Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HiJackThis Log - unwanted entries [RESOLVED]


  • This topic is locked This topic is locked

#1
Paul W.

Paul W.

    Member

  • Member
  • PipPip
  • 82 posts
I'm having trouble burning DVD's and also I'm getting frequent errors and even blue screen of death when ejecting RW DVD's. Thank you.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:03 PM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\NEW\System32\smss.exe
C:\WINDOWS\NEW\system32\winlogon.exe
C:\WINDOWS\NEW\system32\services.exe
C:\WINDOWS\NEW\system32\lsass.exe
C:\WINDOWS\NEW\system32\svchost.exe
C:\WINDOWS\NEW\System32\svchost.exe
C:\WINDOWS\NEW\system32\svchost.exe
C:\WINDOWS\NEW\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\NEW\Explorer.EXE
C:\WINDOWS\NEW\System32\WLTRYSVC.EXE
C:\WINDOWS\NEW\System32\bcmwltry.exe
C:\WINDOWS\NEW\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\NEW\eHome\ehRecvr.exe
C:\WINDOWS\NEW\eHome\ehSched.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\NEW\system32\imapi.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\NEW\system32\tcpsvcs.exe
C:\WINDOWS\NEW\system32\dllhost.exe
C:\WINDOWS\NEW\ehome\ehtray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\NEW\system32\hkcmd.exe
C:\WINDOWS\NEW\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\NEW\system32\igfxsrvc.exe
C:\WINDOWS\NEW\eHome\ehmsas.exe
C:\WINDOWS\NEW\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\NEW\System32\DLA\DLACTRLW.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Amazing CD & DVD Burner\Partner\AdVantageSetup.exe
C:\WINDOWS\NEW\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Symmetricom\SymmTime\SymmTime.exe
C:\WINDOWS\NEW\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TextPad 4\TextPad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\NEW\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\NEW\ehome\ehtray.exe
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\SPOCIBA.MIR\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\NEW\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\NEW\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\NEW\system32\igfxpers.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\NEW\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\NEW\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AdVantage Setup] C:\Program Files\Amazing CD & DVD Burner\Partner\AdVantageSetup.exe
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\NEW\is-96EGE.exe" /REG
O4 - HKLM\..\RunOnce: [WMC_0] C:\WINDOWS\NEW\system32\regsvr32.exe /s "C:\WINDOWS\NEW\system32\mp4sds32.ax"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\NEW\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Launch SymmTime.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {A57B79D8-9501-42B7-BA9B-B961454712F2} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\NEW\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\NEW\System32\WLTRYSVC.EXE

--
End of file - 7262 bytes
  • 0

Advertisements


#2
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Paul W.,

My name is sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:
Deckard's System Scanner
OTMoveIt2 by OldTimer.
ATF Cleaner by Atribune.


Spy-Bot's TeaTimer is an excellent tool for the prevention of spyware, but it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now. It can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\SPOCIBA.MIR\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\NEW\is-96EGE.exe" /REG
O4 - HKLM\..\RunOnce: [WMC_0] C:\WINDOWS\NEW\system32\regsvr32.exe /s "C:\WINDOWS\NEW\system32\mp4sds32.ax"
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O16 - DPF: {A57B79D8-9501-42B7-BA9B-B961454712F2} -

  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.


Clean out cookies, temp files etc:
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Run Deckard's System Scanner:
  • Close all other windows before proceeding.
  • Double click on the dss.exe file on your Desktop and follow the prompts.
  • Scans will run, and 2 text files will open in Notepad.
  • Close both of the text files.
These files are C:\Deckard\System Scanner\main.txt & extra.txt.
I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of
  • main.txt
  • extra.txt
in your next reply.


Cheers,

sage5
  • 0

#3
Paul W.

Paul W.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Possibly because a few days have passed since posting the original HiJackThis log, the following two entries were not present to fix:

O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\NEW\is-96EGE.exe" /REG
O4 - HKLM\..\RunOnce: [WMC_0] C:\WINDOWS\NEW\system32\regsvr32.exe /s "C:\WINDOWS\NEW\system32\mp4sds32.ax"

And, posted below is the DECKARD EXTRA log. And in the second reply is DECKARD MAIN log. I greatly appreciate your help! Thank you!
--

*** DECKARD EXTRA ***

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2300 @ 1.66GHz
CPU 1: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1014.37 MiB / 566.01 MiB
Pagefile Memory (total/avail): 2440.92 MiB / 2070.51 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1889.7 MiB

C: is Fixed (NTFS) - 31.17 GiB total, 0.94 GiB free.
D: is CDROM (Unformatted)

\\.\PHYSICALDRIVE0 - Hitachi HTS541040G9SA00 - 35.86 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 31.17 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v7.0.470.000 (Check Point, LTD.)
AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\NEW\\system32\\sessmgr.exe"="C:\\WINDOWS\\NEW\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\SPOCIBA.MIR\\Desktop\\Anthill.exe"="C:\\Documents and Settings\\SPOCIBA.MIR\\Desktop\\Anthill.exe:*:Enabled:Anthill"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\SPOCIBA.MIR\\Desktop\\Programs-Dec2006\\Anthill.exe"="C:\\Documents and Settings\\SPOCIBA.MIR\\Desktop\\Programs-Dec2006\\Anthill.exe:*:Enabled:Anthill"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Documents and Settings\\SPOCIBA.MIR\\Desktop\\Programs-Dec2006\\strongDC\\StrongDC-files\\StrongDC.exe"="C:\\Documents and Settings\\SPOCIBA.MIR\\Desktop\\Programs-Dec2006\\strongDC\\StrongDC-files\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Documents and Settings\\SPOCIBA.MIR\\Desktop\\RussianWife\\StrongDC-files\\StrongDC.exe"="C:\\Documents and Settings\\SPOCIBA.MIR\\Desktop\\RussianWife\\StrongDC-files\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Program Files\\Abacast\\Abaclient.exe"="C:\\Program Files\\Abacast\\Abaclient.exe:*:Enabled:Abaclient"
"C:\\Documents and Settings\\SPOCIBA.MIR\\Desktop\\StrongDC-files\\StrongDC.exe"="C:\\Documents and Settings\\SPOCIBA.MIR\\Desktop\\StrongDC-files\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\WINDOWS\\Help\\Desktop-stuff\\StrongDC-files\\StrongDC.exe"="C:\\WINDOWS\\Help\\Desktop-stuff\\StrongDC-files\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Documents and Settings\\SPOCIBA.MIR\\Desktop\\Desktop-stuff\\StrongDC-files\\StrongDC.exe"="C:\\Documents and Settings\\SPOCIBA.MIR\\Desktop\\Desktop-stuff\\StrongDC-files\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.NEW
APPDATA=C:\Documents and Settings\SPOCIBA.MIR\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MIR
ComSpec=C:\WINDOWS\NEW\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\SPOCIBA.MIR
LOGONSERVER=\\MIR
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\NEW\system32;C:\WINDOWS\NEW;C:\WINDOWS\NEW\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\OpenVPN\bin;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS\NEW
TEMP=C:\DOCUME~1\SPOCIBA.MIR\LOCALS~1\Temp
TMP=C:\DOCUME~1\SPOCIBA.MIR\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=MIR
USERNAME=SPOCIBA
USERPROFILE=C:\Documents and Settings\SPOCIBA.MIR
windir=C:\WINDOWS\NEW
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

