Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Results Review Request


  • This topic is locked This topic is locked
4 replies to this topic

#1 oboist1

oboist1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 24 July 2008 - 10:45 PM

I went through the Not All Slow Computers Are Malware Topic. I did not perform all of them just selected applicable areas.

I keep getting a "click-click-click-whir" sound from my hard drive. When ever it occurs, my computer slows to crawl. My internet connection still works along with a few programs. When I connect to the internet, After a few minutes, I here the hard drive activate for about 20 seconds followed by the "click-click-click-whir". Also, i an having trouble with executable files now.

Here is my updated (7/25/08) HiJack This results: - Please review. Thank you very much, Steve


Scan saved at 11:51:20 AM, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\WLAN\ACU.exe
C:\Program Files\SoftSwift\Enhanced Windows Backup\EWBackup.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NetZero\exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PCTVOICE] "C:\WINDOWS\system32\pctspk.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -k
O4 - HKLM\..\Run: [ACU] "C:\Program Files\WLAN\ACU.exe" -nogui
O4 - HKLM\..\Run: [EWBACKUP] "C:\Program Files\SoftSwift\Enhanced Windows Backup\EWBackup.exe" /Q /START
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: Show All Original Images - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Show Original Image - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: WLAN Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Unknown owner - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe (file missing)
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7134 bytes

Edited by oboist1, 25 July 2008 - 11:54 AM.


BC AdBot (Login to Remove)

 


m

#2 oboist1

oboist1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 27 July 2008 - 12:34 PM

Title was: Some Exe Programs Will Not Run, OpenOffice 2.4.1 download may have caused program problems ~ OB

Several of my exe programs will not run (TaxCut, PhotoStudio, Play DVD's etc.)

Also, some times I hear an unusual never heard before "click-click-click-whir" from the hard drive that results in delays or program bombs.

The problems seemed to start after I downloaded the 2.4.1 version of OpenOffice (upgrade from 2.3).

As a precaution, I removed 3 virus programs (Avira, Avast! and Webroot) that may have been causing conflicts. I used the Avira, Avast! and Webroot removal programs for a through removal. They were removed AFTER I had made the OpenOffice upgrade. I also removed OpenOffice 2.4.1

Attached is a HiJack/DSS scan.

Thanks for your help. :thumbsup:

Steve

Deckard's System Scanner v20071014.68
Run by USER on 2008-07-27 12:04:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
65: 2008-07-27 17:04:38 UTC - RP390 - Deckard's System Scanner Restore Point
64: 2008-07-26 21:43:09 UTC - RP389 - Software Distribution Service 3.0
63: 2008-07-25 18:41:57 UTC - RP388 - Uniblue RegistryBooster
62: 2008-07-25 18:40:22 UTC - RP387 - Uniblue RegistryBooster
61: 2008-07-25 17:21:27 UTC - RP386 - Restore Operation


-- First Restore Point --
1: 2008-06-10 14:49:05 UTC - RP326 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as USER.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:15 PM, on 7/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\WLAN\ACU.exe
C:\Program Files\SoftSwift\Enhanced Windows Backup\EWBackup.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NetZero\exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\NetZero\exec.exe
C:\Documents and Settings\USER\Desktop\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\USER.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PCTVOICE] "C:\WINDOWS\system32\pctspk.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -k
O4 - HKLM\..\Run: [ACU] "C:\Program Files\WLAN\ACU.exe" -nogui
O4 - HKLM\..\Run: [EWBACKUP] "C:\Program Files\SoftSwift\Enhanced Windows Backup\EWBackup.exe" /Q /START
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: Show All Original Images - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Show Original Image - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: WLAN Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Unknown owner - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe (file missing)
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7533 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 tapvpn (TAP VPN Adapter) - c:\windows\system32\drivers\tapvpn.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>
R3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 AR5523 (WLAN USB Wireless Network Adapter Service) - c:\windows\system32\drivers\ar5523.sys <Not Verified; WLAN Communications, Inc.; WLAN 5005 Wireless USB Network Adapter>
S3 BRGSp50 (BRGSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\brgsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (WLAN Configuration Service) - c:\windows\system32\acs.exe
R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>

S2 WDFNet (Webroot Desktop Firewall network service) - c:\program files\webroot\webroot desktop firewall\wdfsvc.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 570x Gigabit Integrated Controller
Device ID: PCI\VEN_14E4&DEV_165D&SUBSYS_865D1028&REV_01\4&39A85202&0&00F0
Manufacturer: Broadcom
Name: Broadcom 570x Gigabit Integrated Controller #2
PNP Device ID: PCI\VEN_14E4&DEV_165D&SUBSYS_865D1028&REV_01\4&39A85202&0&00F0
Service: b57w2k

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Dell Wireless 1350 WLAN Mini-PCI Card
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00031028&REV_03\4&39A85202&0&18F0
Manufacturer: Broadcom
Name: Dell Wireless 1350 WLAN Mini-PCI Card
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00031028&REV_03\4&39A85202&0&18F0
Service: BCM43XX


-- Scheduled Tasks -------------------------------------------------------------

2008-07-10 09:45:27 462 --a------ C:\WINDOWS\Tasks\WebReg 20080710094525.job
2007-09-21 18:53:27 340 -----n--- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1182296962.job
2007-06-22 08:32:56 104 -----n--- C:\WINDOWS\Tasks\Low Battery Alarm Program.job


-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-25 13:39:11 0 d-------- C:\Documents and Settings\USER\Application Data\Uniblue
2008-07-24 20:54:56 0 d-------- C:\Program Files\Trend Micro
2008-07-23 11:14:29 0 d--hs---- C:\WINDOWS\CSC
2008-07-21 20:56:20 326 --ah----- C:\Documents and Settings\USER\hpothb07.dat
2008-07-05 21:26:59 0 d-------- C:\Program Files\Moffsoft FreeCalc


-- Find3M Report ---------------------------------------------------------------

2008-07-25 16:20:23 0 d-------- C:\Documents and Settings\USER\Application Data\uTorrent
2008-07-25 08:28:48 164 --a------ C:\install.dat
2008-07-22 10:26:27 0 d-------- C:\Program Files\Alwil Software
2008-07-21 23:38:22 0 d-------- C:\Documents and Settings\USER\Application Data\OpenOffice.org2
2008-07-16 21:58:33 0 d-------- C:\Program Files\Java
2008-06-20 21:30:43 0 d-------- C:\Program Files\ZyDAS Technology Corporation
2008-06-18 12:01:19 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-06-17 08:56:59 0 d-------- C:\Documents and Settings\USER\Application Data\MSNInstaller
2008-06-02 14:25:31 0 d-------- C:\Program Files\SoftSwift
2008-06-01 07:16:57 0 d-------- C:\Program Files\WLAN


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [10/07/2005 04:13 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/10/2005 11:05 PM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [12/19/2005 11:08 AM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/06/2006 04:58 PM]
"PCTVOICE"="C:\WINDOWS\system32\pctspk.exe" [02/24/2003 05:35 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [10/18/2006 09:04 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/18/2006 08:58 PM]
"Samsung LBP SM"="C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" [04/04/2003 09:40 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep.exe" [08/04/2004 07:00 AM]
"ACU"="C:\Program Files\WLAN\ACU.exe" [09/05/2006 11:52 AM]
"EWBACKUP"="C:\Program Files\SoftSwift\Enhanced Windows Backup\EWBackup.exe" [02/01/2006 11:04 AM]
"@"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"NetZero_uoltray"="C:\Program Files\NetZero\exec.exe" [03/06/2007 07:00 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

C:\Documents and Settings\USER\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [4/13/2004 5:03:10 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [6/20/2007 7:26:57 AM]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [4/6/2003 1:17:18 AM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/6/2003 1:06:58 AM]
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [7/7/2008 11:50:55 AM]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98ce69a0-1ac5-11dc-865f-009096bbf937}]
AutoRun\command- E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe




-- End of Deckard's System Scanner: finished at 2008-07-27 12:08:47 ------------

===============================================================================
===============================================================================

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1400MHz
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 1535.23 MiB / 1105.81 MiB
Pagefile Memory (total/avail): 2155.7 MiB / 1870.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.98 MiB

C: is Fixed (NTFS) - 37.25 GiB total, 25.86 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC25N040ATCS04-0 - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.25 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\USER\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USER-737A973129
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\USER
LOGONSERVER=\\USER-737A973129
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\USER\LOCALS~1\Temp
TMP=C:\DOCUME~1\USER\LOCALS~1\Temp
USERDOMAIN=USER-737A973129
USERNAME=USER
USERPROFILE=C:\Documents and Settings\USER
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

USER (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
After Dark Games --> C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\After Dark Games\Uninst.isu"
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
APC PowerChute Personal Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
AQUAZONE DESKTOP GARDEN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21DFBF7E-DC05-4E87-A7D1-D5631A23ECED}\Setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Broadcom Gigabit Integrated Controller --> MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant D480 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Crash Analysis Tool --> MsiExec.exe /X{D5F881C2-B134-474E-AA60-B25DD218AE0D}
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Enhanced Windows Backup --> MsiExec.exe /X{DDFC1938-6B7B-4419-8D81-108B5B8D47C0}
FastStone Photo Resizer 2.5 --> C:\Program Files\FastStone Photo Resizer\uninst.exe
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
gobeProductive --> MsiExec.exe /I{0DB67C01-CFEA-4DBA-85C8-C15399E3FBE0}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotspot Shield 1.04 --> C:\Program Files\Hotspot Shield\Uninstall.exe
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 1200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
hp psc 1200 series --> rundll32 hpzcon07.dll,VendorJettison hp psc 1200 series
Impossible Golf --> C:\WINDOWS\iun507.exe C:\Program Files\Impossible Golf\irunin.ini
InfraRecorder --> C:\Program Files\InfraRecorder\uninstall.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
ML-1710 Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18499419-2B80-4C3F-86D3-C6C45CD2062E}\setup.exe"
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Moffsoft FreeCalc --> "C:\Program Files\Moffsoft FreeCalc\unins000.exe"
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Network Stumbler 0.4.0 (remove only) --> "C:\Program Files\Network Stumbler\uninst.exe"
NetZero Internet --> "C:\Program Files\NetZero\NetZeroUninstaller.exe"
O2Micro Smartcard Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C5BED10B-42A9-4142-B4C2-008C0FDE27D5} /l1033
oggcodecs 0.71.0946 --> C:\Program Files\illiminable\oggcodecs\uninst.exe
Palm Desktop --> MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
PCTEL 2304WT V.9x MDC Modem Drivers --> ptuninst.exe
Pdf995 (installed by TaxCut) --> C:\Program Files\pdf995\setup.exe uninstall
PdfEdit995 (installed by TaxCut) --> C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstall
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
Samsung Printer Status Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B140D361-80CB-4E59-B51B-6C048A31E297}\setup.exe"
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
TaxCut Premium 2007 --> MsiExec.exe /X{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}
TaxCut Standard 2006 --> C:\PROGRA~1\TaxCut06\Program\removetc.exe
Ulead DVD Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21DAFB84-2421-488F-B17D-102FF53396AA}\setup.exe" -l0x9
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WLAN USB Client Installation Program For XP/2K V2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2220A504-D171-4151-8D25-835F6499040D}\setup.exe" -l0x9 -removeonly
XML Paper Specification Shared Components Pack 1.0 -->
Zoner Photo Studio 7 --> MsiExec.exe /X{17528AC4-E6C2-43CD-8D8D-A62BA476ADC7}
ZyDAS IEEE 802.11 b+g Wireless LAN - USB --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{581CE7EA-A30D-0000-1211-088635773309}\Setup.exe" -l0x9


-- Application Event Log -------------------------------------------------------

Event Record #/Type3400 / Error
Event Submitted/Written: 07/25/2008 09:45:55 AM
Event ID/Source: 455 / ESENT
Event Description:
wuaueng.dll (2204) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Event Record #/Type3399 / Error
Event Submitted/Written: 07/25/2008 09:45:55 AM
Event ID/Source: 489 / ESENT
Event Description:
wuauclt (2204) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type3398 / Error
Event Submitted/Written: 07/25/2008 09:45:45 AM
Event ID/Source: 455 / ESENT
Event Description:
wuaueng.dll (2204) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Event Record #/Type3397 / Error
Event Submitted/Written: 07/25/2008 09:45:45 AM
Event ID/Source: 489 / ESENT
Event Description:
wuauclt (2204) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type3324 / Error
Event Submitted/Written: 07/22/2008 09:53:27 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application svchost.exe, version 5.1.2600.2180, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.
Processing media-specific event for [svchost.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type61094 / Error
Event Submitted/Written: 07/27/2008 00:05:33 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type61092 / Error
Event Submitted/Written: 07/27/2008 11:46:16 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type61091 / Error
Event Submitted/Written: 07/27/2008 11:46:11 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type61090 / Error
Event Submitted/Written: 07/27/2008 11:46:07 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type61089 / Error
Event Submitted/Written: 07/27/2008 11:46:03 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-07-27 12:08:47 ------------

Merged topics. ~ OB

Edited by Orange Blossom, 27 July 2008 - 12:58 PM.


#3 oboist1

oboist1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 27 July 2008 - 04:36 PM

Title was: Several Exe Programs Will Not Run, Added details - Kaspersky Virus Scan ~ OB

Several of my exe programs will not run (TaxCut, PhotoStudio, Play DVD's etc.)

Also, some times I hear an unusual never heard before "click-click-click-whir" from the hard drive that results in delays or program bombs.

The problems seemed to start after I downloaded the 2.4.1 version of OpenOffice (upgrade from 2.3). It may be a virus or just a lousy download or both. I cannot tell.

As a precaution, I removed 3 virus programs (Avira, Avast! and Webroot) that may have been causing conflicts. I used the Avira, Avast! and Webroot removal programs for through deletions. They were removed AFTER I had made the OpenOffice upgrade. I also removed OpenOffice.

I tried to run Kaspersky Online Scanner. The program and definition downloads seemed to work okay. When I tried to run the Kaspersky, it started running well. Then the repeated "click-click-click-whir" started kicking in again - about every 50 scanned files. After very slow progress, I shut it down. I was concerned I might shorten the life of the HD a lot. Ordinarily, I am used to virus scans taking several hours. This scan likely would have taken DAYS.

My gut feel (and that is all it is) is this is a corrupted file or files, not a virus. I ran a few other virus programs prior to entering this site. They took forever but none showed a virus. Avira showed a few "warning files" which "could not be opened" but no viruses. Webroot refused to run. When I called Webroot, they advised removing Avira and Avast! due to potential virus program conflicts. So I removed them all. I tried to reinstall Webroot Anti-Virus on my now virus program free computer. No success.

I also ran DeFrag and tried to do some diagnostics. Unfortunately, my computer came pre-loaded with Win XP Pro so I do not have a back up Win XP SP2 disk. I am still trying to get a hard copy. Then I'll use some of the sites and programs recommended here for a deeper look.

While I call around for a copy of Win XP, here are the HiJack/DSS scans:

Thanks for your help. smile.gif

Steve

Deckard's System Scanner v20071014.68
Run by USER on 2008-07-27 12:04:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
65: 2008-07-27 17:04:38 UTC - RP390 - Deckard's System Scanner Restore Point
64: 2008-07-26 21:43:09 UTC - RP389 - Software Distribution Service 3.0
63: 2008-07-25 18:41:57 UTC - RP388 - Uniblue RegistryBooster
62: 2008-07-25 18:40:22 UTC - RP387 - Uniblue RegistryBooster
61: 2008-07-25 17:21:27 UTC - RP386 - Restore Operation


-- First Restore Point --
1: 2008-06-10 14:49:05 UTC - RP326 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as USER.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:15 PM, on 7/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\WLAN\ACU.exe
C:\Program Files\SoftSwift\Enhanced Windows Backup\EWBackup.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NetZero\exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\NetZero\exec.exe
C:\Documents and Settings\USER\Desktop\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\USER.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PCTVOICE] "C:\WINDOWS\system32\pctspk.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -k
O4 - HKLM\..\Run: [ACU] "C:\Program Files\WLAN\ACU.exe" -nogui
O4 - HKLM\..\Run: [EWBACKUP] "C:\Program Files\SoftSwift\Enhanced Windows Backup\EWBackup.exe" /Q /START
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: Show All Original Images - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Show Original Image - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: WLAN Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Unknown owner - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe (file missing)
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7533 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 tapvpn (TAP VPN Adapter) - c:\windows\system32\drivers\tapvpn.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>
R3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 AR5523 (WLAN USB Wireless Network Adapter Service) - c:\windows\system32\drivers\ar5523.sys <Not Verified; WLAN Communications, Inc.; WLAN 5005 Wireless USB Network Adapter>
S3 BRGSp50 (BRGSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\brgsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (WLAN Configuration Service) - c:\windows\system32\acs.exe
R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>

S2 WDFNet (Webroot Desktop Firewall network service) - c:\program files\webroot\webroot desktop firewall\wdfsvc.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 570x Gigabit Integrated Controller
Device ID: PCI\VEN_14E4&DEV_165D&SUBSYS_865D1028&REV_01\4&39A85202&0&00F0
Manufacturer: Broadcom
Name: Broadcom 570x Gigabit Integrated Controller #2
PNP Device ID: PCI\VEN_14E4&DEV_165D&SUBSYS_865D1028&REV_01\4&39A85202&0&00F0
Service: b57w2k

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Dell Wireless 1350 WLAN Mini-PCI Card
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00031028&REV_03\4&39A85202&0&18F0
Manufacturer: Broadcom
Name: Dell Wireless 1350 WLAN Mini-PCI Card
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00031028&REV_03\4&39A85202&0&18F0
Service: BCM43XX


-- Scheduled Tasks -------------------------------------------------------------

2008-07-10 09:45:27 462 --a------ C:\WINDOWS\Tasks\WebReg 20080710094525.job
2007-09-21 18:53:27 340 -----n--- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1182296962.job
2007-06-22 08:32:56 104 -----n--- C:\WINDOWS\Tasks\Low Battery Alarm Program.job


-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-25 13:39:11 0 d-------- C:\Documents and Settings\USER\Application Data\Uniblue
2008-07-24 20:54:56 0 d-------- C:\Program Files\Trend Micro
2008-07-23 11:14:29 0 d--hs---- C:\WINDOWS\CSC
2008-07-21 20:56:20 326 --ah----- C:\Documents and Settings\USER\hpothb07.dat
2008-07-05 21:26:59 0 d-------- C:\Program Files\Moffsoft FreeCalc


-- Find3M Report ---------------------------------------------------------------

2008-07-25 16:20:23 0 d-------- C:\Documents and Settings\USER\Application Data\uTorrent
2008-07-25 08:28:48 164 --a------ C:\install.dat
2008-07-22 10:26:27 0 d-------- C:\Program Files\Alwil Software
2008-07-21 23:38:22 0 d-------- C:\Documents and Settings\USER\Application Data\OpenOffice.org2
2008-07-16 21:58:33 0 d-------- C:\Program Files\Java
2008-06-20 21:30:43 0 d-------- C:\Program Files\ZyDAS Technology Corporation
2008-06-18 12:01:19 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-06-17 08:56:59 0 d-------- C:\Documents and Settings\USER\Application Data\MSNInstaller
2008-06-02 14:25:31 0 d-------- C:\Program Files\SoftSwift
2008-06-01 07:16:57 0 d-------- C:\Program Files\WLAN


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [10/07/2005 04:13 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/10/2005 11:05 PM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [12/19/2005 11:08 AM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/06/2006 04:58 PM]
"PCTVOICE"="C:\WINDOWS\system32\pctspk.exe" [02/24/2003 05:35 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [10/18/2006 09:04 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/18/2006 08:58 PM]
"Samsung LBP SM"="C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" [04/04/2003 09:40 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep.exe" [08/04/2004 07:00 AM]
"ACU"="C:\Program Files\WLAN\ACU.exe" [09/05/2006 11:52 AM]
"EWBACKUP"="C:\Program Files\SoftSwift\Enhanced Windows Backup\EWBackup.exe" [02/01/2006 11:04 AM]
"@"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"NetZero_uoltray"="C:\Program Files\NetZero\exec.exe" [03/06/2007 07:00 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

C:\Documents and Settings\USER\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [4/13/2004 5:03:10 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [6/20/2007 7:26:57 AM]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [4/6/2003 1:17:18 AM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/6/2003 1:06:58 AM]
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [7/7/2008 11:50:55 AM]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98ce69a0-1ac5-11dc-865f-009096bbf937}]
AutoRun\command- E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe




-- End of Deckard's System Scanner: finished at 2008-07-27 12:08:47 ------------

===============================================================================
===============================================================================

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1400MHz
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 1535.23 MiB / 1105.81 MiB
Pagefile Memory (total/avail): 2155.7 MiB / 1870.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.98 MiB

C: is Fixed (NTFS) - 37.25 GiB total, 25.86 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC25N040ATCS04-0 - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.25 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\USER\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USER-737A973129
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\USER
LOGONSERVER=\\USER-737A973129
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\USER\LOCALS~1\Temp
TMP=C:\DOCUME~1\USER\LOCALS~1\Temp
USERDOMAIN=USER-737A973129
USERNAME=USER
USERPROFILE=C:\Documents and Settings\USER
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

USER (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
After Dark Games --> C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\After Dark Games\Uninst.isu"
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
APC PowerChute Personal Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
AQUAZONE DESKTOP GARDEN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21DFBF7E-DC05-4E87-A7D1-D5631A23ECED}\Setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Broadcom Gigabit Integrated Controller --> MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant D480 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Crash Analysis Tool --> MsiExec.exe /X{D5F881C2-B134-474E-AA60-B25DD218AE0D}
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Enhanced Windows Backup --> MsiExec.exe /X{DDFC1938-6B7B-4419-8D81-108B5B8D47C0}
FastStone Photo Resizer 2.5 --> C:\Program Files\FastStone Photo Resizer\uninst.exe
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
gobeProductive --> MsiExec.exe /I{0DB67C01-CFEA-4DBA-85C8-C15399E3FBE0}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotspot Shield 1.04 --> C:\Program Files\Hotspot Shield\Uninstall.exe
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 1200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
hp psc 1200 series --> rundll32 hpzcon07.dll,VendorJettison hp psc 1200 series
Impossible Golf --> C:\WINDOWS\iun507.exe C:\Program Files\Impossible Golf\irunin.ini
InfraRecorder --> C:\Program Files\InfraRecorder\uninstall.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
ML-1710 Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18499419-2B80-4C3F-86D3-C6C45CD2062E}\setup.exe"
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Moffsoft FreeCalc --> "C:\Program Files\Moffsoft FreeCalc\unins000.exe"
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Network Stumbler 0.4.0 (remove only) --> "C:\Program Files\Network Stumbler\uninst.exe"
NetZero Internet --> "C:\Program Files\NetZero\NetZeroUninstaller.exe"
O2Micro Smartcard Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C5BED10B-42A9-4142-B4C2-008C0FDE27D5} /l1033
oggcodecs 0.71.0946 --> C:\Program Files\illiminable\oggcodecs\uninst.exe
Palm Desktop --> MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
PCTEL 2304WT V.9x MDC Modem Drivers --> ptuninst.exe
Pdf995 (installed by TaxCut) --> C:\Program Files\pdf995\setup.exe uninstall
PdfEdit995 (installed by TaxCut) --> C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstall
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
Samsung Printer Status Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B140D361-80CB-4E59-B51B-6C048A31E297}\setup.exe"
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
TaxCut Premium 2007 --> MsiExec.exe /X{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}
TaxCut Standard 2006 --> C:\PROGRA~1\TaxCut06\Program\removetc.exe
Ulead DVD Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21DAFB84-2421-488F-B17D-102FF53396AA}\setup.exe" -l0x9
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WLAN USB Client Installation Program For XP/2K V2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2220A504-D171-4151-8D25-835F6499040D}\setup.exe" -l0x9 -removeonly
XML Paper Specification Shared Components Pack 1.0 -->
Zoner Photo Studio 7 --> MsiExec.exe /X{17528AC4-E6C2-43CD-8D8D-A62BA476ADC7}
ZyDAS IEEE 802.11 b+g Wireless LAN - USB --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{581CE7EA-A30D-0000-1211-088635773309}\Setup.exe" -l0x9


-- Application Event Log -------------------------------------------------------

Event Record #/Type3400 / Error
Event Submitted/Written: 07/25/2008 09:45:55 AM
Event ID/Source: 455 / ESENT
Event Description:
wuaueng.dll (2204) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Event Record #/Type3399 / Error
Event Submitted/Written: 07/25/2008 09:45:55 AM
Event ID/Source: 489 / ESENT
Event Description:
wuauclt (2204) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type3398 / Error
Event Submitted/Written: 07/25/2008 09:45:45 AM
Event ID/Source: 455 / ESENT
Event Description:
wuaueng.dll (2204) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Event Record #/Type3397 / Error
Event Submitted/Written: 07/25/2008 09:45:45 AM
Event ID/Source: 489 / ESENT
Event Description:
wuauclt (2204) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type3324 / Error
Event Submitted/Written: 07/22/2008 09:53:27 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application svchost.exe, version 5.1.2600.2180, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.
Processing media-specific event for [svchost.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type61094 / Error
Event Submitted/Written: 07/27/2008 00:05:33 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type61092 / Error
Event Submitted/Written: 07/27/2008 11:46:16 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type61091 / Error
Event Submitted/Written: 07/27/2008 11:46:11 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type61090 / Error
Event Submitted/Written: 07/27/2008 11:46:07 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type61089 / Error
Event Submitted/Written: 07/27/2008 11:46:03 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-07-27 12:08:47 ------------

Merged topics. ~ OB

Merged topics again. ~ OB

Oboist, please refrain from starting new topics on this issue. Please await a response from the HiJack This team before posting again or making additional changes to your computer. Starting new topics confuses things and delays the assistance you receive. Making changes without the HJT Team guidance can make the disinfection process more difficult.

Thank you,

Orange Blossom - Forum Moderator

Edited by Orange Blossom, 27 July 2008 - 10:34 PM.


#4 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 07 August 2008 - 06:38 PM

Hi oboist1, welcome to BC. I have reviewed your log and do not see any sign of malware. From your descriptions of the problems you are having I suspected hardware (hard drive) issues were at least part of the problem. These entries from your DSS logs would indicate that to be true.

Event Record #/Type61089 / Error
Event Submitted/Written: 07/27/2008 11:46:03 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

What I would suggest doing if you would still like to try to get some help here, is make a new post in a forum such as the Internal Hardware one. You can link back to this thread if you'd like.

#5 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 12 August 2008 - 05:41 PM

This topic will now be closed. If for some reason you need this topic reopened, you can PM me. This applies only to the original topic starter, everyone else please start your own topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users