Computer Crashing, Very Slow Startup and Running slowly

Hello Hook135, welcome to TSF and thanks for your patience. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

I don't see anything out of the ordinary in your log. I'd wager the setup screen is your computer doing a disk check before booting up. Windows will check your hard drive for errors after a crash. Let's do a few scans to see if we can find anything.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any.

Download CleanUp!
Download and install CleanUp! but do not run it yet. (alternate link if main link isn't working: http://www.greyknight17.com/spy/CleanUp.exe)

WARNING: CleanUp! deletes EVERYTHING out of temporary folders and does not make backups. If you have any documents or programs that are saved in any temporary folders, please make a backup of these before running CleanUp!

WARNING: Do not run cleanup under Windows XP x64 Edition. If you're not sure if you have the 64-bit version of Windows then you probably do not; however, you can check by using IE to download the whichcpu tool and then running it.


Download AVG Anti-Spyware
Please download, install, and update AVG Anti-Spyware.

1. Load AVG Anti-Spyware and then click the Shield tab at the top
   • Click on the word active to change it to inactive.
2. Click the Update tab at the top:
   • Under Manual update, click Start update. After the update finishes, the status bar at the bottom will display "Update successful". If you are having trouble updating, you can also download and run the manual updater.
   • Under Automatic update, change the Update interval to something more reasonable like 12 or 24 hours.
3. Click the Scanner tab at the top and then the Settings sub-tab:
   • Under How to act?, click Recommended actions and select Quarantine.
   • Under Reports, select Automatically generate report after every scan
4. Close AVG Anti-Spyware. Do not run a scan with it yet.

Uninstall
Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

Please let me know if any of these were unable to uninstall.


Reboot
Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows.


HijackThis Fixes
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any):
Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis.


Deletions
Delete the following Folders indicated in BLUE if they still exist.



Run CleanUp!
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:

• Click "Options..."
• Move the arrow down to "Custom CleanUp!"
• Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
  • Click on the "Temporary Files" and make sure the box for "Scan drives for file matching" is unchecked.
  Click OK.
• Press the CleanUp! button to start the program.

Once it's finished CleanUp! will ask you to logoff/reboot. Please select NO as we will do this later.


Run AVG Anti-Spyware

• Run AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
• AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action.
  
• If Set all elements to is not set to Quarantine (1), please click Recommended Action and choose Quarantine from the popup menu (2).
• At the bottom of the window, click on the Apply all actions button (3).
• When it has finished, click the Save Scan Report button (4), then click Save Report As and save the report it to your desktop.
• Close AVG Anti-Spyware.

Reboot
Reboot your system to Normal Mode.


Online Scan
Perform an online scan using Internet Explorer with Kaspersky WebScanner. Click on Launch Kaspersky Anti-Virus Web Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files.
• Once the files have been downloaded, click on NEXT.
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database: extended
  • Scan Options: Scan Archives and Scan Mail Bases
• Click OK
• Turn off the real time scanner of any existing antivirus program before performing the online scan. You can turn it back on after the scan is done.
• Now under select a target to scan, select My Computer
• The program will start and scan your system.
• The scan will take a while so be patient and let it run all the way.
• Once the scan is complete it will display if your system has been infected.
• Click on the Save as Text button and save the file to your desktop.
• Copy and paste that information in your next post.

Take note the names and locations of any file it detects but fails to clean.


Download Autoruns

• Please download Autoruns and AutoCmd.
• Extract the contents of Autoruns into a new folder.
• Now extract the contents of AutoCmd into the same folder as Autoruns. This is important!
• Double-click on AutoCmd.cmd & select option '1'
• It will produce a log called autoruns_X_Y.txt (where X and Y are the date and time respectively). Please attach the log in your next reply.

Generate An Uninstall List

• Open HijackThis.
• Click on the "Configure" button on the bottom right.
• Click on the tab "Misc Tools".
• Click on the Box that says "Open Uninstall Manager".
• Click on the button "Save list"

Please save a copy and paste the contents with your next reply.


With Your Next Post...
Please paste the following with your next reply (in this order please):

1. AVG Anti-Spyware scan report,
2. Kaspersky scan report,
3. your Autoruns log,
4. your uninstall list, and
5. a new HiJackThis log taken after Kaspersky finishes.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:49:17 AM 1/7/2007

+ Scan result:



Nothing found.



::Report end

Kaspersky
Number of suspicious objects: 0
Duration of the scan process: 01:31:00

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\PFP100JCM.{PB Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\PFP100JPR.{PB Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite_ERlWriwXmEMRPhE Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite_HPsi31ydRWCkzWE Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite_TOwDG4lBSpuVVL0 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\WT1ADF.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\WT1AE0.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\WT1AE1.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\WT1AE2.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\WT1AE3.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\Brandis Stuff\Brandi B. Day Care\Job Hunting - Interview Info. & Documents\Nanny Letter to Family.wpd Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\Corel User Files\WT10US.UWL Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\mcafee.com personal firewall\data\IpRules.xdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\EPG\epg.sdf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_2829355695_3295543296_3304 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBED.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{5FF5ED9A-2419-4B8C-9D03-35BE36CFAFE9}.TmpSBE Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\CA\PPRT\logs\2007-01-07.csv Object is locked skipped
C:\Program Files\hp center\137903\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\hp center\137903\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\hp center\137903\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\hp center\137903\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\hp center\137903\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\hp center\137903\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\hp center\137903\Users\Default\Data\L0000012.FCS Object is locked skipped
C:\Program Files\hp center\137903\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\hp center\137903\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\hp center\137903\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\hp center\137903\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\hp center\137903\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\hp center\137903\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\hp center\137903\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\hp center\137903\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\hp center\137903\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\hp center\137903\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\hp center\137903\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\hp center\137903\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\hp center\137903\Users\Default\Data\storydb.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{DAC9DB1F-8BEF-451E-AB3B-6A67094EA198}\RP450\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Lucent Win Modem.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{DAC9DB1F-8BEF-451E-AB3B-6A67094EA198}\RP450\change.log Object is locked skipped

Scan process completed.

Autoruns
Administrator - Wed 01/10/[email protected]:36:55.29
running from C:\Documents and Settings\Administrator\Desktop\New Folder\

Other users of this machine:

----------------------------------------------------------------------------------

HKLM\System\CurrentControlSet\Services
AOL ACS
AOL Connectivity Service
(Verified) America Online, Inc.
c:\program files\common files\aol\acs\aolacsd.exe
AOL TopSpeedMonitor
AOL TopSpeed(TM) Monitor
(Verified) America Online, Inc.
c:\program files\common files\aol\topspeed\2.0\aoltsmon.exe
aolavupd
SSC Antivirus DAT Update Service
(Verified) America Online, Inc.
c:\program files\common files\aol\1141775759\ee\services\safetycore\ver210_5_2_1\aolavupd.exe
AVG Anti-Spyware Guard
AVG Anti-Spyware guard
(Not verified) Anti-Malware Development a.s.
c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
ewido security suite control
File not found: C:\Documents and Settings\Administrator\Desktop\ewido anti-malware\ewidoctrl.exe
InCDsrv
Helper service for the InCD filesystem driver
(Not verified) Nero AG
c:\program files\ahead\incd\incdsrv.exe
ITMRTSVC
Service component for CA Pest Patrol Realtime Protection
(Verified) CA
c:\program files\ca\pprt\bin\itmrtsvc.exe
LightScribeService
Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work.
(Not verified) Hewlett-Packard Company
c:\program files\common files\lightscribe\lssrvc.exe
McShield
McAfee OnAccess Scanner
(Not verified) McAfee Inc.
c:\program files\mcafee.com\antivirus\mcshield.exe
MpfService
McAfee Personal Firewall Service
(Not verified) McAfee Corporation
c:\program files\mcafee.com\personal firewall\mpfservice.exe
StarWindService
Enables network access to local devices via iSCSI protocol.
File not found: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

HKLM\System\CurrentControlSet\Services
AVG Anti-Spyware Driver
c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
AvgAsCln
AVG7 Clean Driver
(Not verified) GRISOFT, s.r.o.
c:\windows\system32\drivers\avgascln.sys
CO_Mon
c:\windows\system32\drivers\co_mon.sys
drvmcdb
Device Driver
(Not verified) VERITAS Software, Inc.
c:\windows\system32\drivers\drvmcdb.sys
ewido security suite driver
File not found: C:\Documents and Settings\Administrator\Desktop\ewido anti-malware\guard.sys
GEARAspiWDM
CD/DVD Class Filter Driver
(Verified) GEAR Software Inc.
c:\windows\system32\drivers\gearaspiwdm.sys
IFP300
iRiver Internet Audio Player IFP-300
File not found: system32\DRIVERS\ifp300.sys
InCDPass
Ahead RW Filter Driver
(Not verified) Nero AG
c:\windows\system32\drivers\incdpass.sys
MPFIREWL
McAfee Personal Firewall Driver
(Not verified) McAfee
c:\windows\system32\drivers\mpfirewall.sys
pfc
Padus(R) ASPI Shell
(Not verified) Padus, Inc.
c:\windows\system32\drivers\pfc.sys
PIEHGDZL
File not found: C:\WINDOWS\system32\piehgdzl.arl
PxHelp20
Px Engine Device Driver for Windows 2000/XP
(Not verified) Sonic Solutions
c:\windows\system32\drivers\pxhelp20.sys

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
KYE_Showicon
shwicon
(Not verified) MyComp
c:\program files\usb storage rw\shwicon.exe
KBD
KBD EXE
(Not verified) Hewlett-Packard Company
c:\hp\kbd\kbd.exe
Recguard
Recguard MFC Application
c:\windows\sminst\recguard.exe
sscRun
SSC Install Helper
(Verified) America Online, Inc.
c:\program files\common files\aol\1141775759\ee\sscrun.exe
PS2
File not found: C:\WINDOWS\system32\ps2.exe
OASClnt
McAfee VirusScan OAS Client
(Verified) McAfee, Inc.
c:\program files\mcafee.com\antivirus\oasclnt.exe
EmailScan
McAfee VirusScan E-mail Scan Module
(Verified) McAfee, Inc.
c:\program files\mcafee.com\antivirus\mcvsescn.exe
MPFExe
McAfee Personal Firewall Tray Monitor
(Verified) McAfee, Inc.
c:\program files\mcafee.com\personal firewall\mpftray.exe
SunJavaUpdateSched
Java(TM) 2 Platform Standard Edition binary
(Not verified) Sun Microsystems, Inc.
c:\program files\java\jre1.5.0_06\bin\jusched.exe
StorageGuard
VERITAS Update Manager
(Not verified) VERITAS Software, Inc.
c:\program files\veritas software\update manager\sgtray.exe
Share-to-Web Namespace Daemon
hpgs2wnd
(Not verified) Hewlett-Packard
c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
RemoteControl
PowerDVD RC Service
(Not verified) Cyberlink Corp.
c:\program files\cyberlink dvd solution\powerdvd\pdvdserv.exe
RealTray
RealPlayer
(Not verified) RealNetworks, Inc.
c:\program files\real\realplayer\realplay.exe
NeroFilterCheck
NeroCheck
(Not verified) Ahead Software Gmbh
c:\windows\system32\nerocheck.exe
InCD
InCD
(Not verified) Nero AG
c:\program files\ahead\incd\incd.exe
hpsysdrv
hpsysdrv
(Not verified) Hewlett-Packard Company
c:\windows\system\hpsysdrv.exe
HostManager
AOL
(Verified) AOL LLC
c:\program files\common files\aol\1141775759\ee\aolsoftware.exe
CamMonitor
HpqCmon MFC Application
c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe
AutoTBar
File not found: C:\hp\bin\autotbar.exe
AOLSPScheduler
SSC AntiSpyware Support
(Verified) America Online, Inc.
c:\program files\common files\aol\1141775759\ee\services\safetycore\ver210_5_2_1\aolsp scheduler.exe
AOLDialer
AOL Connectivity Service Dialer
(Verified) America Online, Inc.
c:\program files\common files\aol\acs\aoldial.exe
QuickTime Task
QuickTime Task
(Not verified) Apple Computer, Inc.
c:\program files\quicktime\qttask.exe
!AVG Anti-Spyware
AVG Anti-Spyware
(Not verified) Anti-Malware Development a.s.
c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe
iTunesHelper
iTunesHelper Module
(Verified) Apple Computer, Inc.
c:\program files\itunes\ituneshelper.exe

HKLM\SOFTWARE\Classes\Protocols\Filter
application/octet-stream
Microsoft .NET Runtime Execution Engine
(Not verified) Microsoft Corporation
c:\windows\system32\mscoree.dll
application/x-complus
Microsoft .NET Runtime Execution Engine
(Not verified) Microsoft Corporation
c:\windows\system32\mscoree.dll
application/x-msdownload
Microsoft .NET Runtime Execution Engine
(Not verified) Microsoft Corporation
c:\windows\system32\mscoree.dll

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
n/a
Microsoft .NET IE SECURITY REGISTRATION
(Not verified) Microsoft Corporation
c:\windows\system32\mscories.dll

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk
Adobe Gamma Loader
(Not verified) Adobe Systems, Inc.
c:\program files\common files\adobe\calibration\adobe gamma loader.exe
Adobe Reader Speed Launch.lnk
Adobe Acrobat SpeedLauncher
(Not verified) Adobe Systems Incorporated
c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
AutoCAD Startup Accelerator.lnk
AutoCAD Startup Accelerator
(Verified) Autodesk, Inc
c:\program files\common files\autodesk shared\acstart16.exe
hp center.lnk
c:\program files\hp center\137903\program\backweb-137903.exe
Microsoft Office.lnk
Microsoft Office 2000 component
(Not verified) Microsoft Corporation
c:\program files\microsoft office\office\osa9.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SsAAD.exe
SonicStage Atrac Hard Disk Monitor
c:\program files\sony\sonicstage\ssaad.exe

Task Scheduler
AppleSoftwareUpdate.job
Software Application
(Verified) Apple Computer, Inc.
c:\program files\apple software update\softwareupdate.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Yahoo! Toolbar Helper
File not found: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
Adobe PDF Reader Link Helper
Adobe Acrobat IE Helper Version 7.0 for ActiveX
(Verified) Adobe Systems, Incorporated
c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
SSVHelper Class
Java(TM) 2 Platform Standard Edition binary
(Not verified) Sun Microsystems, Inc.
c:\program files\java\jre1.5.0_06\bin\ssv.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
ewido shell guard
File not found: C:\Documents and Settings\Administrator\Desktop\ewido anti-malware\shellhook.dll
AVG Anti-Spyware 7.5
AVG Anti-Spyware shellexecutehoo

Unistall List
Ad-Aware SE Personal
Adobe Photoshop 7.0
Adobe Reader 7.0.7
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
ArcSoft PhotoImpression 5
ArcSoft Picture Software
AutoCAD 2006 - English
Autodesk DWF Viewer
AVG Anti-Spyware 7.5
CA Pest Patrol Realtime Protection
CleanUp!
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab Decrypter 2.9.8.3
EPSON CX 4200 4800 Guide
EPSON Printer Software
EPSON Scan
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
hp center
HP Digital Imaging Album Printing 1.0
HP Instant Support
HP Memories Disc
HP Photo and Imaging 1.1 - Photosmart Cameras
Inactive HP Printer Drivers (Remove only)
InCD
InterVideo MP3 XPack
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 6
Kaspersky Online Scanner
KBD
Lavasoft VX2 Cleaner
Lernout & Hauspie TruVoice American English TTS Engine
LightScribe Applications
Lightscribe Extended Label Contrast Utility
LimeWire 4.12.6
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
MSXML 4.0 SP2 (KB927978)
Multimedia Launcher
MyDVD
Nero OEM
NVIDIA Windows 2000/XP Display Drivers
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module 4.5.01
PC-Doctor for Windows
PowerDVD
PowerProducer
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealPlayer Basic
RecordNow
RecordNow Update Manager
Safety and Security Center Uninstaller
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
ShowBiz
Simple Backup for My Pictures
SonicStage 4.0
SureThing CD Labeler 4 SE
Switch Uninstall
TI Connect 1.6
UltimateBet
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
USB Storage RW
Viewpoint Media Player
WavePad Uninstall
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WordPerfect Productivity Pack
WordPerfect Productivity Pack
Yahoo! Toolbar for Internet Explorer

New Hijack
Logfile of HijackThis v1.99.1
Scan saved at 8:39:54 PM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\ehome\ehtray.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\AOL\1141775759\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\AOL\1141775759\ee\SSCEvtHdlr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1141775759\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\AOL\1141775759\ee\aolsoftware.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Common Files\AOL\1141775759\ee\aolsoftware.exe
C:\Program Files\Corel\WordPerfect Office 2002\Programs\Wpwin10.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1141775759\ee\SSCRun.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141775759\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1141775759\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://www.yahoo.com/diskless/bin/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4902/mcfscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1141775759\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - Unknown owner - C:\Documents and Settings\Administrator\Desktop\ewido anti-malware\ewidoctrl.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)

Those two scanners didn't turn up anything. Let's try another one.

Uninstall
Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):
Please let me know if any of these were unable to uninstall.


Deletions
Delete the following folder indicated in BLUE if it still exists:


Online Scan
Perform an online scan with Internet Explorer with Panda ActiveScan.

1. Click on the "Scan your PC" button located at the bottom of the page. A popup window should appear -- make sure you allow it if you have a popup blocker.
2. Enter your e-mail address, country, and state and click Scan Now.
3. Your computer will download Panda's 8 megabyte ActiveX control at this point. Follow the on-screen directions if it asks you to install the ActiveX control.
4. Begin the scan by selecting My Computer. Note:
   • Please turn off the real time scanner of any existing antivirus program while performing the online scan.
   • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
   • Click on See report then click Save report.
   • It is not necessary to remain online while it's doing the scan, but you will have to re-connect after it has finished to see the report.

Post that log for me.