SPOCIBA.MIR (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\NEW\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\NEW\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\NEW\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\NEW\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7875FD9-6ADB-4D4B-A756-3A2306A3D5E1}\setup.exe" -l0x9 anything
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\NEW\INF\PCHealth.inf
A-Mac Address Change 5.4 --> "C:\Program Files\PaqTool\amac\unins000.exe"
A.F.5 Rename your files 1.1 --> MsiExec.exe /I{A725C340-77EE-11D6-BBC2-0000CB591583}
AAC Parser (remove only) --> "C:\Program Files\AAC Parser\uninstall.exe"
Abacast Client --> C:\PROGRA~1\Abacast\UNWISE.EXE C:\PROGRA~1\Abacast\client.LOG
AC3+DTS XForm (remove only) --> "C:\Program Files\AC3+DTS XForm\uninstall.exe"
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\NEW\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\NEW\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINDOWS\NEW\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\NEW\system32\Macromed\SHOCKW~1\Install.log
All2WAV Recorder 3.20 --> "C:\Program Files\All2WAV Recorder\unins000.exe"
Apex Video Converter Free 6.95 --> "C:\Program Files\Apex\Apex Video Converter Free\unins000.exe"
Audio Recorder for FREE v9.4 --> "C:\Program Files\Audio Recorder for FREE\unins000.exe"
AV Video Morpher --> C:\Program Files\AV Video Morpher\uninstall.exe
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
AVS CD\DVD\BD Data Burner version 2.1 --> "C:\Program Files\AVS4YOU\AVSCDDVDBDDataBurner\unins000.exe"
BOINC --> MsiExec.exe /I{4E8EEF60-6CB1-4DE2-9528-D6626D718F42}
Broadcom 440x 10/100 Integrated Controller --> MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
Broadcom Gigabit Integrated Controller --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
Bulent's Screen Recorder --> C:\Program Files\Screen Recorder\Uninstall BSR.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CD Audio Reader Filter (remove only) --> "C:\Program Files\CD Audio Reader Filter\uninstall.exe"
CDCopy --> "C:\Program Files\CDCopy\Uninstal.exe"
CDex extraction audio --> "C:\Program Files\CDex_150\uninstall.exe"
CDXA Image Reader Filter (SVCD/XCD) (remove only) --> "C:\Program Files\CDXA Image Reader Filter (SVCDXCD)\uninstall.exe"
Cinergy Script Editor --> C:\WINDOWS\NEW\uninst.exe -f"C:\Program Files\Mindstar\Cinergy\DeIsL1.isu" -c"C:\Program Files\Mindstar\Cinergy\_ISREG32.DLL"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Core AAC Decoder (remove only) --> "C:\Program Files\Core AAC Decoder\uninstall.exe"
CoreFLAC Audio Decoder+Source Filter (remove only) --> "C:\WINDOWS\NEW\system32\CoreFLACDecoder-uninstall.exe"
CoreVorbis Audio Decoder (remove only) --> "C:\WINDOWS\NEW\system32\CoreVorbis-uninstall.exe"
DeepBurner v1.8.0.224 --> "C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log"
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\NEW\system32\OggDSuninst.exe"
DirectVobSub (remove only) --> "C:\Program Files\DirectVobSub\uninstall.exe"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivXLand Bitrate Calculator --> C:\WINDOWS\NEW\unvise32.exe C:\Program Files\DivXLand\Bitrate Calculator\uninstal.log
DivXLand Media Subtitler --> C:\WINDOWS\NEW\unvise32.exe C:\Program Files\DivXLand\Media Subtitler\uninstal.log
DRS 2006 Webreceiver --> MsiExec.exe /X{F8E0D18F-37CD-4DE7-B4EE-69B08126A65B}
DVD Region+CSS Free 5.61 --> "C:\Program Files\DVD Region+CSS Free\unins000.exe"
DVDInfoPro --> "C:\Program Files\DVDInfoPro\uninstall.exe"
Easy WiFi Radar 1.0.5 --> C:\PROGRA~1\MAKAYA~1\EASYWI~1\Setup.exe /remove /q0
FastStone Photo Resizer 1.4 --> C:\Program Files\FastStone Photo Resizer\uninst.exe
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
Free Video Converter V 1.0 --> "C:\Program Files\Free Video Converter\unins000.exe"
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\NEW\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\NEW\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotspot Shield 0.941 --> C:\Program Files\Hotspot Shield\Uninstall.exe
HP USB Disk Storage Format Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9 anything
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
Instant CD & DVD Burner --> "C:\Program Files\Instant CD & DVD Burner\unins000.exe"
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\NEW\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Juno Internet --> "C:\Program Files\Juno\JunoUninstaller.exe"
Matroska (remove only) --> "C:\Program Files\Matroska\uninstall.exe"
Media Key Uninstaller --> MKUninst.exe C:\Program Files\Media Key
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\NEW\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\NEW\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\NEW\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Monkey Audio Source Filter (remove only) --> "C:\Program Files\Monkey Audio Source Filter\uninstall.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Webcam Recorder 13.0 --> MsiExec.exe /I{2F5D9360-801F-4AC5-A952-23C7AD7B6F95}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NetZero Internet --> "C:\Program Files\NetZero\NetZeroUninstaller.exe"
Olympus Digital Wave Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x9
OpenSource MPEG Splitter (remove only) --> "C:\Program Files\OpenSource MPEG Splitter\uninstall.exe"
OpenSource MPEG2 Video Decoder (remove only) --> "C:\Program Files\OpenSource MPEG2 Video Decoder\uninstall.exe"
OpenSource OGG Splitter (remove only) --> "C:\Program Files\OpenSource OGG Splitter\uninstall.exe"
OpenVPN 2.1_rc7 --> C:\Program Files\OpenVPN\Uninstall.exe
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
PicaView32 --> C:\PROGRA~1\PICAVI~1\UNWISE.EXE C:\PROGRA~1\PICAVI~1\INSTALL.LOG
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RadLight MPC DirectShow Filter (remove only) --> "C:\WINDOWS\NEW\system32\RadLightMPCUninstall.exe"
RadLight OptimFROG DirectShow Filter (remove only) --> "C:\WINDOWS\NEW\system32\RadLightOFRUninstall.exe"
RealMedia (remove only) --> "C:\Program Files\RealMedia\uninstall.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rename It 3.0 --> C:\WINDOWS\NEW\IsUninst.exe -f"C:\Program Files\Rename It 3.0\Uninst.isu"
Rosoft Audio Recorder, Sponsored Edition, Release, 4.1.8 --> "C:\Program Files\Rosoft Free\unins000.exe"
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SHOUTcast Source (remove only) --> "C:\Program Files\SHOUTcast Source\uninstall.exe"
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sound Blaster ADVANCED MB Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9 /remove
SoundCapture --> C:\PROGRA~1\MAGICS~1\SC\UNWISE.EXE C:\PROGRA~1\MAGICS~1\SC\INSTALL.LOG
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\NEW\unins000.exe"
Subtitle Workshop 2.51 --> "C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
Subtitles Creator 2.2 --> "C:\Program Files\Subtitles Creator\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SymmTime --> MsiExec.exe /I{EBB02E84-8C51-4881-A933-E42E16CA9A89}
TBS WMP Plug-in --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
Texas Instruments PCIxx20 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6F30B469-5ED7-4734-8252-B9BC962A2AB3} /l1033
TextPad 4.7 --> MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715}
Tinc 1.0.8 --> "C:\Program Files\tinc\Uninstall.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\NEW\$NtUninstallKB900325$\spuninst\spuninst.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\NEW\system32\DRVSTORE\rimsptsk_469677EEC4F8D39ABD61046D242B2A1651DE8AEF\rimsptsk.inf
Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\NEW\system32\DRVSTORE\rimmptsk_EA24AF82DAB6BA6CF6FB1A3004EE91F51D3FDCF9\rimmptsk.inf
Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\NEW\system32\DRVSTORE\rixdptsk_30B42BE4DA4D11DB80E5D3DD10180621BA0A53DD\rixdptsk.inf
Windows Imaging Component --> "C:\WINDOWS\NEW\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\NEW\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\NEW\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Pack 1.0 -->
XnView 1.91.6 --> "C:\Program Files\XnView\unins000.exe"
XVID Decoder (remove only) --> "C:\Program Files\XVID Decoder\uninstall.exe"
XviD MPEG-4 Codec --> "C:\Program Files\XviD\UninstXviD.exe"
Zilla Data Nuker 2.0.0.0 --> "C:\Program Files\Zilla Data Nuker\unins000.exe"
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
Zoom Player (remove only) --> "C:\Program Files\Zoom Player\uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type4672 / Error
Event Submitted/Written: 04/16/2008 10:31:16 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application DeepBurner.exe, version 1.8.0.224, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4671 / Error
Event Submitted/Written: 04/16/2008 10:21:30 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application DeepBurner.exe, version 1.8.0.224, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4670 / Error
Event Submitted/Written: 04/16/2008 10:21:28 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application DeepBurner.exe, version 1.8.0.224, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4669 / Error
Event Submitted/Written: 04/16/2008 10:11:58 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application DeepBurner.exe, version 1.8.0.224, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4668 / Error
Event Submitted/Written: 04/16/2008 10:05:30 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type31899 / Error
Event Submitted/Written: 04/21/2008 05:23:13 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Pcmcia

