0
0040: 2e 30 20 61 74 20 6f 66 .0 at of
0048: 66 73 65 74 20 30 37 34 fset 074
0050: 31 39 32 39 30 0d 0a 19290..

Event Type:	Error
Event Source:	Application Error
Event Category:	(100)
Event ID:	1000
Date: 6/26/2011
Time: 10:00:53 PM
User: N/A
Computer:	CPQ11071319824
Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 64 72 77 ure drw
0018: 74 73 6e 33 32 2e 65 78 tsn32.ex
0020: 65 20 35 2e 31 2e 32 36 e 5.1.26
0028: 30 30 2e 30 20 69 6e 20 00.0 in 
0030: 64 62 67 68 65 6c 70 2e dbghelp.
0038: 64 6c 6c 20 35 2e 31 2e dll 5.1.
0040: 32 36 30 30 2e 35 35 31 2600.551
0048: 32 20 61 74 20 6f 66 66 2 at off
0050: 73 65 74 20 30 30 30 31 set 0001
0058: 32 39 35 64 295d

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 6/26/2011
Time: 4:51:19 PM
User: N/A
Computer:	CPQ11071319824
Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x04cb9290.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 35 35 31 32 20 00.5512 
0030: 69 6e 20 75 6e 6b 6e 6f in unkno
0038: 77 6e 20 30 2e 30 2e 30 wn 0.0.0
0040: 2e 30 20 61 74 20 6f 66 .0 at of
0048: 66 73 65 74 20 30 34 63 fset 04c
0050: 62 39 32 39 30 0d 0a b9290..


----------



## Android (Oct 31, 2006)

Event Viewer - System

Event Type:	Warning
Event Source:	Tcpip
Event Category:	None
Event ID:	4226
Date: 6/28/2011
Time: 8:59:46 AM
User: N/A
Computer:	CPQ11071319824
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ......
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00  ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 6/28/2011
Time: 8:57:13 AM
User: N/A
Computer:	CPQ11071319824
Description:
The Ati HotKey Poller service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 6/28/2011
Time: 8:57:13 AM
User: N/A
Computer:	CPQ11071319824
Description:
Timeout (30000 milliseconds) waiting for the Ati HotKey Poller service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	4
Date: 6/28/2011
Time: 8:51:36 AM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	5
Date: 6/28/2011
Time: 8:51:36 AM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 6/28/2011
Time: 6:15:49 AM
User: N/A
Computer:	CPQ11071319824
Description:
An error was detected on device \Device\Harddisk3\D during a paging operation.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 0e ea bf 00 00 00 00 ..ê¿....
0028: ed 1f a4 00 00 00 00 00 í.¤.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 80 01 20 40 . ... @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 60 1a 82 b8 62 8c 82 .`.¸b
0058: 00 00 00 00 08 20 96 82 ..... 
0060: 00 00 00 00 07 f5 5f 00 .....õ_.
0068: 2a 00 00 5f f5 07 00 00 *.._õ...
0070: 10 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 6/27/2011
Time: 12:41:22 AM
User: N/A
Computer:	CPQ11071319824
Description:
An error was detected on device \Device\Harddisk3\D during a paging operation.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 be c7 36 50 00 00 00 .¾Ç6P...
0028: bb e3 01 00 00 00 00 00 »ã......
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 b8 62 8c 82 ....¸b
0058: 00 00 00 00 08 20 96 82 ..... 
0060: 00 00 00 00 df 63 1b 28 ....ßc.(
0068: 28 00 28 1b 63 df 00 00 (.(.cß..
0070: 01 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 6/27/2011
Time: 12:24:59 AM
User: N/A
Computer:	CPQ11071319824
Description:
The Ati HotKey Poller service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 6/27/2011
Time: 12:24:59 AM
User: N/A
Computer:	CPQ11071319824
Description:
Timeout (30000 milliseconds) waiting for the Ati HotKey Poller service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	4
Date: 6/27/2011
Time: 12:20:42 AM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	ACPI
Event Category:	None
Event ID:	5
Date: 6/27/2011
Time: 12:20:42 AM
User: N/A
Computer:	CPQ11071319824
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 6/26/2011
Time: 11:59:46 PM
User: N/A
Computer:	CPQ11071319824
Description:
An error was detected on device \Device\Harddisk3\D during a paging operation.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 8e 00 c0 00 00 00 00 ..À....
0028: a4 31 9a 00 00 00 00 00 ¤1.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 78 39 3e 82 ....x9>
0058: 00 00 00 00 08 c0 1e 82 .....À.
0060: 00 00 00 00 47 00 60 00 ....G.`.
0068: 28 00 00 60 00 47 00 00 (..`.G..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........


----------



## Android (Oct 31, 2006)

- From previous post, it there a problem with the RAM or PageFile setting?
- A strange imbedded popup came up from "ScoreCard Research" as I was doing some work here on TechGuy. Attached is a screen capture of this popup, please check it out.
- Not sure what the errors on TCP/IP, Ati HotKey Poller, ACPI BIOS, Harddisk3, explorer.exe, drwtsn32.exe, & dbghelp.dll mean.
- Internet Explorer still runs intolerably slow, with just one or two tabs open.
- Any problems with having "Windows Defender Signatures" within my HJT Uninstall list, although I uninstalled Windows Defender?


----------



## Cookiegal (Aug 27, 2003)

The ScorecardResearch pop up is legitimate.

Some of those errors seem to indicate a possible hardware problem so I would ask that you start a new thread about them in the Hardware forum.


----------



## Android (Oct 31, 2006)

What about the RAM or pagefile? Anything I can do for this? BTW, thanks. I made a donation to TechGuy.


----------



## Cookiegal (Aug 27, 2003)

You should ask those questions in Hardware as well.


----------



## Android (Oct 31, 2006)

Ok, I did here...
http://forums.techguy.org/hardware/1005188-event-viewer-system-application-errors.html

Anything else?


----------



## Cookiegal (Aug 27, 2003)

Not that I can think of.


----------



## Android (Oct 31, 2006)

Something I noticed in Windows Task Manager / Processes when things get slow, my Firefox.exe image balloons from about 140,000 K to over 340,000 K. Thanks.


----------



## Cookiegal (Aug 27, 2003)

What would you be doing when that happens? Do you have several windows open? Are you streaming videos?


----------



## Android (Oct 31, 2006)

I'd just be working, then it seems to shoot up (Ram usage in Task Manager / Processes). I might have about 10 or so tabs open within Firefox, but it would be the only thing I'd use. Right now, it seems to be acting ok. I'll so a screen capture of how it looks now, then when it acts up, I'll include another screen capture...


----------



## Android (Oct 31, 2006)

Well as you can see, Firefox is over 300 K and not acting that badly. Maybe it'll go anytime, not sure. I do remember doing this before when first opening Firefox with all the saved Tabs reopening, and the memory usage would be less than 100 K. What I do know is everytime FF acts up, it's around the 340 or more level.


----------



## Android (Oct 31, 2006)

After rebooting, it seemed a bit sluggish. Here is another of Task Manager / Processes...

The memory usage still seemed a bit high. Should be less than 200K for Firefox.


----------



## Cookiegal (Aug 27, 2003)

Try running Firefox in safe mode (not Windows safe mode) and see if the memoray usage drops. To do that, go to Start - All Programs - Mozilla Firefox and on the right-click menu select "Mozilla Firefox (Safe Mode). If it's better then one of the add-ons or themes could be responsible.


----------



## Android (Oct 31, 2006)

It's definitely not just Firefox, as I mentioned earlier IE is unbearably slow, with just one window & 1 or 2 tabs. One thing I noticed the last time I used FF is that after closing the FF program the last time it bogged down, FF still lingered on within the Task Manager / Processes tab for about 2 minutes, with its memory "counting down". There was no FF window open and nothing shown on the Task Manager / Applications tab, but there it was in the Processes tab. I noticed this previously, but this was the first time I timed it. If I try to Shut Down during this 2 minute period, Windows would say "Firefox application still running" and ask me to wait for it to stop running. If it Shuts Down before this time, the next time I run FF, I usually have to get my previously opened tabs back by clicking the "Restore" button.


----------



## Cookiegal (Aug 27, 2003)

Please post a new HijackThis log.


----------



## Android (Oct 31, 2006)

Ok, will do. In the meantime, last night computer went a bit loco with the Volume Control knob. It opened over 100 of these, which I started to close in Task Manager. I attached a couple of screen captures to show this weird event.
By the way, in my other TSG post on hardware you suggested, T6 was able to help me update my BIOS & now we're working on the drivers through DriverSweeper.
BTW2, lightening struck close by earlier this week and took out my electricity and later I found out took out my computer's power supply. I had another computer, same model etc, that I use for parts and was able to swap out that power supply and get mine up & running again within minutes.


