Author Topic: I bet you can't solve this one (Read 491 times)

goldschlager · « **on:** August 01, 2006, 11:45:34 PM »

Hello gurus,

I installed Windows XP Home Edition SP2 three days ago and I'm pretty satisfied with it so far. (Don't knock me for taking so long to upgrade. I wasn't having any problems with 98 so I figured, what's the point? That was until Microsoft stopped supporting 98.)

I did a clean install. I reformatted my hard drive and reinstalled Windows 98 and then installed XP.

Anyway, every time I shut down the computer a window pops up saying "End Program ei40MfDX..." There's a string of numbers and letters on the end of that but I know for sure that those are the first 8 letters and numbers.

So what is it? Adware, spyware, a virus or nothing to be concerned about?

Whatever it is, even if it's harmless, I'd like to stop getting this message every time I shut down. It's annoying.

guestolo · « **Reply #1 on:** August 01, 2006, 11:48:09 PM »

I may not be on after you do the below, but I'll look at it at first chance
Let's take a closer look please

From my signature below, download and save too a permanent folder of it's own onto your harddrive
Hijackthis 1.99.1
Open Hijackthis.exe

Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log here... Don't try and fix anything yet----It is all important

goldschlager · « **Reply #2 on:** August 01, 2006, 11:56:01 PM »

Hi quest,

Thanks for responding.

Logfile of HijackThis v1.99.1
Scan saved at 12:46:23 AM, on 8/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1154225977\ee\services\sscFirewallPlugin\ver1_205_1_1\aolavupd.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1154225977\ee\aolsoftware.exe
c:\program files\common files\aol\1154225977\ee\services\sscAntiSpywarePlugin\ver1_205_1_1\AOLSP Scheduler.exe
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\America Online 9.0\shellmon.exe
c:\program files\common files\aol\1154225977\ee\aolssc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Michael\My Documents\Programs\Hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1154225977\ee\services\sscFirewallPlugin\ver1_205_1_1\SSCRun.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC94D72B-B144-4B6C-97D6-566F80015B09}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1154225977\ee\services\sscFirewallPlugin\ver1_205_1_1\aolavupd.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

guestolo · « **Reply #3 on:** August 02, 2006, 12:16:55 AM »

I didn't think I would see to much since you just did a clean install
but just to be sure, can you post 2 other logs please

Download and save WinPFind.zip
UNZIP the contents to your desktop
Don't run it yet

RESTART your Computer into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu and hit Enter

In safe mode
Open the WinPFind folder you extracted to desktop
Double click on WinPFind.exe

Click START SCAN
Let this finish, a log will open so you will know it's done
Close out after

Reboot back to Normal mode

Back in Windows
Post the results of the WindPFind.txt located in the WinPFind folder

Can I also see an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents please

Let's just make sure it's not a legit program causing the error

goldschlager · « **Reply #4 on:** August 02, 2006, 01:27:27 AM »

Quest,

Thank you once again and thanks especially for making your instructions so clear.