Event Record #/Type31874 / Error
Event Submitted/Written: 04/21/2008 01:38:23 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Pcmcia

Event Record #/Type31866 / Warning
Event Submitted/Written: 04/20/2008 02:20:04 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0016CE6B6D17. The IP address being used is 169.254.15.29.

Event Record #/Type31864 / Warning
Event Submitted/Written: 04/20/2008 02:20:01 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0016CE6B6D17. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type31857 / Error
Event Submitted/Written: 04/20/2008 02:16:13 AM
Event ID/Source: 32003 / ipnathlp
Event Description:
The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.



-- End of Deckard's System Scanner: finished at 2008-04-21 17:42:11 ------------
--

Edited by Paul W., 21 April 2008 - 07:21 PM.

  • 0

#4
Paul W.

Paul W.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
*** DECKARD MAIN ***

Deckard's System Scanner v20071014.68
Run by SPOCIBA on 2008-04-21 17:37:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2008-04-22 00:37:57 UTC - RP451 - Deckard's System Scanner Restore Point
11: 2008-04-19 21:00:36 UTC - RP450 - System Checkpoint
10: 2008-04-17 04:37:31 UTC - RP449 - System Checkpoint
9: 2008-04-14 22:24:47 UTC - RP448 - Installed HP USB Disk Storage Format Tool
8: 2008-04-13 23:36:04 UTC - RP447 - Configured SigmaTel Audio


-- First Restore Point --
1: 2008-04-12 02:58:49 UTC - RP440 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.94 GiB (less than 15%) free.


-- HijackThis (run as SPOCIBA.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:30 PM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\NEW\System32\smss.exe
C:\WINDOWS\NEW\system32\winlogon.exe
C:\WINDOWS\NEW\system32\services.exe
C:\WINDOWS\NEW\system32\lsass.exe
C:\WINDOWS\NEW\system32\svchost.exe
C:\WINDOWS\NEW\System32\svchost.exe
C:\WINDOWS\NEW\system32\svchost.exe
C:\WINDOWS\NEW\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\NEW\Explorer.EXE
C:\WINDOWS\NEW\System32\WLTRYSVC.EXE
C:\WINDOWS\NEW\System32\bcmwltry.exe
C:\WINDOWS\NEW\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\NEW\eHome\ehRecvr.exe
C:\WINDOWS\NEW\eHome\ehSched.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\NEW\system32\imapi.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\NEW\system32\tcpsvcs.exe
C:\WINDOWS\NEW\system32\dllhost.exe
C:\WINDOWS\NEW\ehome\ehtray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\NEW\system32\hkcmd.exe
C:\WINDOWS\NEW\system32\igfxpers.exe
C:\WINDOWS\NEW\eHome\ehmsas.exe
C:\WINDOWS\NEW\system32\igfxsrvc.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\NEW\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\NEW\System32\DLA\DLACTRLW.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\NEW\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Symmetricom\SymmTime\SymmTime.exe
C:\Documents and Settings\SPOCIBA.MIR\Desktop\GeeksToGo-Fix\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SPOCIBA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\NEW\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\NEW\ehome\ehtray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\NEW\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\NEW\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\NEW\system32\igfxpers.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\NEW\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\NEW\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\NEW\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Launch SymmTime.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\NEW\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\NEW\System32\WLTRYSVC.EXE

--
End of file - 6424 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080416-162534-219 O4 - HKLM\..\Run: [AdVantage Setup] C:\Program Files\Amazing CD & DVD Burner\Partner\AdVantageSetup.exe
backup-20080421-173259-134 O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\SPOCIBA.MIR\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
backup-20080421-173259-227 O16 - DPF: {A57B79D8-9501-42B7-BA9B-B961454712F2} -
backup-20080421-173259-238 O4 - HKLM\..\Run: [ShowLOMControl] 
backup-20080421-173259-413 O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\new\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 OMCI - c:\windows\new\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R2 dvdmmg - c:\windows\new\system32\drivers\dvdmmg.sys
R2 MaVctrl - c:\windows\new\system32\drivers\mavc2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 tapvpn (TAP VPN Adapter) - c:\windows\new\system32\drivers\tapvpn.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>

S0 cercsr6 - c:\windows\new\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 NPF (Netgroup Packet Filter) - c:\windows\new\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 SDTHOOK - c:\windows\new\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
S3 tap0901 (TAP-Win32 Adapter V9) - c:\windows\new\system32\drivers\tap0901.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>
S3 UIUSys (Conexant Setup API) - c:\windows\new\system32\drivers\uiusys.sys (file missing)
S3 VNUSB (VN Series Device) - c:\windows\new\system32\drivers\vnusb.sys <Not Verified; OLYMPUS OPTICAL CO.,LTD.; VVRUSB Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 HotspotShieldService (Hotspot Shield Service) - c:\program files\hotspot shield\bin\openvpnas.exe
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>

S3 OpenVPNService (OpenVPN Service) - c:\program files\openvpn\bin\openvpnserv.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02\4&2FE911E8&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02\4&2FE911E8&0&00F0
Service: bcm4sbxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3A9C8541434FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3A9C8541434FC000
Service: NIC1394

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01BD1028&REV_01\3&61AAA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01BD1028&REV_01\3&61AAA01&0&FB
Service:

Class GUID: {4D36E970-E325-11CE-BFC1-08002BE10318}
Description: M-Systems DiskOnChip 2000
Device ID: ROOT\MTD\0000
Manufacturer: M-Systems Flash Disk Pioneers
Name: M-Systems DiskOnChip 2000
PNP Device ID: ROOT\MTD\0000
Service: tffsport

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: TAP-Win32 Adapter V9
Device ID: ROOT\NET\0000
Manufacturer: TAP-Win32 Provider V9
Name: TAP-Win32 Adapter V9
PNP Device ID: ROOT\NET\0000
Service: tap0901

Class GUID: {4D36E977-E325-11CE-BFC1-08002BE10318}
Description: Intel PCIC compatible PCMCIA controller
Device ID: ROOT\PCMCIA\0000
Manufacturer: Intel
Name: Intel PCIC compatible PCMCIA controller
PNP Device ID: ROOT\PCMCIA\0000
Service: pcmcia


-- Files created between 2008-03-21 and 2008-04-21 -----------------------------

2008-04-19 19:14:47 2079 --a------ C:\WINDOWS\NEW\system32\M1achardks.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-19 19:09:02 4100 --a------ C:\WINDOWS\NEW\system32\hdvirffo.dll
2008-04-19 19:08:59 0 d-------- C:\Program Files\PaqTool
2008-04-16 15:54:16 0 d-------- C:\Documents and Settings\All Users.NEW\Application Data\NCH Swift Sound
2008-04-16 15:40:51 0 d-------- C:\Program Files\Trend Micro
2008-04-16 15:14:23 614400 --a------ C:\WINDOWS\NEW\system32\NCTMPEGFile.dll <Not Verified; NCT Company Ltd.; NCTMPEGFile ActiveX DLL>
2008-04-16 15:14:23 630909 --a------ C:\WINDOWS\NEW\system32\NCTDataDVDWriter2.dll <Not Verified; NCT; NCTDataDVDWriter2 ActiveX DLL>
2008-04-16 15:14:23 1597440 --a------ C:\WINDOWS\NEW\system32\NCTDataCDWriter2.dll <Not Verified; NCT; NCTDataCDWriter2 ActiveX DLL>
2008-04-16 15:14:22 282624 --a------ C:\WINDOWS\NEW\system32\NCTAudioVisualization.dll <Not Verified; NCT Company Ltd.; NCTAudioVisualization ActiveX DLL>
2008-04-16 15:14:22 647168 --a------ C:\WINDOWS\NEW\system32\NCTAudioLibrary.dll <Not Verified; NCT Company Ltd.; NCTAudioLibrary ActiveX DLL>
2008-04-16 15:14:22 892928 --a------ C:\WINDOWS\NEW\system32\NCTAudioInformation.dll <Not Verified; NCT Company Ltd.; NCTAudioInformation ActiveX DLL>
2008-04-16 15:14:21 290816 --a------ C:\WINDOWS\NEW\system32\NCTWMAFile.dll <Not Verified; NCT Company Ltd.; NCTWMAFile ActiveX DLL>
2008-04-16 15:14:21 1585152 --a------ C:\WINDOWS\NEW\system32\NCTAudioCDWriter2.dll <Not Verified; NCT; NCTAudioCDWriter2 ActiveX DLL>
2008-04-16 15:14:21 331776 --a------ C:\WINDOWS\NEW\system32\NCTAudioCDRipper2.dll <Not Verified; ; NCTAudioCDRipper2 ActiveX DLL>
2008-04-16 15:10:56 0 d-------- C:\Program Files\Amazing CD & DVD Burner
2008-04-14 15:24:47 0 d-------- C:\DriveKey
2008-04-13 00:36:07 0 d-------- C:\Program Files\Burn4Free Toolbar
2008-04-12 20:44:09 0 d-------- C:\Program Files\DVDInfoPro
2008-04-12 04:47:01 0 d-------- C:\Documents and Settings\SPOCIBA.MIR\Application Data\DeepBurner Pro
2008-04-12 04:46:10 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-12 03:19:15 0 d-------- C:\WINDOWS\NEW\system32\DLA
2008-04-11 16:08:45 0 d-------- C:\Program Files\zillasoft.ws
2008-04-11 15:55:18 0 d-------- C:\Program Files\Complex
2008-04-10 23:34:41 0 d-------- C:\Documents and Settings\SPOCIBA.MIR\Application Data\FinalBurner DATA
2008-04-10 21:54:35 182 -rahs---- C:\WINDOWS\NEW\Regbak.dat
2008-04-05 18:01:19 0 d-------- C:\Program Files\Free Video Converter
2008-04-05 16:46:12 0 d-------- C:\Program Files\XviD
2008-04-05 16:45:51 120320 --a------ C:\WINDOWS\NEW\system32\apexchanger.exe
2008-04-05 16:45:51 109568 --a------ C:\WINDOWS\NEW\system32\apex3gp.exe
2008-04-05 16:45:50 3138048 --a------ C:\WINDOWS\NEW\system32\apexxbox.exe
2008-04-05 16:45:50 398798 --a------ C:\WINDOWS\NEW\system32\apexpmp.exe <Not Verified; IndigoSTAR Software; IndigoPerl>
2008-04-05 16:45:50 4755968 --a------ C:\WINDOWS\NEW\system32\apexconverter.exe
2008-04-05 16:45:50 86016 --a------ C:\WINDOWS\NEW\system32\AddiTunes.exe
2008-04-05 16:45:49 61440 --a------ C:\WINDOWS\NEW\system32\cygz.dll
2008-04-05 16:45:49 1295582 --a------ C:\WINDOWS\NEW\system32\cygwin1.dll <Not Verified; Red Hat; Cygwin>
2008-04-05 16:45:48 495104 --a------ C:\WINDOWS\NEW\system32\NCTVideoCoreM.dll <Not Verified; NCT Company Ltd.; NCTVideoCoreM ActiveX DLL>
2008-04-05 16:45:48 764416 --a------ C:\WINDOWS\NEW\system32\NCTRMFile.dll <Not Verified; NCT Company Ltd.; NCTRMFile ActiveX DLL>
2008-04-05 16:45:48 249856 --a------ C:\WINDOWS\NEW\system32\NCTQuickTimeFile.dll <Not Verified; Online Media Technologies Company Ltd.; NCTQuickTimeFile Module>
2008-04-05 16:45:48 626688 --a------ C:\WINDOWS\NEW\system32\NCTImageFile.dll <Not Verified; Online Media Technologies Ltd.; NCTImageFile ActiveX DLL>
2008-04-05 16:45:48 382464 --a------ C:\WINDOWS\NEW\system32\NCTAVIFile.dll <Not Verified; NCT Company Ltd.; NCTAVIFile ActiveX DLL>
2008-04-05 16:45:47 215552 --a------ C:\WINDOWS\NEW\system32\NCTWMVFile.dll <Not Verified; NCT Company Ltd.; NCTWMVFile ActiveX DLL>
2008-04-05 16:45:47 312320 --a------ C:\WINDOWS\NEW\system32\NCTVideoView.dll <Not Verified; Online Media Technologies Ltd.; NCTVideoView ActiveX DLL>
2008-04-05 16:45:47 188416 --a------ C:\WINDOWS\NEW\system32\NCTVideoFile.dll <Not Verified; NCT Company Ltd.; NCTVideoFile ActiveX DLL>
2008-04-05 16:45:47 780288 --a------ C:\WINDOWS\NEW\system32\NCTVideoCompress.dll <Not Verified; NCT Company Ltd.; NCTVideoCompress ActiveX DLL>
2008-04-05 16:45:47 90112 --a------ C:\WINDOWS\NEW\system32\NCTAudioFormatSettings3.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFormatSettings3 Module>
2008-04-05 16:45:47 2846720 --a------ C:\WINDOWS\NEW\system32\NCTAudioCompress3.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress3 Module>
2008-04-05 16:45:47 778240 --a------ C:\WINDOWS\NEW\system32\NCTAudioCompress2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress2 Module>
2008-04-05 16:45:46 237568 --a------ C:\WINDOWS\NEW\system32\lame_enc.dll
2008-04-05 16:45:43 81920 --a------ C:\WINDOWS\NEW\system32\viscomwave.dll <Not Verified; Viscom Software; >
2008-04-05 16:45:43 147456 --a------ C:\WINDOWS\NEW\system32\viscomqtenc.dll <Not Verified; Viscom Software www.viscomsoft.com; >
2008-04-05 16:45:43 139264 --a------ C:\WINDOWS\NEW\system32\viscomqtde.dll <Not Verified; Viscom Software www.viscomsoft.com; >
2008-04-05 16:45:43 0 d-------- C:\WINDOWS\NEW\system32\RMBin
2008-04-05 16:45:40 0 d-------- C:\Program Files\Apex
2008-04-05 16:45:40 0 d-------- C:\Apex
2008-03-29 17:39:22 0 d-------- C:\Documents and Settings\SPOCIBA.MIR\Application Data\CDBurnerXP_Soft
2008-03-29 17:24:05 0 d-------- C:\Program Files\BurnAware Free Edition
2008-03-29 15:47:13 0 d-------- C:\Program Files\Instant CD & DVD Burner
2008-03-27 22:09:37 0 d-------- C:\WINDOWS\NEW\system32\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-04-21 14:33:16 0 d-------- C:\Documents and Settings\SPOCIBA.MIR\Application Data\AVG7
2008-04-16 17:13:21 0 d-------- C:\Program Files\Astonsoft
2008-04-14 15:24:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-14 13:11:07 4212 ---h----- C:\WINDOWS\NEW\system32\zllictbl.dat
2008-04-13 15:57:49 0 d-------- C:\Program Files\DIFX
2008-04-13 14:54:50 0 d-------- C:\Program Files\Common Files
2008-04-13 14:52:35 0 d-------- C:\Documents and Settings\SPOCIBA.MIR\Application Data\Sonic
2008-04-12 03:18:43 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-04-11 18:01:46 265 --a------ C:\Documents and Settings\SPOCIBA.MIR\Application Data\burnaware.ini
2008-04-09 16:07:34 0 d-------- C:\Program Files\Java
2008-04-09 15:03:57 0 d-------- C:\Program Files\BOINC
2008-04-09 14:55:22 0 d-------- C:\Program Files\MP3+FreeTV
2008-04-09 14:54:11 0 d-------- C:\Documents and Settings\SPOCIBA.MIR\Application Data\COWON
2008-04-09 14:54:03 0 d-------- C:\Program Files\JetAudio
2008-04-06 05:42:09 0 d-------- C:\Program Files\MySpace
2008-04-05 14:57:30 0 d-------- C:\Program Files\AV Video Morpher
2008-04-04 10:11:39 0 d-------- C:\Documents and Settings\SPOCIBA.MIR\Application Data\Adobe
2008-03-28 13:21:18 0 d-------- C:\Documents and Settings\SPOCIBA.MIR\Application Data\Skype
2008-03-18 13:44:30 0 d-------- C:\Documents and Settings\SPOCIBA.MIR\Application Data\XnView
2008-03-15 18:52:14 0 d-------- C:\Program Files\URUSoft
2008-03-15 18:51:19 0 d-------- C:\Program Files\Subtitles Creator
2008-03-15 18:49:00 0 d-------- C:\Program Files\DivXLand
2008-03-13 06:52:33 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 00:10:31 0 d-------- C:\Documents and Settings\SPOCIBA.MIR\Application Data\Absolutist.com
2008-02-06 15:06:06 3446 --a------ C:\WINDOWS\NEW\unins000.dat
2008-02-06 15:03:08 691545 --a------ C:\WINDOWS\NEW\unins000.exe
2008-01-27 02:41:12 4380058 --a------ C:\Program1


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\NEW\ehome\ehtray.exe" [08/05/2005 03:56 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [04/16/2008 03:02 AM]
"igfxtray"="C:\WINDOWS\NEW\system32\igfxtray.exe" [12/13/2005 02:44 PM]
"igfxhkcmd"="C:\WINDOWS\NEW\system32\hkcmd.exe" [12/13/2005 02:41 PM]
"igfxpers"="C:\WINDOWS\NEW\system32\igfxpers.exe" [12/13/2005 02:45 PM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 02:34 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [06/10/2005 08:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 08:44 AM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [11/01/2005 03:12 AM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\NEW\system32\WLTRAY.exe" [11/01/2006 09:48 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"DLA"="C:\WINDOWS\NEW\System32\DLA\DLACTRLW.EXE" [11/07/2005 05:20 AM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 10:22 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\NEW\system32\ctfmon.exe" [08/10/2004 04:00 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/06/2008 03:05 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]

C:\Documents and Settings\All Users.NEW\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 12:05:26 PM]
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [11/28/2006 3:05:23 PM]
Launch SymmTime.exe.lnk - C:\WINDOWS\NEW\Installer\{EBB02E84-8C51-4881-A933-E42E16CA9A89}\SymmTime.exe_694729AF81B6460694745F498B076239.exe [3/11/2007 8:17:16 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\NEW\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\NEW\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [10/09/2004 04:18 AM 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 10/07/2007 01:13 AM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Versato]
C:\Program Files\Media Key\Versato.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\SETUP.EXE




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8333 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-21 17:42:11 ------------
--
  • 0

#5
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Paul W.,

Please download the following & save to your Desktop:
Malwarebytes' Anti-Malware from Here or Here


Run Malwarebytes' Anti-Malware:
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Save the report as C:\mbam.txt
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to C:\active_scan.txt
  • Post the contents of that file and C:\mbam.txt as your next reply

The text from these files may exceed the maximum post length for this forum, and may need to be sent over 2 or more posts. Please ensure all text is posted.

Cheers,

sage5
  • 0

#6
Paul W.

Paul W.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
sage5!

It's getting interesting.

With MBAM I have fixed the threats. After scanning with Panda TotalScan I noticed there may be false positives. And, since you didn't instruct me to disinfect from Panda results, I've not yet disinfected any potential threats. The program mac2006g.exe is a mac address spoofer that I recently downloaded to help me diagnose a network problem, and is not detected as a threat with AVG anti-virus. But Panda says it's a pretty intrusive trojan virus. Anyways, I'll wait to here from you before disinfecting Panda results. Thank you tons!



*** PANDA ***

;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-04-22 11:00:20
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
AVG 7.5.524 7.5.524 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00041446 application/myway HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04079851-5845-4DEA-848C-3ECD647AA554}
00041446 application/myway HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
00517584 Application/SuperFast HackTools No 0 Yes No C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix\restart.exe
02377451 Adware/SaveNow Adware No 0 Yes No C:\Program Files\Amazing CD & DVD Burner\Partner\AdVantageSetup.exe
02924694 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Documents and Settings\SPOCIBA.MIR\Desktop\mac2006g.exe
;===============================================================================
================================================================================
=
===================
SUSPECTS
Location
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
--




*** MBAM ***


Malwarebytes' Anti-Malware 1.11
Database version: 669

Scan type: Quick Scan
Objects scanned: 43150
Time elapsed: 12 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.
--

Edited by Paul W., 22 April 2008 - 12:35 PM.

  • 0

#7
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Before we tackle those last deletions, how is the whole DVD setup working now, still getting the errors etc.?
  • 0

#8
Paul W.

Paul W.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Hi sage5!

I'm still testing the DVD errors and I'll let you know when I'm finished. But, so far it looks like the errors in burning may have cleared up. But, I don't want to say so until I've made a few more burns because in the past I've made a successful burn out of many. And as far as getting the blue screen when ejecting a RW DVD, I still have not tested that. I'll post an update as soon as possible. Thank you very much.
  • 0

#9
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Paul W.,

In the meantime please complete the following to remove the last bad files etc.

Clean up Registry with a Reg file:
  • Please open a new Notepad file by clicking Start\All Programs\Accessories\Notepad
  • Copy the text from the following Code box, by highlighting all the text and right click, Select Copy. (or use the Ctrl+C keyboard shortcut)
Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04079851-5845-4DEA-848C-3ECD647AA554}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}]
  • Paste it into Notepad. Right click in the window and select Paste. (or use Ctrl+V)
  • Save the file to the Desktop, make sure Type is All Files, and name it Fixreg.reg
  • Double click on the file created and click Yes when asked to merge the information into the Registry


Remove folders & files:
  • Delete these files, (if present):
    C:\Program Files\Amazing CD & DVD Burner\Partner\AdVantageSetup.exe
    C:\Documents and Settings\SPOCIBA.MIR\Desktop\mac2006g.exe


Cheers,

sage5
  • 0

#10
Paul W.

Paul W.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Okay. I've completed the latest instructions. And I've bought some new DVDs and I'll try to burn some more data DVDs soon. As for the blue screen error upon ejecting a DVD +RW; that still remains a problem. I'll try to upload 3 screen shots. The first is blue screen error. And, after that error the computer completely freezes and to reboot I need to disconnect computer power supply, and also the laptop battery. Then, the second and third screen shots are from pop ups right after windows is rebooted. Thank you again.

Attached Thumbnails

  • 2008_04_24_00001.jpg
  • 2008_04_24_00002.jpg
  • 2008_04_24_00003.jpg

  • 0

Advertisements


#11
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
OK, the Blue Screen gives us a hint as to what the problem could be, and is backed up by this from the Deckard's Extra.txt

C: is Fixed (NTFS) - 31.17 GiB total, 0.94 GiB free.

That is about 3% free space left on that partition.
The recommendation for free space threshold on any partition is 15%

This is going to require some serious reorganisation/cleaning out.

ATF Cleaner by Atribune.

Clean out cookies, temp files etc:
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


If you can get another H'drive installed:

Shift as many data files (movies, photos, documents etc) to the new drive
Uninstall all unnecessary/unused applications.
Then uninstall the less important remaining programs & reinstall to the new h,drive
Defragment the C:\ drive and see how much space you now have remaining.

If you cannot get another h'drive installed:
Be much more ruthless with the uninstallation list.
Burn as much data as you can to CD/DVD. (Hopefully you have already gained enough free space to do this bit)
Defrag drive and see if you can get to the magical 15% free space.

Then test the performance of the PC & see if the BSOD's have stopped
  • 0

#12
Paul W.

Paul W.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
sage5!

I've burned a few DVDs now and I do believe that problem is fixed. I don't know what we did to fix it exactly, but it seems to be fine now. Smiles.

And about the BSOD error. I reluctantly freed up more space of the c: drive. I have now more than 30% free. Then, without rebooting, I tried ejecting the DVD RW disc. And again, the blue screen error. So, I then defragmented c:. There were over 450 files that needed to be repaired. I told it to create files from the repaired results.

Then I ran the windows utilities, fsutil dirty query c:, and chkdsk c: /f. The c: drive somehow couldn't unlock in order to perform ckdsk, so, I tried to F5 at reboot to run command prompt only, but it wasn't in the list. Maybe that option is not available in XP. I instead tried to run safe mode with command prompt. Then I just saw the black screen with a list of commands, like it was booting from different programs. Anyways, it seemed like the hdd light was active but it took a very long time to apparently run the chkdsk command that I agreed to run on the next reboot, since c: was not able to unlock (or lock, I forgot). So, I tried to run chkdsk a few more times, giving the laptop a few cold hard shutdowns. Eventually, I think it did repair the errors, but only splashed the results on the screen very quickly before continuing the reboot. Once it was rebooted, I tried to eject the DVD RW disc, and it performed without the BSOD or any errors! Finally! But, I don't know if it was because I freed up more space (then rebooted), or because of the defrag or chkdsk, or both. I'm guessing that freeing up some space on c: needs to be followed up by a reboot to get results. But maybe chkdsk helped. It's hard to know.

