Windows won't shutdown correctly

Blacktharne

Member
Nov 12, 2004
33
0
0
If my computer has been on for awhile (i.e. over a couple hours) and I attempt to shut it down, I get a message that CAPP.exe (norton internet security) is still running, no matter if I choose to end now or let it close on its own, my computer doesn't shut down. Everything is still functional (except norton), but it won't shut down.

I was tooling around in iTunes the other day and when I performed a certain task while I was copying files to my iPod, iTunes froze up as well, I hit ctrl-alt-del and try to end program and it won't end, and again my computer won't shut down.

I have a dial-up connection and at random times I get no connection (i.e. I open up task manager and look at the network activity graph and I see all kinds of spikes, then bang, it flatlines and every few seconds there's a small spike and I can't go anywhere on the internet...sometimes it corrects itself, other times I close the browser or reconnect and it corrects itself).


This just began occuring within the last couple weeks. My Norton is up to date and I've ran a virus scan and nothing was detected. I haven't really done anything different (that I can think of) in the last couple weeks, but something is definitely wrong.

I've got 2.66hz pentium IV (I think)
2 GB RAM
Plenty of room on my hard drive


Any ideas as to what might be causing the problem?
 

Blacktharne

Member
Nov 12, 2004
33
0
0
Could it be an issue with Firefox? I've usually use Firefox, but have been using Netscape tonight and haven't had any connection problems thus far...

Anyhow here's the hijackthis log, thanks for helping...

Logfile of HijackThis v1.99.1
Scan saved at 7:01:33 PM, on 2/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\SK9910DM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Tray Tools\atitray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\FtrakSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\AT&T\WnClient\Programs\WNConnect.exe
C:\PROGRA~1\AT&T\WnClient\Programs\WNCSMS~1.EXE
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX02.875\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\system32\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINNT\system32\searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchv.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/1/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.payfortraffic.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.payfortraffic.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://findloss.com/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/1/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://findloss.com/srchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/1/search.php?qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/1/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://super-spider.com/main/hp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\9tt562fn.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_
1.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\9tt562fn.slt\prefs.js)
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\ATI Tray Tools\atitray.exe"
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200...m/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/186afa18ca52e0bf0122/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda...86/client/wuweb_site.cab?1120660022796
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta_reg/soesysinfo.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45B8756C-5007-456D-834C-4393FF047286}: NameServer = 12.102.244.4 204.127.129.4
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Promise FastTrak Log Service (FastTrakSvc) - Promise Technology Inc. - C:\WINNT\System32\FtrakSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
 

BadThad

Lifer
Feb 22, 2000
12,099
47
91
OK, where do I start, lol. A few questions still:

1) Do you have a Fasttrak IDE controller card installed?
2) This is a Gateway computer, right? Do you use any special features on the keyboard?
3) Do you really need to monitor the ink in your printer?
4) Do you ever fax with your modem?
5) It appears you now have an ATI video card and you used to have an nVidia card, right? You have a bunch of nVidia stuff still running on your system!
6) Do you have an X10 compatible device controlled with the PC?

Finally, it appears you do have malware on your system. All your IE searches are redirected to www.searchv.com and www.payfortraffic.com. You also have what may be a malware toolbar in your IE "searchbar.html". I also see weatherbug is installed, malware. You have partypoker installed, that is malware, remove it.

OK, here's the starting place:

Install, update and run the following programs (run scans in SAFE MODE):

1) ccleaner
2) Ad-Aware
3) Spybot Search and Destroy
4) Microsoft Anti-Spyware (tell it to restore you IE settings to their defaults)
5) Spy Sweeper (30 day trial)
6) Spy Catcher

You can uninstall the weatherbug program from add/rem programs before starting.

Uncheck the following in hijackthis:

O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe


O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200...m/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/186afa18ca52e0bf0122/netzip/RdxIE601.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)


When you've done all this cleaning, then rerun hijackthis and post the new log. Some of the things I'm "undoing" are related to your printer, it will still work just fine, but it won't constantly monitor the printer...you don't really need to anyway. If you miss those features, simply reinstall your printer software. Any special keyboard features will also be lost, if you miss them, simply reinstall the keyboard driver.