----------



## Android (Oct 31, 2006)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:30:55 AM, on 7/23/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\inetsrv\inetinfo.exe
C:\Windows\System32\NMSSvc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Windows\system32\fxssvc.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\System32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\Security & Maintenance\Diagnostic Programs & Websites\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~2\Toolbar\grabber.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: BitTorrent Downloads.lnk = ?
O4 - Startup: JackVanImpe.lnk = ?
O4 - Startup: Prayer.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.keepvid.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160622631387
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://freetrial.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Windows\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\System32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - - (no file)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 10140 bytes


----------



## Cookiegal (Aug 27, 2003)

That is very odd. Please post a new log from DDS.


----------



## Android (Oct 31, 2006)

What's very odd?

====

.
DDS (Ver_2011-06-23.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by Administrator at 15:04:53 on 2011-07-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.41 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\svchost -k DcomLaunch
svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\System32\inetsrv\inetinfo.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
E:\My Documents E\FirefoxPortable\App\firefox\firefox.exe
E:\My Documents E\FirefoxPortable\App\firefox\plugin-container.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Windows\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mail.yahoo.com/
uSearch Bar = hxxp://home.peoplepc.com/search
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 : {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: SBCONVERT Class: {a1056498-d09a-41e4-864b-505edd640d9e} - c:\program files\speedbit video downloader\toolbar\SpeedBitVideoDownloader.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~2\toolbar\grabber.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\SpeedBitVideoDownloader.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe"
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\bittor~1.lnk - g:\BitTorrent Downloads
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\jackva~1.lnk - g:\videos, education, documentaries\questionable media\JackVanImpe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\prayer.lnk - g:\Prayer
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: keepvid.com
Trusted Zone: microsoft.com\www
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160622631387
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T26L/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{354CBC03-7BB3-408B-BFB0-73CF9C8D4AD7} : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\xwxm9cmg.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.f344.mail.yahoo.com/ym/ShowFolder?rb=Inbox
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: e:\my documents e\firefoxportable\app\firefox\plugins\npbittorrent.dll
FF - plugin: e:\my documents e\firefoxportable\app\firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R1 ClntMgmt;Compaq Client Management Driver;c:\windows\system32\drivers\Clntmgmt.sys [2006-12-20 53324]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm -->

c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S1 cpqp6cpu;Compaq CPU driver;c:\windows\system32\drivers\cpqp6cpu.sys --> c:\windows\system32\drivers\cpqp6cpu.sys [?]
S3 aawservice;Lavasoft Ad-Aware Service; [x]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-9 947528]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-14 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-14 135664]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-07-11 06:22:27	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02:05	1858944	----a-w-	c:\windows\system32\win32k.sys
2011-05-29 13:11:30	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-19 16:00:53	709456	----a-w-	c:\windows\is-EQULS.exe
2011-05-17 18:51:06	16704	----a-w-	c:\windows\system32\roboot.exe
2011-05-02 15:31:52	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27	151552	----a-w-	c:\windows\system32\schannel.dll
2011-04-29 16:19:43	456320	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2007-09-17 02:26:04	2293712	----a-w-	c:\program files\FLV PlayerFCSetup.exe
.
============= FINISH: 15:09:21.97 ===============


----------



## Cookiegal (Aug 27, 2003)

Android said:


> What's very odd?


All those instances of sndvol32.exe opening up. Is it possible you were clicking on a volume icon and the mouse click got stuck or something like that?

Please go to *VirusTotal* and upload the following file for scanning.

Click *Browse*
Copy and paste the contents of the following code box into the text box next to *File name:* then click *Open* 

```
c:\windows\system32\sndvol32.exe
```

Click *Send File*
If confronted with two options, choose *Reanalyse file now*
Wait for the scan to finish and then copy and paste the URL from your browser address bar in your next reply please.

Also, it appears you had Ad-Aware at one time and uninstalled it but here is still a service that belongs to that program so we'll delete it.

Go to *Start *- *Run * type in *cmd *then click OK. The MSDOS window will be displayed. At the prompt type the following:

*SC Delete aawservice*

Then press Enter.

Type:

*Exit*

Then press Enter.

Finally, please do this again so we can see what errors are still repeating:

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## Android (Oct 31, 2006)

On the mouse, possibly. I did replace it a couple of days ago as it was acting funny. Here's the URL from VirusTotal...
http://www.virustotal.com/file-scan...37efb914c29a4413fb3cb6a7c60759b4f6-1311693944

For kicks, I'm doing a VirusTotal scan of atievxx.exe which seems funny on my hardware post...
http://www.virustotal.com/file-scan...c202a751d258052cf359ba45fadabdbb88-1311694734

I guess no problems here? Yes I did once have AdAware, and I followed your instruction above (been years since I used MSDOS LOL). EventViewer post coming up...


----------



## Android (Oct 31, 2006)

For Event Viewer, the last Application Error was on 7/19, seven days ago. There was a Warning right before the Error, and there were no Warnings since.

For System Errors, the last was one on 7/24 (two days ago), and three on 7/23. But there were plenty of Warnings over the past 2 days.

ERRORS...
=========
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7034
Date: 7/24/2011
Time: 7:33:31 AM
User: N/A
Computer:	CPQ11071319824
Description:
The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 7/23/2011
Time: 10:10:46 PM
User: N/A
Computer:	CPQ11071319824
Description:
Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 7/23/2011
Time: 10:10:46 PM
User: N/A
Computer:	CPQ11071319824
Description:
The Windows Image Acquisition (WIA) service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 7/23/2011
Time: 10:10:24 PM
User: CPQ11071319824\Administrator
Computer:	CPQ11071319824
Description:
DCOM got error "The service did not respond to the start or control request in a timely fashion. " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Some of the recent WARNINGS...
========

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 7/26/2011
Time: 10:44:04 AM
User: N/A
Computer:	CPQ11071319824
Description:
An error was detected on device \Device\Harddisk2\D during a paging operation.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 8e 00 c0 00 00 00 00 ..À....
0028: 4f 9b 44 00 00 00 00 00 OD.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 a0 60 31 82 ....*`1
0058: 00 00 00 00 00 bc 3b 82 .....¼;
0060: 00 00 00 00 47 00 60 00 ....G.`.
0068: 28 00 00 60 00 47 00 00 (..`.G..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Tcpip
Event Category:	None
Event ID:	4226
Date: 7/26/2011
Time: 10:21:23 AM
User: N/A
Computer:	CPQ11071319824
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ......
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Tcpip
Event Category:	None
Event ID:	4226
Date: 7/26/2011
Time: 10:02:42 AM
User: N/A
Computer:	CPQ11071319824
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ......
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 7/26/2011
Time: 10:02:30 AM
User: N/A
Computer:	CPQ11071319824
Description:
An error was detected on device \Device\Harddisk2\D during a paging operation.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 9e fb be 00 00 00 00 .û¾....
0028: a5 ce 40 00 00 00 00 00 ¥Î@.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 80 01 20 40 . ... @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 40 18 82 a0 60 31 82 [email protected]*`1
0058: 00 00 00 00 00 bc 3b 82 .....¼;
0060: 00 00 00 00 cf 7d 5f 00 ....Ï}_.
0068: 2a 00 00 5f 7d cf 00 00 *.._}Ï..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 7/26/2011
Time: 9:31:30 AM
User: N/A
Computer:	CPQ11071319824
Description:
An error was detected on device \Device\Harddisk2\D during a paging operation.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 de 00 c0 00 00 00 00 .Þ.À....
0028: de f8 3d 00 00 00 00 00 Þø=.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 a0 60 31 82 ....*`1
0058: 00 00 00 00 00 bc 3b 82 .....¼;
0060: 00 00 00 00 6f 00 60 00 ....o.`.
0068: 28 00 00 60 00 6f 00 00 (..`.o..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 7/26/2011
Time: 8:01:33 AM
User: N/A
Computer:	CPQ11071319824
Description:
An error was detected on device \Device\Harddisk2\D during a paging operation.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 5e fa be 00 00 00 00 .^ú¾....
0028: f3 bf 35 00 00 00 00 00 ó¿5.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 80 01 20 40 . ... @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 b0 21 82 a0 60 31 82 .°!*`1
0058: 00 00 00 00 00 bc 3b 82 .....¼;
0060: 00 00 00 00 2f 7d 5f 00 ..../}_.
0068: 2a 00 00 5f 7d 2f 00 00 *.._}/..
0070: 10 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 7/26/2011
Time: 6:18:24 AM
User: N/A
Computer:	CPQ11071319824
Description:
An error was detected on device \Device\Harddisk2\D during a paging operation.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 de f8 be 00 00 00 00 .Þø¾....
0028: e5 51 2c 00 00 00 00 00 åQ,.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 80 01 20 40 . ... @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 60 1e 82 00 4a af 82 .`..J¯
0058: 00 00 00 00 18 08 14 82 .......
0060: 00 00 00 00 6f 7c 5f 00 ....o|_.
0068: 2a 00 00 5f 7c 6f 00 00 *.._|o..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 7/26/2011
Time: 5:21:09 AM
User: N/A
Computer:	CPQ11071319824
Description:
An error was detected on device \Device\Harddisk2\D during a paging operation.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 1e f8 be 00 00 00 00 ..ø¾....
0028: 08 16 27 00 00 00 00 00 ..'.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 80 01 20 40 . ... @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 d0 af 82 a0 60 31 82 .Ð¯*`1
0058: 00 00 00 00 00 bc 3b 82 .....¼;
0060: 00 00 00 00 0f 7c 5f 00 .....|_.
0068: 2a 00 00 5f 7c 0f 00 00 *.._|...
0070: 48 00 00 00 00 00 00 00 H.......
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........


----------



## Cookiegal (Aug 27, 2003)

I really don't know what else to tell you. I'll leave you with Triple6 to review those errors.


----------



## Android (Oct 31, 2006)

Yesterday night computer running very slow and had to reboot. But prior to reboot received a strange "Unresponsive Script" message with the script being "Script: chrome://...". Not sure what it meant, but I was using Firefox, not Google Chrome. Haven't used Chrome in weeks. The error/warning message is linked...
http://attachments.techguy.org/attachments/195590d1311937340/chrome-script.jpg

Thanks for your help.


----------



## Cookiegal (Aug 27, 2003)

The word chrome in that message doesn't refer to the Chrome browser. It's related to Firefox and there are some incompatibility issues with AVG extensions that could cause it. Please see here to troubleshoot:

http://support.mozilla.com/en-US/kb/Controlling AVG Firefox add-ons


----------



## Android (Oct 31, 2006)

Hmm, just following the advice at that link seems to make things much better for now. I'll report back in a few hours. Usually it doesn't take long for it to act up.


----------



## Cookiegal (Aug 27, 2003)

Sounds good.


----------



## Android (Oct 31, 2006)

From the other post, I uninstalled all toolbars as they all have a negative impact on performance and offer little or nothing of value. I removed all of the following...

Apple Application Support
Apple Software Update
Bonjour
TomTom HOME Visual Studia Merge Modules
Verizon Servicepoint 1.5.20
Verizon Broadband Toolbar
Verizon PC Security Checkup
AVG Antivirus

and installed & updated the definitions of MS Security Essentials and will do a weekly "Quick" scan. Was told MSE doesn't have those annoying and intrusive toolbars and search checks that AVG provides.


----------



## Android (Oct 31, 2006)

A few new EventViewer errors though...

Application Errors...

Event Type: Error
Event Source: MPSampleSubmission
Event Category: None
Event ID: 5000
Date: 7/31/2011
Time: 4:01:29 AM
User: N/A
Computer: CPQ11071319824
Description:
EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4 3, P5 3, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 70 00 74 00 65 00 m.p.t.e.
0008: 6c 00 65 00 6d 00 65 00 l.e.m.e.
0010: 74 00 72 00 79 00 2c 00 t.r.y.,.
0018: 20 00 30 00 2c 00 20 00 .0.,. .
0020: 6d 00 6f 00 61 00 63 00 m.o.a.c.
0028: 63 00 61 00 70 00 61 00 c.a.p.a.
0030: 62 00 69 00 6c 00 69 00 b.i.l.i.
0038: 74 00 79 00 2c 00 20 00 t.y.,. .
0040: 33 00 2e 00 30 00 2e 00 3...0...
0048: 38 00 34 00 30 00 32 00 8.4.0.2.
0050: 2e 00 30 00 2c 00 20 00 ..0.,. .
0058: 33 00 2c 00 20 00 33 00 3.,. .3.
0060: 2c 00 20 00 75 00 6e 00 ,. .u.n.
0068: 73 00 70 00 65 00 63 00 s.p.e.c.
0070: 69 00 66 00 69 00 65 00 i.f.i.e.
0078: 64 00 2c 00 20 00 75 00 d.,. .u.
0080: 6e 00 73 00 70 00 65 00 n.s.p.e.
0088: 63 00 69 00 66 00 69 00 c.i.f.i.
0090: 65 00 64 00 2c 00 20 00 e.d.,. .
0098: 4e 00 49 00 4c 00 2c 00 N.I.L.,.
00a0: 20 00 4e 00 49 00 4c 00 .N.I.L.
00a8: 20 00 4e 00 49 00 4c 00 .N.I.L.
00b0: 0d 00 0a 00 ....

Event Type: Error
Event Source: MPSampleSubmission
Event Category: None
Event ID: 5000
Date: 7/30/2011
Time: 3:29:39 PM
User: N/A
Computer: CPQ11071319824
Description:
EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 70 00 74 00 65 00 m.p.t.e.
0008: 6c 00 65 00 6d 00 65 00 l.e.m.e.
0010: 74 00 72 00 79 00 2c 00 t.r.y.,.
0018: 20 00 30 00 78 00 38 00 .0.x.8.
0020: 30 00 30 00 37 00 30 00 0.0.7.0.
0028: 30 00 30 00 33 00 2c 00 0.0.3.,.
0030: 20 00 6d 00 6f 00 61 00 .m.o.a.
0038: 63 00 2c 00 20 00 63 00 c.,. .c.
0040: 61 00 63 00 68 00 65 00 a.c.h.e.
0048: 72 00 65 00 73 00 65 00 r.e.s.e.
0050: 74 00 2c 00 20 00 33 00 t.,. .3.
0058: 2e 00 30 00 2e 00 38 00 ..0...8.
0060: 34 00 30 00 32 00 2e 00 4.0.2...
0068: 30 00 2c 00 20 00 75 00 0.,. .u.
0070: 6e 00 73 00 70 00 65 00 n.s.p.e.
0078: 63 00 69 00 66 00 69 00 c.i.f.i.
0080: 65 00 64 00 2c 00 20 00 e.d.,. .
0088: 75 00 6e 00 73 00 70 00 u.n.s.p.
0090: 65 00 63 00 69 00 66 00 e.c.i.f.
0098: 69 00 65 00 64 00 2c 00 i.e.d.,.
00a0: 20 00 75 00 6e 00 73 00 .u.n.s.
00a8: 70 00 65 00 63 00 69 00 p.e.c.i.
00b0: 66 00 69 00 65 00 64 00 f.i.e.d.
00b8: 2c 00 20 00 4e 00 49 00 ,. .N.I.
00c0: 4c 00 2c 00 20 00 4e 00 L.,. .N.
00c8: 49 00 4c 00 20 00 4e 00 I.L. .N.
00d0: 49 00 4c 00 0d 00 0a 00 I.L.....

System had some errors, but maybe they were for the AVG to MSSE switch. Allot of Warnings too...
==========

Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 7/31/2011
Time: 6:49:10 AM
User: N/A
Computer: CPQ11071319824
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ....‚..€
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Warning
Event Source: Disk
Event Category: None
Event ID: 51
Date: 7/31/2011
Time: 6:43:31 AM
User: N/A
Computer: CPQ11071319824
Description:
An error was detected on device \Device\Harddisk2\D during a paging operation.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..€
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 8e 00 c0 00 00 00 00 .Ž.À....
0028: 57 44 3f 00 00 00 00 00 WD?.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..„....
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 68 f8 7e 82 ....hø~‚
0058: 00 00 00 00 08 f0 7c 82 .....ð|‚
0060: 00 00 00 00 47 00 60 00 ....G.`.
0068: 28 00 00 60 00 47 00 00 (..`.G..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Microsoft Antimalware
Event Category: None
Event ID: 2001
Date: 7/30/2011
Time: 3:53:58 PM
User: N/A
Computer: CPQ11071319824
Description:
Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Update Stage: Search
Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094
Signature Type: AntiSpyware
Update Type: Full
User: CPQ11071319824\Administrator
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072f76
Error description: The requested header was not found
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7011
Date: 7/30/2011
Time: 3:08:53 PM
User: N/A
Computer: CPQ11071319824
Description:
Timeout (30000 milliseconds) waiting for a transaction response from the service.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

I see Triple6 has addressed them in your other thread. I don't think there's anything more to do here.


----------



## Android (Oct 31, 2006)

ok thanks.


----------



## Cookiegal (Aug 27, 2003)

You're welcome.


----------

