1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijackthis Log -- Please Check

Discussion in 'Earlier Versions of Windows' started by anthonyb, Jan 26, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. anthonyb

    anthonyb Thread Starter

    Joined:
    Feb 21, 2005
    Messages:
    96
    Hello -- I am trying to clean up this older computer for the neighbors children and was hoping someone could examine the Hijackthis log and let me know how things look.

    I have run AdAware, Spybot and AVG and all is well. The machine does seem to be slow on start up and at times it refuses to shut down properly.

    Thanks for any help and info ---
    =======================

    Logfile of HijackThis v1.99.1
    Scan saved at 7:44:44 PM, on 1/25/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
    C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS.000\SYSTEM\mmtask.tsk
    C:\WINDOWS.000\SYSTEM\MPREXE.EXE
    C:\WINDOWS.000\SYSTEM\MSTASK.EXE
    C:\WINDOWS.000\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS.000\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS.000\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS.000\EXPLORER.EXE
    C:\WINDOWS.000\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS.000\TASKMON.EXE
    C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS.000\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS.000\LOADQM.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
    C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\PEOPLEPC\ISP6230\BROWSER\BARTSHEL.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
    C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
    C:\ESM2\STMS.EXE
    C:\ESM2\EBRR.EXE
    C:\PROGRAM FILES\PEOPLEPC\ISP6230\BROWSER\PPSHARED.EXE
    C:\PROGRAM FILES\PEOPLEPC\ISP6230\BROWSER\BARTSHEL.EXE
    C:\WINDOWS.000\SYSTEM\RNAAPP.EXE
    C:\WINDOWS.000\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\PEOPLEPC ACCELERATED\PEOPLEPC.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
    O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\PROGRAM FILES\PEOPLEPC\TOOLBAR\PPCTOOLBAR.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\PROGRAM FILES\PEOPLEPC\TOOLBAR\PPCTOOLBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS.000\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\PROGRA~1\LOGITECH\WINGMA~1\Lwinst.exe -d -l "C:\PROGRA~1\LOGITECH\WINGMA~1\Lwpevntm.exe"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6230\BIN\PPCOLink.exe -STATION
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS.000\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS.000\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS.000\SYSTEM\KB891711\KB891711.EXE
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS.000\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
    O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
    O4 - Startup: MSN Internet Access.lnk = C:\Program Files\MSNIA\TRAYCLNT.EXE
    O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
    O14 - IERESET.INF: START_PAGE_URL=http://msnmember.msn.com
    O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com/components/ocx/autopricer/autopricer.cab
    O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/Components/Ocx/Exterior/Outside.cab
    O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
    O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
     
  2. Deon555

    Deon555

    Joined:
    Jan 18, 2006
    Messages:
    134
    Hi Anthony,
    Although this is one of my first HJT Log's reviewed, it looks fine to me.
    Don't click solved until 1 more person gives the thumbs up! :p

    Deon
     
  3. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,782
    First Name:
    Frank
    Anthonyb:

    There are way too many programs in that computer that are loading during startup and running in the background, so we need to get the startup list trimmed down.

    Click Start - Run, type in MSCONFIG, then click OK - "Startup" tab. Remove the checkmark from:

    TaskMonitor taskmon.exe

    PCHealth PCHSchd.exe

    TkBellExe realsched.exe

    LoadPowerProfile LoadCurrentPwrScheme

    LoadQM loadqm.exe

    msnappau msnappau.exe

    LoadPowerProfile LoadCurrentPwrScheme

    SchedulingAgent mstask.exe

    KB891711 KB891711

    Reminder reminder.exe

    Microsoft Find Fast FINDFAST.EXE

    Office Startup OSA.EXE

    Microsoft Works Calendar Reminders WKCALREM.EXE

    Microsoft Greetings Reminders MHPRMIND.EXE

    Click Apply - OK afterwards, then reboot when prompted to.

    -------------------------------------------------------------------------------------

    Run another scan with HijackThis after you've done the above, then post that new log here.

    -------------------------------------------------------------------------------------
     
  4. anthonyb

    anthonyb Thread Starter

    Joined:
    Feb 21, 2005
    Messages:
    96
    Thanks for the response and help.

    I did as you instructed and below is the new Hijackthis log.