WHEW!

 

Blacktharne

Member
Nov 12, 2004
33
0
0
First of all, thanks much for taking the time to help me out. Anandtech forums are top shelf - tons of information and helpful folks here.

I live in the sticks and at the moment only have dial-up, so it'll take a while before I get the programs you mention downloaded so that I can provide a new hijackthis log.

In the meantime though, to answer your questions,
1. I have no idea what a Fasttrak IDE controller card is. I don't believe I've ever installed anything along those lines though.

2. My computer was initally a Gateway, but I put in a new motherboard, new RAM, new graphics card, case, and power supply. This was about a year ago - its ran great since then (until now anyhow).

3. No I don't need to monitor my ink.

4. Don't fax either.

5. Yes, I replaced the nVidia card with an ATI card. No, I wasn't aware I was still running nVidia related programs.

6. I don't know what an X10 controlled device is.

7. Roughly two years ago (not long after I bought the original PC from Gateway) I had a major problem with internet explorer to the point that it wouldn't even open. I asked around on forums using another computer and a guy walked me through something that seemed complicated to me. I don't know what he had me do, but he did mention that it was sort of a "throw some duck tape on it" type of fix. I also learned to never use explorer again and have used Firefox religiously since then. I never use explorer.

Couple things to add:

1. Alot of what you're eluding to in your questioning pertains to programs that are running in the background - programs that probably aren't harmful to my computer other than the fact that they're chewing up memory. I'm all for getting rid of them and having things run more efficiently, but things had been running fine for quite some time with those programs running in the background. What I'm saying is, I don't think those type of programs are the reason I'm having problems.

2. If the problem is some type of malware issue, then I'm awful pissed off at Norton. I make a point to resubscribe to Norton, keep things up to date, and to run system scans regularly. I regularly clean out my cache on firefox. I don't download much of anything and I don't visit sites that I don't trust (I do play on party poker though).

Point is, why do I pay $60 a year for Norton when its not going to do its job. I have free ZoneLab firewall and AntiVir on my laptop which I use everyday at school and I haven't had a single problem with it.


Anyhow, thanks again for helping me out, I'll do as you suggest and will hopefully have a new hijackthis log for you to check out over the weekend.
 

OCedHrt

Senior member
Oct 4, 2002
613
0
0
Not sure which version of Norton Internet Security you have (not just the definitions), but I don't think it protected against malware until the 2005 version. I could be wrong.
 

BadThad

Lifer
Feb 22, 2000
12,099
47
91
Originally posted by: Blacktharne
First of all, thanks much for taking the time to help me out. Anandtech forums are top shelf - tons of information and helpful folks here.

I live in the sticks and at the moment only have dial-up, so it'll take a while before I get the programs you mention downloaded so that I can provide a new hijackthis log.

In the meantime though, to answer your questions,
1. I have no idea what a Fasttrak IDE controller card is. I don't believe I've ever installed anything along those lines though.

It's a third party piece of hardware for controlling IDE drives. It can be an add-in PCI card or integrated into the motherboard. I take it your hard drives/CDROM drives are connected directly to the mobo, right? Exactly what mobo do you have?

2. My computer was initally a Gateway, but I put in a new motherboard, new RAM, new graphics card, case, and power supply. This was about a year ago - its ran great since then (until now anyhow).

3. No I don't need to monitor my ink.

4. Don't fax either.

5. Yes, I replaced the nVidia card with an ATI card. No, I wasn't aware I was still running nVidia related programs.

Then definately kill the nVidia items I posted above!

6. I don't know what an X10 controlled device is.

Definately kill the X10 stuff posted above. X10 is remote control software for some wireless household devices, not needed on your system.

7. Roughly two years ago (not long after I bought the original PC from Gateway) I had a major problem with internet explorer to the point that it wouldn't even open. I asked around on forums using another computer and a guy walked me through something that seemed complicated to me. I don't know what he had me do, but he did mention that it was sort of a "throw some duck tape on it" type of fix. I also learned to never use explorer again and have used Firefox religiously since then. I never use explorer.

Couple things to add:

1. Alot of what you're eluding to in your questioning pertains to programs that are running in the background - programs that probably aren't harmful to my computer other than the fact that they're chewing up memory. I'm all for getting rid of them and having things run more efficiently, but things had been running fine for quite some time with those programs running in the background. What I'm saying is, I don't think those type of programs are the reason I'm having problems.

Actually, they can be harmful because they can cause conflicts/issues. You must clean the crap to have your machine operating correctly.

2. If the problem is some type of malware issue, then I'm awful pissed off at Norton. I make a point to resubscribe to Norton, keep things up to date, and to run system scans regularly. I regularly clean out my cache on firefox. I don't download much of anything and I don't visit sites that I don't trust (I do play on party poker though).

Point is, why do I pay $60 a year for Norton when its not going to do its job. I have free ZoneLab firewall and AntiVir on my laptop which I use everyday at school and I haven't had a single problem with it.

Norton can't catch everything, it's no panacea. Things like "party poker" on your system are bad news. Thing is with malware, most of can update itself and install additional malware without your knowledge. Having even one thing on your system can lead to quite a mess.

Anyhow, thanks again for helping me out, I'll do as you suggest and will hopefully have a new hijackthis log for you to check out over the weekend.

You're welcome and good luck!

 

Crucial

Diamond Member
Dec 21, 2000
5,026
0
71
Originally posted by: Blacktharne
Point is, why do I pay $60 a year for Norton when its not going to do its job. I have free ZoneLab firewall and AntiVir on my laptop which I use everyday at school and I haven't had a single problem with it.

ding! ding! ding! IMHO there are free programs that work better than norton. There is no reason to pay that company money for their horrible products.
 

nomagic

Member
Dec 28, 2005
143
0
0
Norton is bloated too. Of course, you wont feel it with your 2GB of RAM, but for folks with 512MB of RAM, it slows thing down.
 

Blacktharne

Member
Nov 12, 2004
33
0
0
I've followed all the suggestions. Spysweeper requriresa subscription though, so didn't do that. Got rid of alot of stuff. Things seem to be running better, but can't say with any certainty if they're back to normal until I give it a few days.

Here's the updated hijackthis log. Thanks again.


Logfile of HijackThis v1.99.1
Scan saved at 8:01:03 PM, on 2/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Tray Tools\atitray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\FtrakSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\AT&T\WnClient\Programs\WNConnect.exe
C:\PROGRA~1\AT&T\WnClient\Programs\WNCSMS~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\Rhys\PC help\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\system32\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINNT\system32\searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/1/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://findloss.com/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/1/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://findloss.com/srchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\9tt562fn.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_
1.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\9tt562fn.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\ATI Tray Tools\atitray.exe"
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda...86/client/wuweb_site.cab?1120660022796
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta_reg/soesysinfo.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45B8756C-5007-456D-834C-4393FF047286}: NameServer = 204.127.129.4 12.102.244.4
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Promise FastTrak Log Service (FastTrakSvc) - Promise Technology Inc. - C:\WINNT\System32\FtrakSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
 

BadThad

Lifer
Feb 22, 2000
12,099
47
91
Yes, it looks WAY better now! :thumbsup:

One nagging item in there:

O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)


Go to START>SETTINGS>CONTROL PANEL>ADMIN TOOLS>SERVICES

Look for the X10 service and set it to DISABLED.

The computer is now shutting down properly?
 

Blacktharne

Member
Nov 12, 2004
33
0
0
Still having problems...

I attempted to browse the internet a bit yesterday after I posted this and my connection still isn't back to normal. It works fine for awhile then it stalls out and I get no activity at all.

Also, I left my pc on and connected last night to download a large file (didn't fully download, don't know if that's because my isp disconnected me or due to the problems listed above) and when I tried to shut the system down this morning, Norton wouldn't close and windows wouldn't shut down properly...

None of the spyware stuff I ran yesterday was up to date though (it still found and removed a number of things)...I might try and take my computer to someone's house who has a broadband connection today and update there...It takes too long on dial up, especially with the problems I'm having.
 

Blacktharne

Member
Nov 12, 2004
33
0
0
Went to the symantec link you provided and it told me to clean my windows registry, which I did, but I think ccleaner does that as well...

I've been using dsl today and for the most part see the same thing...My connection, especially on downloads some times stalls out...I've had a couple different spyware programs freeze up on me while I was trying to update them and windows still won't shutdown properly...

I'm at a loss...I have no idea whats wrong...
 

Blacktharne

Member
Nov 12, 2004
33
0
0
I uninstalled Norton and replaced it with Kerio and AVG and I had no connection problems or shutdown problems all yesterday afternoon...

Now I get too see how difficult Norton makes it to get a refund.

Again, thanks for the help.
 

BadThad

Lifer
Feb 22, 2000
12,099
47
91
Originally posted by: Blacktharne
I uninstalled Norton and replaced it with Kerio and AVG and I had no connection problems or shutdown problems all yesterday afternoon...

Now I get too see how difficult Norton makes it to get a refund.

Again, thanks for the help.

Man, another Norton sucks thread. I must say, their consumer grade software is really going down the crapper. Personally, I only use their Symantec Corp versions since my company pays for them.

At this point, if I were you and the systems not running 100%, I would get my data off that system and format/reinstall WinXP. You've been through a lot of head banging! At some point, it's WAY WAY faster to just start over.
 

ForumMaster

Diamond Member
Feb 24, 2005
7,792
1
0
conclusion: Norton SUCKS! and btw, i would still suggest u format ur HDD and reinstall windows. now that we've taught you better respect for the internet, u need to get rid of all the remaining DLL files and other junk that Norton leaves behind. backup, format your hdd by reinstalling Windows, install the Kerio/AVG/Spy Bot Search and Destroy/etc. and your computer will fly. also, whenever uninstalling drivers or installing new drivers such as when you replaced your nVidia card with your ATI one, use DriverCleaner. and frankly, i think BadThad should be and Elite! he rocks!
 

Slikkster

Diamond Member
Apr 29, 2000
3,141
0
0
Originally posted by: Blacktharne
Went to the symantec link you provided and it told me to clean my windows registry, which I did, but I think ccleaner does that as well...

I don't see anything on that link about cleaning the registry. It had to do with updating your "Common Client" update files via "Live Update". It also had a very simple fix for making sure your floppy drive isn't scanned at shutdown, which a lot of anti virus programs try to do. For those who don't have floppy drives, this error can occur.

Anyway, you uninstalled and that's that. But that wouldn't have been my choice.
 

dnuggett

Diamond Member
Sep 13, 2003
6,703
0
76
FYI- if you really wanted to play poker online the Party Poker client is fine, if you are the one who installed it in the first place (and I'm guessing you are). It's not spyware or malware. It's a data client used for gaming, BadThad. Does it gain a little more control than a program should? Yes by necessity. But it does not cause harm to have it installed, and is certainly not the cause of his problem.
 

Blacktharne

Member
Nov 12, 2004
33
0
0
Again, thanks for all the help guys...

Everything is running great now. No connection problems, no shutdown problems, and everything is super fast now that the system has been cleaned up. Seems Norton was the culprit. BTW, I ran the Norton Live Update every couple days, that was the first thing I did when I began having problems and that didn't provide a fix...and disabling the floppy drive scan was only for systems without a floppy drive (mine has one).

I'm not too eager to re-format at this point, because 1, everything seems to be working great at the moment and 2, I have about 3200 songs (they're all from CD's by the way) on my hard drive and it'd be a real headache to import all of those again.