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/4/2004 12:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 6/19/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
aspack 7/6/2006 6:21:48 PM 6757792 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 12:00:00 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 12:00:00 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/4/2004 12:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8/2/2006 1:56:10 AM S 2048 C:\WINDOWS\bootstat.dat
7/29/2006 7:06:24 PM H 13122 C:\WINDOWS\folder.htt
7/29/2006 7:07:00 PM RH 192544 C:\WINDOWS\HWINFO.DAT
7/29/2006 7:41:44 PM H 463336 C:\WINDOWS\ShellIconCache
7/29/2006 8:30:00 PM RH 749 C:\WINDOWS\WindowsShell.Manifest
7/29/2006 8:30:14 PM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
7/29/2006 8:31:36 PM HS 67 C:\WINDOWS\FONTS\desktop.ini
7/29/2006 7:05:44 PM H 9793 C:\WINDOWS\HELP\windows.GID
7/30/2006 1:59:42 AM H 0 C:\WINDOWS\INF\oem2.inf
7/29/2006 8:30:14 PM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
7/29/2006 8:30:58 PM RHS 727 C:\WINDOWS\pchealth\helpctr\PackageStore\package_1.cab
7/29/2006 8:30:58 PM RHS 19854 C:\WINDOWS\pchealth\helpctr\PackageStore\package_2.cab
7/29/2006 8:30:58 PM RHS 244933 C:\WINDOWS\pchealth\helpctr\PackageStore\package_3.cab
7/29/2006 8:32:58 PM H 319488 C:\WINDOWS\repair\ntuser.dat
7/29/2006 8:30:00 PM RH 749 C:\WINDOWS\SYSTEM32\cdplayer.exe.manifest
7/29/2006 7:06:24 PM H 13122 C:\WINDOWS\SYSTEM32\folder.htt
7/29/2006 8:30:12 PM RH 488 C:\WINDOWS\SYSTEM32\logonui.exe.manifest
7/29/2006 8:30:00 PM RH 749 C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
7/29/2006 8:30:00 PM RH 749 C:\WINDOWS\SYSTEM32\nwc.cpl.manifest
7/29/2006 8:30:00 PM RH 749 C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
7/29/2006 8:30:12 PM RH 488 C:\WINDOWS\SYSTEM32\WindowsLogon.manifest
7/29/2006 8:30:00 PM RH 749 C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
6/22/2006 6:18:30 AM S 13309 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
6/19/2006 4:20:58 PM S 7160 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
8/2/2006 1:56:04 AM H 8192 C:\WINDOWS\SYSTEM32\config\default.LOG
8/2/2006 1:56:34 AM H 1024 C:\WINDOWS\SYSTEM32\config\SAM.LOG
8/2/2006 1:56:12 AM H 12288 C:\WINDOWS\SYSTEM32\config\SECURITY.LOG
8/2/2006 1:56:34 AM H 73728 C:\WINDOWS\SYSTEM32\config\software.LOG
8/2/2006 1:56:16 AM H 651264 C:\WINDOWS\SYSTEM32\config\system.LOG
7/29/2006 8:18:22 PM H 1024 C:\WINDOWS\SYSTEM32\config\TempKey.LOG
7/29/2006 8:18:26 PM H 1024 C:\WINDOWS\SYSTEM32\config\userdiff.LOG
7/30/2006 5:40:06 PM H 1024 C:\WINDOWS\SYSTEM32\config\systemprofile\ntuser.dat.LOG
7/29/2006 8:19:36 PM HS 62 C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\desktop.ini
7/29/2006 8:19:38 PM HS 62 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\desktop.ini
7/29/2006 8:49:48 PM HS 113 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\desktop.ini
7/29/2006 8:49:48 PM HS 113 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
7/29/2006 8:49:48 PM HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
7/29/2006 8:49:48 PM HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
7/29/2006 8:49:48 PM HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AF0ZCJML\desktop.ini
7/29/2006 8:49:48 PM HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CXIV45MF\desktop.ini
7/29/2006 8:49:48 PM HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MREVMJ0P\desktop.ini
7/29/2006 8:49:48 PM HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SZIT29SR\desktop.ini
7/29/2006 8:30:18 PM HS 181 C:\WINDOWS\SYSTEM32\config\systemprofile\SendTo\desktop.ini
7/29/2006 8:19:36 PM HS 62 C:\WINDOWS\SYSTEM32\config\systemprofile\Start Menu\desktop.ini
7/29/2006 8:32:42 PM HS 148 C:\WINDOWS\SYSTEM32\config\systemprofile\Start Menu\Programs\desktop.ini
7/29/2006 8:32:42 PM HS 482 C:\WINDOWS\SYSTEM32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
7/29/2006 8:32:42 PM HS 348 C:\WINDOWS\SYSTEM32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
7/29/2006 8:32:42 PM HS 84 C:\WINDOWS\SYSTEM32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
7/29/2006 8:32:42 PM HS 84 C:\WINDOWS\SYSTEM32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
7/30/2006 5:51:56 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\c7aa0a17-b10c-4002-a860-732cf19c7348
7/30/2006 5:51:56 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\Preferred
7/29/2006 8:49:56 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\e5ae9887-503b-4571-bf5b-7975af17d7d6
7/29/2006 8:49:56 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
8/2/2006 1:55:14 AM H 6 C:\WINDOWS\TASKS\SA.DAT
7/29/2006 7:06:22 PM H 4204 C:\WINDOWS\WEB\CONTROLP.HTT
7/29/2006 7:06:24 PM H 14258 C:\WINDOWS\WEB\default.htt
7/29/2006 7:06:24 PM H 5521 C:\WINDOWS\WEB\dialup.htt
7/29/2006 7:06:22 PM H 11530 C:\WINDOWS\WEB\FOLDER.HTT
7/29/2006 7:06:24 PM H 10931 C:\WINDOWS\WEB\ftp.htt
7/29/2006 7:06:22 PM H 4988 C:\WINDOWS\WEB\MYCOMP.HTT
7/29/2006 7:06:24 PM H 5403 C:\WINDOWS\WEB\nethood.htt
7/29/2006 7:06:22 PM H 5044 C:\WINDOWS\WEB\PRINTERS.HTT
7/29/2006 7:06:24 PM H 8088 C:\WINDOWS\WEB\recycle.htt
7/29/2006 7:06:24 PM H 5495 C:\WINDOWS\WEB\schedule.htt
7/29/2006 7:06:24 PM H 855 C:\WINDOWS\WEB\webview.css
7/29/2006 7:06:24 PM H 44686 C:\WINDOWS\WEB\wvleft.bmp
7/29/2006 7:06:24 PM H 840 C:\WINDOWS\WEB\wvline.gif
7/29/2006 7:06:22 PM H 19600 C:\WINDOWS\WEB\WVLOGO.GIF

Checking for CPL files...
Microsoft Corporation 8/4/2004 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
RealNetworks, Inc. 7/29/2006 9:21:14 PM 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
Apple Computer, Inc. 1/6/2004 4:02:36 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/4/2004 7:00:00 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/4/2004 7:00:00 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/29/2006 8:32:42 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
7/29/2006 8:19:38 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
7/29/2006 8:32:42 PM HS 84 C:\Documents and Settings\Michael\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
7/30/2006 10:32:38 AM 873 C:\Documents and Settings\Michael\Application Data\AdobeDLM.log
7/29/2006 8:19:36 PM HS 62 C:\Documents and Settings\Michael\Application Data\desktop.ini
7/30/2006 10:32:38 AM 0 C:\Documents and Settings\Michael\Application Data\dm.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
   SV1    =
   DigExt    =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Erasext
   {8BE13461-936F-11D1-A87D-444553540000}    = C:\WINDOWS\system32\erasext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Erasext
   {8BE13461-936F-11D1-A87D-444553540000}    = C:\WINDOWS\system32\erasext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
    = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
   Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
   Real.com = C:\WINDOWS\system32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {8E718888-423F-11D2-876E-00A0C9082467}    = &Radio   : C:\WINDOWS\system32\msdxm.ocx
   {4982D40A-C53B-4615-B15B-B5B5E98D167C}    = AOL Toolbar   : C:\Program Files\AOL Toolbar\toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4982D40A-C53B-4615-B15B-B5B5E98D167C}
   ButtonText    = AOL Toolbar   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
   ButtonText    = Real.com   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
   ButtonText    = Yahoo! Messenger   : C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
   ButtonText    = Messenger   : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
   File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
   Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\SHELL32.dll
   {4982D40A-C53B-4615-B15B-B5B5E98D167C} = AOL Toolbar   : C:\Program Files\AOL Toolbar\toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   sscRun   C:\Program Files\Common Files\AOL\1154225977\ee\services\sscFirewallPlugin\ver1_205_1_1\SSCRun.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
   Eraserl.exe   "C:\WINDOWS\system32\Eraserl.exe" -rl "C:\WINDOWS\system32\1154499181.(null)"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
   path   C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
   backup   C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
   location   Common Startup
   command   C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
   item   Adobe Reader Speed Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOL Fast Start
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   AOL
   hkey   HKCU
   command   "C:\Program Files\America Online 9.0\Email RemovedEXE" -b
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   AOL
   hkey   HKCU
   command   "C:\Program Files\America Online 9.0\Email RemovedEXE" -b
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOLDialer
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   AOLDial
   hkey   HKLM
   command   C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   AOLDial
   hkey   HKLM
   command   C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EmailScan
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   mcvsescn
   hkey   HKLM
   command   C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   mcvsescn
   hkey   HKLM
   command   C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Eraser
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   eraser
   hkey   HKCU
   command   C:\Program Files\Eraser\eraser.exe -hide
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   eraser
   hkey   HKCU
   command   C:\Program Files\Eraser\eraser.exe -hide
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HostManager
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   AOLSoftware
   hkey   HKLM
   command   C:\Program Files\Common Files\AOL\1154225977\ee\AOLSoftware.exe
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   AOLSoftware
   hkey   HKLM
   command   C:\Program Files\Common Files\AOL\1154225977\ee\AOLSoftware.exe
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OASClnt
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   oasclnt
   hkey   HKLM
   command   C:\Program Files\mcafee.com\antivirus\oasclnt.exe
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   oasclnt
   hkey   HKLM
   command   C:\Program Files\mcafee.com\antivirus\oasclnt.exe
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Pure Networks Port Magic
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   PortAOL
   hkey   HKLM
   command   "C:\PROGRA~1\PURENE~1\PORTMA~1\PortEmail Removedexe" -Run
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   PortAOL
   hkey   HKLM
   command   "C:\PROGRA~1\PURENE~1\PORTMA~1\PortEmail Removedexe" -Run
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   qttask
   hkey   HKLM
   command   "C:\Program Files\QuickTime\qttask.exe" -atboottime
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   qttask
   hkey   HKLM
   command   "C:\Program Files\QuickTime\qttask.exe" -atboottime
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   RealPlay
   hkey   HKLM
   command   C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   RealPlay
   hkey   HKLM
   command   C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   YahooMessenger
   hkey   HKCU
   command   "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   YahooMessenger
   hkey   HKCU
   command   "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
   system.ini   0
   win.ini   0
   bootini   0
   services   0
   startup   2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption
   legalnoticetext
   shutdownwithoutlogon   1
   undockwithoutlogon   1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   145

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder    {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
   CDBurn    {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
   WebCheck    {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
   SysTray     {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = C:\WINDOWS\system32\userinit.exe,
   Shell      = Explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
    = WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/2/2006 2:05:18 AM

----------------------------------------------------------------------------------------------------------------

56K PCI Voice Modem SF-1156IV R9A
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Creative PCI Audio Drivers
Eraser 5.8
ExtractNow
Gateway Wallpaper
HijackThis 1.99.1
IrfanView (remove only)
Pure Networks Port Magic
QuickTime
RealPlayer Basic
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Messenger

guestolo · « **Reply #5 on:** August 03, 2006, 12:27:02 AM »

Your disabling a lot of entries from running on startup with msconfig
That makes your hijackthis log incomplete and hard to read
Can you go back into msconfig
Reenable everything on startup and then restart your computer

Afterwards, shut down, do you still get the problem?

If not we will have to troubleshoot what program is giving problems
Why do you install McAfee's then disable all of it's functions?

+ Once you have done the above, post a fresh hijackthis log please
Keep everything enabled on startup,

Is Eraser 5.8 stil in Beta?
If it is, it may have a bug
You may want to uninstall it and see if it is a cause of problems

goldschlager · « **Reply #6 on:** August 03, 2006, 08:47:40 PM »

Quest,

I've decided to stop investigating this. I really think it's something innocuous and it's not causing me any problems other than taking my computer an extra second to shut down. And nothing is eating up the CPU usage in Task Manager when I'm using the computer.

If it ever starts to cause me serious problems then I'll take up your advice. You may be right that it has something to do with my disabling so many Startup options. I am certain that McAfee is working just fine. It loads under my AOL Safety and Security Center, which is the only thing I allow at Startup.

The one suggestion of yours that I think I will follow immediately is to uninstall Eraser 5.8 and get the version that came out before it.

Incidentally, on another message board someone suggested I look into Event Viewer. I checked all 3 logs in the Event Viewer. Absolutely nothing is showing up in the Application Error Records at the times I shut down. In the Security Audit Records only normal stuff like "User initiated logoff" and "Windows is shutting down" shows up at the times I shut down. In the System Error Records only "the Event Log service was stopped" shows up at the times I shut down.

I'd like to thank you sincerely for all the time you devoted to my question. It was very much appreciated.

TheTechGuide Forum

News:

Author Topic: I bet you can't solve this one (Read 491 times)

goldschlager

I bet you can't solve this one

guestolo

I bet you can't solve this one

goldschlager

I bet you can't solve this one

guestolo

I bet you can't solve this one

goldschlager

I bet you can't solve this one

guestolo

I bet you can't solve this one

goldschlager

I bet you can't solve this one