Just for curiousity, I ran Spybot SD since teatimer.exe hasn't been running in the background while we fixed the problems, and I wanted to see if I needed to accept or deny any new registry changes. I found two problems, one of which needed to reboot in order to repair (somewhat rare).

Included in this post are two screenshots; one of the chkdsk error that wasn't able to run at first, and the Spybot SD errors.

Also included is the latest HiJackThis log, because there looks like there could be an unwanted/unneeded line:

O16 - DPF: {A57B79D8-9501-42B7-BA9B-B961454712F2} -

I don't know what that line is for, and there may be other lines that should be fixed as well. I don't know, and I wish I had more experience and knowledge. That's where GeeksToGo comes in. You guys are the best--plain and simple!

sage5, if everything looks okay, then I guess this post has a successful ending and can be closed. I tried for a few weeks on my own to fix these problems without success. It seemed I was digging myself deeper into trouble, so I am very grateful you were here to help.

Thank you very very very much!!! :)


--
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:59:33 PM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\NEW\System32\smss.exe
C:\WINDOWS\NEW\system32\winlogon.exe
C:\WINDOWS\NEW\system32\services.exe
C:\WINDOWS\NEW\system32\lsass.exe
C:\WINDOWS\NEW\system32\svchost.exe
C:\WINDOWS\NEW\System32\svchost.exe
C:\WINDOWS\NEW\system32\svchost.exe
C:\WINDOWS\NEW\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\NEW\Explorer.EXE
C:\WINDOWS\NEW\System32\WLTRYSVC.EXE
C:\WINDOWS\NEW\System32\bcmwltry.exe
C:\WINDOWS\NEW\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\NEW\eHome\ehRecvr.exe
C:\WINDOWS\NEW\eHome\ehSched.exe
C:\WINDOWS\NEW\system32\imapi.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\NEW\system32\tcpsvcs.exe
C:\WINDOWS\NEW\system32\dllhost.exe
C:\WINDOWS\NEW\ehome\ehtray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\NEW\system32\hkcmd.exe
C:\WINDOWS\NEW\system32\igfxpers.exe
C:\WINDOWS\NEW\eHome\ehmsas.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\NEW\system32\WLTRAY.exe
C:\WINDOWS\NEW\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\NEW\System32\DLA\DLACTRLW.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\NEW\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\NEW\system32\wuauclt.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Symmetricom\SymmTime\SymmTime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\NEW\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\NEW\ehome\ehtray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\NEW\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\NEW\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\NEW\system32\igfxpers.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\NEW\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\NEW\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\NEW\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Launch SymmTime.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {A57B79D8-9501-42B7-BA9B-B961454712F2} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\NEW\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\NEW\System32\WLTRYSVC.EXE

--
End of file - 6533 bytes
--

Attached Thumbnails

  • 2008_04_26_00001.jpg
  • 2008_04_26_00002.jpg

Edited by Paul W., 26 April 2008 - 07:50 PM.

  • 0

#13
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Paul W.,


O16 - DPF: {A57B79D8-9501-42B7-BA9B-B961454712F2} -


That line seems to be getting re written to the registry:
Let's see what it is all about.

Please download RegSearch and save it to your Desktop.
  • Extract the file to its own folder, like C:\RegSearch
  • Double click on regsearch.exe
  • Copy the following to the upper input box:
    A57B79D8-9501-42B7-BA9B-B961454712F2
  • Leave the lower input box empty
  • Leave the ticks in there default configurations & click OK
  • The scan will appear to pause and then open a Notepad file.
  • This file is C:\RegSearch\RegSearch.txt

Run RegSearch:


Post me the text from the file generated
  • 0

#14
Paul W.

Paul W.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Even after the log is created, the program Registry Search hangs and doesn't close easily. Here is the log:


Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 4/27/2008 12:34:38 PM for strings:
; 'a57b79d8-9501-42b7-ba9b-b961454712f2'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A57B79D8-9501-42B7-BA9B-B961454712F2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A57B79D8-9501-42B7-BA9B-B961454712F2}\Contains]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A57B79D8-9501-42B7-BA9B-B961454712F2}\Contains\Files]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A57B79D8-9501-42B7-BA9B-B961454712F2}\DownloadInformation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A57B79D8-9501-42B7-BA9B-B961454712F2}\InstalledVersion]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/NEW/Downloaded Program Files/wlaninfo.ocx]
".Owner"="{A57B79D8-9501-42B7-BA9B-B961454712F2}"
"{A57B79D8-9501-42B7-BA9B-B961454712F2}"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A57B79D8-9501-42B7-BA9B-B961454712F2}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A57B79D8-9501-42B7-BA9B-B961454712F2}\iexplore]

; End Of The Log...
--
  • 0

#15
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Paul W.,


Clean up Registry with a Reg file:
  • Please open a new Notepad file by clicking Start\All Programs\Accessories\Notepad
  • Copy the text from the following Code box, by highlighting all the text and right click, Select Copy. (or use the Ctrl+C keyboard shortcut)
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A57B79D8-9501-42B7-BA9B-B961454712F2}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/NEW/Downloaded Program Files/wlaninfo.ocx]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A57B79D8-9501-42B7-BA9B-B961454712F2}]
  • Paste it into Notepad. Right click in the window and select Paste. (or use Ctrl+V)
  • Save the file to the Desktop, make sure Type is All Files, and name it Fixreg.reg
  • Double click on the file created and click Yes when asked to merge the information into the Registry


Remove folders & files:
  • Using Windows Explorer, (to get there right-click your Start button and go to "Explore"), delete these files, (if present):
    C:\WINDOWS\NEW\Downloaded Program Files\wlaninfo.ocx

Shut down & Reboot normally:

Run HijackThis again:
  • Select the Run a system scan and save a logfile button. The logfile will open in Notepad.
  • Start your Web browser and navigate back to this thread.
  • Click the Add Reply button
  • Copy and Paste the text into the Reply window.
Please include a note to tell me how your PC is running now.

Cheers,

sage5
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP