 Buffer Overrun .. Suddenly Appeared.. |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.| Important Announcement: We have a terrific contest still running on the site that I wanted all our members and guests to know about. The chance to win two Seagate FreeAgent external hard drives. More information about this contest can be found here. I suggest everyone submit an entry for them. - BleepingComputer Management |
  |
 Jul 1 2008, 05:04 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 1 Joined: 1-July 08 Member No.: 219,854  |
Microsoft Visual C++ Runtime Library Buffer Overrun Detected! ... Must now be terminated. I ran all the malaware and Virus scans I could find and they all came out 100% ok. I tried system restore and got the same error. Any help would be great.. Deckard's System Scanner v20071014.68 Run by user on 2008-07-02 00:42:19 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 4 Restore Point(s) -- 4: 2008-06-30 21:45:02 UTC - RP170 - Scheduled Checkpoint 3: 2008-06-29 20:00:03 UTC - RP168 - Windows Backup 2: 2008-06-28 23:15:51 UTC - RP167 - Scheduled Checkpoint 1: 2008-06-27 21:00:03 UTC - RP166 - Scheduled Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as user.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:43:52, on 02/07/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Windows\sttray.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Windows\ehome\ehtray.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\sdclt.exe C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZB52UXPG\dss[1].exe C:\Windows\system32\conime.exe c:\program files\google\googletoolbar1user.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: CCC.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickSet.lnk = ? O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bluetooth Feature Support (BthFilterHelper) - CSR, plc - C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8868 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys S3 CSRBC (CSRBC.Sys CSR test driver) - c:\windows\system32\drivers\csrbcxp.sys <Not Verified; CSR, plc; CsrUsb Device Driver> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 BthFilterHelper (Bluetooth Feature Support) - "c:\program files\csr\vista profile pack\bthfilterhelper.exe" <Not Verified; CSR, plc; BthFilter Helper Service> R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter R2 STacSV (SigmaTel Audio Service) - c:\windows\system32\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio> S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application> S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-07-01 08:49:05 416 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{A4FCFF28-51BD-4F74-83EB-046A91B46EBB}.job -- Files created between 2008-06-02 and 2008-07-02 ----------------------------- 2008-07-02 00:40:47 0 d-------- C:\Program Files\Trend Micro 2008-07-01 23:28:52 0 d-------- C:\Users\All Users\SiteAdvisor 2008-07-01 23:07:46 0 d-------- C:\Program Files\Panda Security 2008-07-01 22:54:39 0 d-------- C:\Users\All Users\PrevxCSI 2008-06-16 22:41:20 0 d-------- C:\Program Files\MSECache -- Find3M Report --------------------------------------------------------------- 2008-07-02 00:42:26 0 d-------- C:\Users\user\AppData\Roaming\Skype 2008-07-02 00:26:04 0 d-------- C:\Program Files\Common Files 2008-07-02 00:24:56 12 --a------ C:\Windows\bthservsdp.dat 2008-07-02 00:10:11 0 d-------- C:\Users\user\AppData\Roaming\skypePM 2008-06-15 03:11:51 0 d-------- C:\Program Files\Windows Mail 2008-06-14 21:28:41 0 d-------- C:\Program Files\DivX 2008-05-31 02:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2008-05-31 02:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-31 02:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-31 02:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-31 02:22:46 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-28 02:52:08 0 d-------- C:\Users\user\AppData\Roaming\StanaPhone 2008-05-23 01:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll 2008-05-23 01:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2008-05-23 01:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2008-05-23 01:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll 2008-05-13 09:02:17 0 d-------- C:\Program Files\PKWARE 2008-05-13 09:02:17 0 d-------- C:\Program Files\Common Files\PKWARE 2008-04-28 11:48:26 50 --a------ C:\Windows\system32\BRIDF04A.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [07/06/2007 11:42 AM] "NVHotkey"="C:\Windows\system32\nvHotkey.dll" [05/16/2007 08:35 AM] "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [07/06/2007 03:58 AM] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 01:37 PM] "@"="" [] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [11/05/2006 01:22 PM] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [] "Persistence"="C:\Windows\system32\igfxpers.exe" [] "SigmatelSysTrayApp"="sttray.exe" [03/06/2007 11:37 PM C:\Windows\sttray.exe] "Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [12/08/2007 03:34 PM] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/24/2008 12:49 AM] "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [03/08/2007 02:00 PM] "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [07/19/2006 02:51 PM] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [02/12/2008 05:41 PM] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 02:09 PM] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 01:35 PM] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [02/13/2008 03:49 PM] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 06:22 PM] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 06:45 PM] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 03:35 PM] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [04/01/2008 06:35 PM] "@"="" [] C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [29/09/2006 10:57:36] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [24/09/2005 00:05:26] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [06/07/2007 04:00:17] QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [12/02/2008 16:37:49] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4db681a5-d7a2-11dc-bda7-806e6f6e6963}] AutoRun\command- E:\autoRcd.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75cc7bf7-d969-11dc-9139-806e6f6e6963}] AutoRun\command- E:\Autorun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {BA384837-6755-6433-A806-943F6BBD8B01} /qb [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-07-02 00:45:25 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vista™ Home Premium (build 6000) Architecture: X86; Language: English CPU 0: AMD Turion™ 64 X2 Mobile Technology TL-60 Percentage of Memory in Use: 38% Physical Memory (total/avail): 1917.71 MiB / 1184.04 MiB Pagefile Memory (total/avail): 4072.62 MiB / 3078.94 MiB Virtual Memory (total/avail): 2047.88 MiB / 1925.55 MiB C: is Fixed (NTFS) - 99.16 GiB total, 60.61 GiB free. D: is Fixed (NTFS) - 10 GiB total, 0.01 GiB free. E: is CDROM (CDFS) \\.\PHYSICALDRIVE0 - WDC WD1200BEVS-75UST0 ATA Device - 111.79 GiB - 4 partitions \PARTITION0 - Unknown - 117.63 MiB \PARTITION1 - Installable File System - 10 GiB - D: \PARTITION2 (bootable) - Installable File System - 99.16 GiB - C: \PARTITION3 - Extended w/Extended Int 13 - 2.5 GiB -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\user\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=USER-PC ComSpec=C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\user LM_LICENSE_FILE=1717@192.168.1.100 LOCALAPPDATA=C:\Users\user\AppData\Local LOGONSERVER=\\USER-PC NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 104 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=6802 ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\ SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\user\AppData\Local\Temp TMP=C:\Users\user\AppData\Local\Temp USERDOMAIN=user-PC USERNAME=user USERPROFILE=C:\Users\user windir=C:\Windows -- User Profiles --------------------------------------------------------------- user -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002} Broadcom Management Programs --> MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449} Brother MFL-Pro Suite --> "C:\Program Files\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe" -runfromtemp -l0x0009 Brunin03.dll -removeonly ccc-Branding --> MsiExec.exe /I{4F5A53E6-3CBE-44D7-91AD-2E535348484F} Cisco EAP-FAST Module --> MsiExec.exe /I{BF53252E-4AB2-4C7F-A0FD-6100755745E3} Cisco LEAP Module --> MsiExec.exe /I{76F9CF97-FC4B-4E20-B363-D127C888448F} Cisco PEAP Module --> MsiExec.exe /I{4E5386F5-C0F6-4532-A54A-374865AEAB71} Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf Dell Resource CD --> MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021} Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1} Dell System Customization Wizard --> MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5} DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Microsoft Office 2003 English User Interface Pack --> MsiExec.exe /I{901E0409-6000-11D3-8CFE-0150048383C9} Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9} Microsoft Office Live Meeting 2005 --> MsiExec.exe /I{AB6972B2-CF5D-4CC8-AF4F-B5D6888AB120} Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{9112040D-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B} MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly OZ776 SCR Driver V1.1.3.9 --> C:\Program Files\InstallShield Installation Information\{343D8DE3-AE1F-431A-830C-B66352E8CA12}\setup.exe -runfromtemp -l0x0409 PrimoPDF --> "C:\Windows\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml" PrimoPDF Redistribution Package --> MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7} QuickSet --> MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52} Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82} Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC} Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048} Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87} Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF} Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB} Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} StanaPhone Beta --> "C:\Program Files\StanaPhone\unins000.exe" VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409 Vista Profile Pack --> MsiExec.exe /X{D31FB582-86AE-4A05-BFC1-5C5CA944E234} WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5} ZIP Reader 8.00.0018 --> MsiExec.exe /I{856C155E-4A74-4041-B026-04F96FFD1BCD} כרטיס לרשת אלחוטית של Dell --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card" -- Application Event Log ------------------------------------------------------- Event Record #/Type3346 / Error Event Submitted/Written: 07/02/2008 00:30:46 AM Event ID/Source: 5007 / WerSvc Event Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9. Event Record #/Type3339 / Success Event Submitted/Written: 07/02/2008 00:26:13 AM Event ID/Source: 5617 / WinMgmt Event Description: Event Record #/Type3337 / Success Event Submitted/Written: 07/02/2008 00:26:07 AM Event ID/Source: 5615 / WinMgmt Event Description: Event Record #/Type3334 / Success Event Submitted/Written: 07/02/2008 00:26:05 AM Event ID/Source: 902 / Software Licensing Service Event Description: The Software Licensing service has started. Event Record #/Type3315 / Error Event Submitted/Written: 07/02/2008 00:11:24 AM Event ID/Source: 5007 / WerSvc Event Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type32344 / Warning Event Submitted/Written: 07/02/2008 00:44:08 AM Event ID/Source: 3004 / WinDefend Event Description: %user-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %user-PC27 can't undo changes that you allow. For more information please see the following: %user-PC275 Scan ID: {05EC985C-676A-4B6E-B918-8D7BD687D702} User: user-PC\user Name: %user-PC271 ID: %user-PC272 Severity ID: %user-PC273 Category ID: %user-PC274 Path Found: %user-PC276 Alert Type: %user-PC278 Detection Type: 1.1.1505.02 Event Record #/Type32343 / Warning Event Submitted/Written: 07/02/2008 00:44:08 AM Event ID/Source: 3004 / WinDefend Event Description: %user-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %user-PC27 can't undo changes that you allow. For more information please see the following: %user-PC275 Scan ID: {210FCF0B-A753-4E34-90A7-902E5ECC1CD9} User: user-PC\user Name: %user-PC271 ID: %user-PC272 Severity ID: %user-PC273 Category ID: %user-PC274 Path Found: %user-PC276 Alert Type: %user-PC278 Detection Type: 1.1.1505.02 Event Record #/Type32342 / Warning Event Submitted/Written: 07/02/2008 00:44:08 AM Event ID/Source: 3004 / WinDefend Event Description: %user-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %user-PC27 can't undo changes that you allow. For more information please see the following: %user-PC275 Scan ID: {7E65DE3C-D4B2-4E32-81F2-9BD86F7BD2CF} User: user-PC\user Name: %user-PC271 ID: %user-PC272 Severity ID: %user-PC273 Category ID: %user-PC274 Path Found: %user-PC276 Alert Type: %user-PC278 Detection Type: 1.1.1505.02 Event Record #/Type32341 / Warning Event Submitted/Written: 07/02/2008 00:44:05 AM Event ID/Source: 3004 / WinDefend Event Description: %user-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %user-PC27 can't undo changes that you allow. For more information please see the following: %user-PC275 Scan ID: {9AF485C4-6AF4-4E3F-99D2-7A0443865A0C} User: user-PC\user Name: %user-PC271 ID: %user-PC272 Severity ID: %user-PC273 Category ID: %user-PC274 Path Found: %user-PC276 Alert Type: %user-PC278 Detection Type: 1.1.1505.02 Event Record #/Type32340 / Warning Event Submitted/Written: 07/02/2008 00:44:05 AM Event ID/Source: 3004 / WinDefend Event Description: %user-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %user-PC27 can't undo changes that you allow. For more information please see the following: %user-PC275 Scan ID: {77E1DB13-119A-43BB-864B-6F1BEDA08D85} User: user-PC\user Name: %user-PC271 ID: %user-PC272 Severity ID: %user-PC273 Category ID: %user-PC274 Path Found: %user-PC276 Alert Type: %user-PC278 Detection Type: 1.1.1505.02 -- End of Deckard's System Scanner: finished at 2008-07-02 00:45:25 ------------ |
 |
 
|
|
Jul 1 2008, 06:55 PM
Post
#2
|
|
 Bleepin' Mod Group: Moderator Posts: 4,617 Joined: 18-March 06 From: B.C. Canada Member No.: 59,826 |
Hello Akivaace,
I have moved your Topic that includes a HijackThis log here to the Misplaced HJT Logs forum. You posted your log in a forum not intended for HijackThis logs analysis and probably missed the directions we provide to those who require assistance. We can only allow topics with such logs in the HijackThis Logs and Malware Removal forum. This restriction is to ensure you get the best help available, from those who specialize in malware analysis and removal. It also should prevent you from receiving ineffective or even potentially dangerous advice, whether well meaning or not. Prior to posting a HJT log, we ask that you please read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log. Following the steps in this Guide will allow the HJT Team to quickly help you with specific fixes for what may remain on your system. Please complete all the steps in the Guide. If you have performed some of them already, then just continue with the next. If you can't perform a step, then skip it and continue with the next. There are instructions for downloading and running Deckard's System Scanner (DSS) which will create a hijackthis log for you, or automatically download and install the most current version of HijackThis if it's not already installed on your computer. Please note that it is important that Deckard's System Scanner be run and a log created while in normal mode. If you run it and create your log while in safe mode, you will be asked to redo it again properly. When you have completed those steps, start a new topic in the HijackThis Logs and Malware Removal forum as directed in the Guide to post a new log. Please DO NOT post any more logs to this topic, or post a log again in the wrong forum. This Misplaced HJT Logs forum is strictly a holding area where the BC Staff can assist you with preparations for and to properly post your log. If you have a question or encounter a problem in the Prep Guide, please do post back to this topic; that is what it is here for. When your new HJT log is posted in the proper forum, please reply to this topic with a link to your new topic. Once that is done, a Member of the HJT Team will analyze your log and assist you with step by step instructions to clean your computer or otherwise advise what needs to be done. Thanks for your cooperation and good luck. The BC Staff/TMacK --------------------  Join Bleeping Computers Folding@home Team and Help find a cure. I am thankful for laughter, except when milk comes out of my nose. ~Woody Allen |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 5th December 2008 - 11:51 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.