    I am still having problems shutting down, but as you would assume, START UP is faster.

    When I click on START > SHUT DOWN > OK, the monitor will go blank, but the computer keep running. If I hit the restart button or uplug, the IMPROPER SHUTDOWN message appears and the scan begins.

    By the way, I have cancelled the MSN Internet service from this computer. Can I remove the check marks from ----> 03-toolbar:MSN? As a matter of fact, can I remove the check marks from the other 03 toolbar items as well?
    ========================
    Logfile of HijackThis v1.99.1
    Scan saved at 5:31:14 PM, on 1/26/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
    C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS.000\SYSTEM\mmtask.tsk
    C:\WINDOWS.000\SYSTEM\MPREXE.EXE
    C:\WINDOWS.000\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS.000\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS.000\EXPLORER.EXE
    C:\WINDOWS.000\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS.000\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\PEOPLEPC\ISP6230\BROWSER\BARTSHEL.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\PROGRAM FILES\MSNIA\TRAYCLNT.EXE
    C:\ESM2\STMS.EXE
    C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
    C:\ESM2\EBRR.EXE
    C:\PROGRAM FILES\PEOPLEPC\ISP6230\BROWSER\PPSHARED.EXE
    C:\PROGRAM FILES\PEOPLEPC\ISP6230\BROWSER\BARTSHEL.EXE
    C:\WINDOWS.000\SYSTEM\RNAAPP.EXE
    C:\WINDOWS.000\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\PEOPLEPC ACCELERATED\PEOPLEPC.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
    C:\WINDOWS.000\SYSTEM\PSTORES.EXE
    C:\WINDOWS.000\WUAUBOOT.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
    O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\PROGRAM FILES\PEOPLEPC\TOOLBAR\PPCTOOLBAR.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\PROGRAM FILES\PEOPLEPC\TOOLBAR\PPCTOOLBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\PROGRA~1\LOGITECH\WINGMA~1\Lwinst.exe -d -l "C:\PROGRA~1\LOGITECH\WINGMA~1\Lwpevntm.exe"
    O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6230\BIN\PPCOLink.exe -STATION
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS.000\SYSTEM\msconfig.exe /reminder
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS.000\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS.000\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS.000\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - Startup: MSN Internet Access.lnk = C:\Program Files\MSNIA\TRAYCLNT.EXE
    O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
    O14 - IERESET.INF: START_PAGE_URL=http://msnmember.msn.com
    O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com/components/ocx/autopricer/autopricer.cab
    O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/Components/Ocx/Exterior/Outside.cab
    O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
    O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
     
  5. jubalsams

    jubalsams

    Joined:
    Aug 25, 2004
    Messages:
    114
    An aside for the shutdown problem: in msconfig "General" tab, Advanced, check "Disable fast shutdown". Many times this helps. BTW if you have a C:\WINDOWS folder; delete it as you are running at C:\WINDOWS.000.
    Best
     
  6. anthonyb

    anthonyb Thread Starter

    Joined:
    Feb 21, 2005
    Messages:
    96
    jubalsams -- Thank you for the info.

    flavallee asked me to repost the HijackThis log, after making some changes, but I never heard received another reply.

    I am not on the 'problem' computer at the moment, but, aside from the change you suggested, does everything else on the log look OK?

    Thanks again ---
     
  7. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,782
    First Name:
    Frank
    Anthonyb:

    I've been very busy for the last 2 days and haven't been on these forums at all, which is why you haven't received a reply from me until now.

    The startup list looks much better.

    Check the C: directory and see if both WINDOWS and WINDOWS.000 folders exist. It's obvious that Windows was reinstalled in that computer, but it was reinstalled in C:\WINDOWS.000 instead of C:\WINDOWS. If there are both folders, delete the WINDOWS folder.

    What ISP is that computer using?

    -------------------------------------------------------------------------------------
     
  8. anthonyb

    anthonyb Thread Starter

    Joined:
    Feb 21, 2005
    Messages:
    96
    flavallee --

    Hello again -- Welcome back.

    The computer is now using PEOPLE PC. It was using MSN until about a week ago.

    I won't be able to check the WINDOWS.000 and WINDOWS folders on the PC in question until Sunday or Monday.

    I did another HJT and posted the log below, but maybe you can answer another question for me in the meantime.

    When I go to START > RUN and type in MSCONFIG and then go to the GENERAL tab, what should be checked, the first one NORMAL STARTUP or the third one, SELECTIVE STARTUP, with all five circles checked?

    Also, I notice that when I shutdown and it takes a long time -- If I click on CTRL/ALT/DELETE one of the following three, BARTSHELL, ZLCLIEN orr VSMON always say (
    (NOT RESPONDING)
    =============================

    Logfile of HijackThis v1.99.1
    Scan saved at 5:13:20 PM, on 1/27/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
    C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS.000\SYSTEM\mmtask.tsk
    C:\WINDOWS.000\SYSTEM\MPREXE.EXE
    C:\WINDOWS.000\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS.000\SYSTEM\MSTASK.EXE
    C:\WINDOWS.000\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS.000\EXPLORER.EXE
    C:\WINDOWS.000\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS.000\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\PEOPLEPC\ISP6230\BROWSER\BARTSHEL.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\WINDOWS.000\TASKMON.EXE
    C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS.000\LOADQM.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
    C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
    C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
    C:\ESM2\STMS.EXE
    C:\WINDOWS.000\SYSTEM\ZONELABS\VSMON.EXE
    C:\ESM2\EBRR.EXE
    C:\PROGRAM FILES\PEOPLEPC\ISP6230\BROWSER\PPSHARED.EXE
    C:\PROGRAM FILES\PEOPLEPC\ISP6230\BROWSER\BARTSHEL.EXE
    C:\WINDOWS.000\SYSTEM\RNAAPP.EXE
    C:\WINDOWS.000\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALEVENT.EXE
    C:\PROGRAM FILES\PEOPLEPC ACCELERATED\PEOPLEPC.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
    O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\PROGRAM FILES\PEOPLEPC\TOOLBAR\PPCTOOLBAR.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\PROGRAM FILES\PEOPLEPC\TOOLBAR\PPCTOOLBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\PROGRA~1\LOGITECH\WINGMA~1\Lwinst.exe -d -l "C:\PROGRA~1\LOGITECH\WINGMA~1\Lwpevntm.exe"
    O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6230\BIN\PPCOLink.exe -STATION
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS.000\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS.000\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS.000\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS.000\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS.000\SYSTEM\KB891711\KB891711.EXE
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
    O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
    O4 - Startup: MSN Internet Access.lnk = C:\Program Files\MSNIA\TRAYCLNT.EXE
    O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
    O14 - IERESET.INF: START_PAGE_URL=http://msnmember.msn.com
    O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com/components/ocx/autopricer/autopricer.cab
    O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/Components/Ocx/Exterior/Outside.cab
    O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
    O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
     
  9. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,782
    First Name:
    Frank
    What happened to the startup list?:confused: All the entries that I advised you to uncheck and disable in #3 are back in the list.:(

    The only time that NORMAL STARTUP will be selected is when all the startup entries are checked and enabled. After one or more entries have been unchecked and disabled, it'll switch to SELECTIVE STARTUP - which is what you want.(y)

    BARTSHELL is associated with PeoplePC.

    ZLCLIEN and VSMON is associated with ZoneAlarm.

    -------------------------------------------------------------------------------------
     
  10. anthonyb

    anthonyb Thread Starter

    Joined:
    Feb 21, 2005
    Messages:
    96
    flavallee ---

    Thank you for your reply and your patience.

    The only thing I can think of, as far as the HJT log is concerned, is that I must have reposted the original by mistake.

    I went back to MSCONFIG and made sure all the programs you advised to uncheck are just that -- Unchecked.

    I have posted a new HJT log below ( I hope :) ).

    As for the WINDOWS folders -- Actually, I found three folders ----> WINDOWS / WINDOWS 00 / WINDOWS 000.

    The WINDOWS 00 was empty, so I deleted it. The WINDOWS has 239 mb of info and 34 folders. I was going to delete it as well, as you instructed, but I thought I would wait for your reply to be certain, since it does contain some folders.

    The final one, WINDOWS 000, contains 1.18 GB, 521 folders and 29,663 files.

    Here is the new HJT log -- And once again, thank you.
    ===============================
    Logfile of HijackThis v1.99.1
    Scan saved at 6:02:52 PM, on 1/30/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
    C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS.000\SYSTEM\mmtask.tsk
    C:\WINDOWS.000\SYSTEM\MPREXE.EXE
    C:\WINDOWS.000\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS.000\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS.000\EXPLORER.EXE
    C:\WINDOWS.000\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS.000\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\PROGRAM FILES\PEOPLEPC\ISP6230\BROWSER\BARTSHEL.EXE
    C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
    C:\ESM2\STMS.EXE
    C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
    C:\ESM2\EBRR.EXE
    C:\PROGRAM FILES\PEOPLEPC\ISP6230\BROWSER\PPSHARED.EXE
    C:\PROGRAM FILES\PEOPLEPC\ISP6230\BROWSER\BARTSHEL.EXE
    C:\WINDOWS.000\SYSTEM\RNAAPP.EXE
    C:\WINDOWS.000\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
    C:\PROGRAM FILES\PEOPLEPC ACCELERATED\PEOPLEPC.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
    O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\PROGRAM FILES\PEOPLEPC\TOOLBAR\PPCTOOLBAR.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\PROGRAM FILES\PEOPLEPC\TOOLBAR\PPCTOOLBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\PROGRA~1\LOGITECH\WINGMA~1\Lwinst.exe -d -l "C:\PROGRA~1\LOGITECH\WINGMA~1\Lwpevntm.exe"
    O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6230\BIN\PPCOLink.exe -STATION
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS.000\SYSTEM\msconfig.exe /reminder
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS.000\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS.000\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS.000\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
    O4 - Startup: MSN Internet Access.lnk = C:\Program Files\MSNIA\TRAYCLNT.EXE
    O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
    O14 - IERESET.INF: START_PAGE_URL=http://msnmember.msn.com
    O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com/components/ocx/autopricer/autopricer.cab
    O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/Components/Ocx/Exterior/Outside.cab
    O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
    O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
     
  11. anthonyb

    anthonyb Thread Starter

    Joined:
    Feb 21, 2005
    Messages:
    96
    jubalsams ---

    Hello and thanks for your input.

    I went to MSCONFIG and the GENERAL tab and then ADVANCED. There is no DISABLE FAST START UP listed. Of the items that are listed, none are checked.

    The only items that use the word DISABLE are the following:
    1. DISABLE SYSTEM ROM BREAKPOINT
    2. DISABLE VIRTUAL HD IRQ
    3. DISABLE SCANDISCK AFTER BAD SHUTDOWN
    4. DISABLE UDF FILE SYSTEM

    Thanks again ---
     
  12. jubalsams

    jubalsams

    Joined:
    Aug 25, 2004
    Messages:
    114
    Hi anthonyb,
    Sorry about that, i mistakenly assumed Win98 instead of WinME.

    Wow, i wonder why your C:\WINDOWS.000\ folder has so much in it? Try in IE .. Tools Internet Options, Temporary Internet Files.. Delete Files. Yet that seems too many folders also.

    Best
     
  13. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,782
    First Name:
    Frank
    Anthonyb:

    Do the WINDOWS and WINDOWS.000 folders both contain numerous files with a .CAB extension, and do they also contain a "Setup.exe" file?

    -------------------------------------------------------------------------------------

    The following entries can be unchecked and disabled in the MSCONFIG "Startup" tab:

    NvCplDaemon NvQTwk,NvCplDaemon

    nwiz nwiz.exe

    Microsoft Works Calendar Reminders WKCALREM.EXE

    -------------------------------------------------------------------------------------
     
  14. anthonyb

    anthonyb Thread Starter

    Joined:
    Feb 21, 2005
    Messages:
    96
    flavallee ---

    Thanks again for the time --

    I found no files with the CAB extension. There are BAK / NAV / SWP / ACL / DLL / SYS / LOG extensions, but no CAB.
    =========================

    The WINDOWS000 folder contains a SETUP file, but not EXE. It says BITMAP IMAGE.

    The WINDOWS folder contains nothing that says SETUP.

    Below is everything that is contained in the WINDOWS folder---->
    FOLDERS: FONTS / HELP / INF / JAVA / MSAGENT / OPTIONS / SYSBACKUP / SYSTEM /
    SYSTEM 32 / TEMP / UPGDLLS / UPGINFS / VCM

    All of those folders are also contained in the WINDOWS000 folder, except INF & SYSBCKUP.

    FILES: BACKGRND / COLUD / CLSPACK / DRWATSOD / EXPLORER / EXTRAC32/ FONTVIEW / GRPCONV / HH / HWINFO / JAUTOEXP /JVIEW / LICENSE / MSNMGSR1 /
    NETCONN / PIDSET / RUNHELP / SCRIPT / SET DEBUG / SIGVERIF / SUBACK / SUBACK16 /
    SUPPORT / TUNEUP / UPWIZUN / W9VSETUP / WIN1024 / WIN640 / WIN800 / WINCOOL /
    WJVIEW / WSCIRPT
    ===========================

    I removed the three latest STARTUP items that you advised, but I started having a few problems. When logging on I would receive the following message:
    SYSTEM CONFIGURATION UTILITY
    ENVIRONMENT VARIABLES WERE FOUND IN THE LEGACY FILES AUTOEXEC.BAT and/or THE VARIABLES WERE REMOVED TO THE WINDOW REGISTRY.

    When I click OK ---- It brings up the SYSTEM CONFIGURATION UTILITY window with the STARTUP SELECTIONS.

    In that section only four of the five boxes checked, not all five as was the case before.

    The one that wasn't chcked was ---> LOAD STARTUP GROUP

    When I click OK the 'puter wants to restart.

    I was also repeatedly unable to get back on this page of this forum. I kep tgetting PAGE UNABLE TO BE DISPLAYED messages.

    In any event,I went back to MSCONFIG and rechecked two of the three items in question -- NvcplDaemon & nwiz

    After doing so, all seems to be well again
    ============================
    Below is the new HJT log:
    Logfile of HijackThis v1.99.1
    Scan saved at 3:52:05 PM, on 2/3/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
    C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS.000\SYSTEM\mmtask.tsk
    C:\WINDOWS.000\SYSTEM\MPREXE.EXE
    C:\WINDOWS.000\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS.000\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS.000\EXPLORER.EXE
    C:\WINDOWS.000\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\PROGRAM FILES\PEOPLEPC\ISP6230\BROWSER\BARTSHEL.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\WINDOWS.000\SYSTEM\DDHELP.EXE
    C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
    C:\ESM2\STMS.EXE
    C:\ESM2\EBRR.EXE
    C:\PROGRAM FILES\PEOPLEPC\ISP6230\BROWSER\PPSHARED.EXE
    C:\PROGRAM FILES\PEOPLEPC\ISP6230\BROWSER\BARTSHEL.EXE
    C:\WINDOWS.000\SYSTEM\RNAAPP.EXE
    C:\WINDOWS.000\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\PEOPLEPC ACCELERATED\PEOPLEPC.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
    O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\PROGRAM FILES\PEOPLEPC\TOOLBAR\PPCTOOLBAR.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\PROGRAM FILES\PEOPLEPC\TOOLBAR\PPCTOOLBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\PROGRA~1\LOGITECH\WINGMA~1\Lwinst.exe -d -l "C:\PROGRA~1\LOGITECH\WINGMA~1\Lwpevntm.exe"
    O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6230\BIN\PPCOLink.exe -STATION
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS.000\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS.000\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS.000\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - Startup: MSN Internet Access.lnk = C:\Program Files\MSNIA\TRAYCLNT.EXE
    O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
    O14 - IERESET.INF: START_PAGE_URL=http://msnmember.msn.com
    O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com/components/ocx/autopricer/autopricer.cab
    O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/Components/Ocx/Exterior/Outside.cab
    O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
    O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
     
  15. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,782
    First Name:
    Frank
    Look in the OPTIONS folder of the C:\WINDOWS folder. There will likely be a CABS folder with the CAB files in there.

    I guess your Nvidia video card/display adapter needed those 2 entries to run in the background. Mine doesn't, but it's an older Nvidia Riva TNT2 video card.

    Personally, I'd format and wipe out the hard drive and install Windows ME from scratch and start all over. You need to know how to do it though and you need to have the proper Windows CD(s) and startup floppy disk to do it.

    -------------------------------------------------------------------------------------
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/437325

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice