Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-ups And Firefox Acting Up


  • This topic is locked This topic is locked
2 replies to this topic

#1 Ali.Bear

Ali.Bear

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 01 August 2008 - 11:42 PM

Hello all. To be honest I know nothing about computers, and I apologize for this since I won't be able to tell you for certain if I'm infected with anything. I never get pop-ups, but I have been lately. They're usually advertisements but one was blank, it had nothing on it and I couldn't close it. When I minimized Firefox, it just popped right back up, and right-clicking the pop-up tab and clicking close wasn't doing anything. Had to hit CTL+ALT+Delete and close it from the task manager and Firefox stopped working right after that and closed. I might just be being overly paranoid, but I did do a scan and would appreciate it if someone looking through and helped me out. Thank you!

----------Main.txt.-----------

Deckard's System Scanner v20071014.68
Run by Ali on 2008-08-01 21:24:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Ali.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:45 PM, on 8/1/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\SCardSvr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\Program Files\Corel\Graphics9\Register\Remind32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\Ali\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ali.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: ClientManager3.LNK = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
O4 - Startup: Corel Registration.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195862388843
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4463 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080408-203523-674 O4 - HKLM\..\Run: [Windows live Messenger] msn.com

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BIOS - c:\winnt\system32\drivers\bios.sys <Not Verified; BIOSTAR Group; BIOSTAR I/O driver fle>
R1 BUFADPT - c:\winnt\system32\bufadpt.sys <Not Verified; BUFFALO INC.; BUFFALO Wireless LAN>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - c:\winnt\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0>
R2 MCSTRM - c:\winnt\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bwsvc - c:\program files\buffalo\client manager3\bwsvc\bwsvc.exe -service <Not Verified; BUFFALO INC.; BUFFALO NETWORK SERVICE>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 Ventrilo - c:\program files\ventsrv\ventrilo_svc.exe (file missing)
S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&31DA2BFC&0&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&31DA2BFC&0&01
Service: NVENETFD


-- Files created between 2008-07-01 and 2008-08-01 -----------------------------

2008-08-01 15:10:53 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_338.dat
2008-07-28 01:23:19 0 d-------- C:\Documents and Settings\Ali\Application Data\Corel
2008-07-28 01:18:51 368912 -----n--- C:\WINNT\system32\VBAR332.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-07-28 01:18:50 1039360 -----n--- C:\WINNT\system32\MSJET35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-07-28 01:18:28 607744 -----n--- C:\WINNT\system32\Decslib.dll <Not Verified; Digital Equipment Corp.; Multimedia Services>
2008-07-28 01:16:49 39095 -----n--- C:\WINNT\iccsigs.dat
2008-07-28 01:16:48 112688 -----n--- C:\WINNT\system32\shw32.dll
2008-07-28 01:16:46 70656 -----n--- C:\WINNT\system32\3dviewer.dll <Not Verified; Apple Computer, Inc.; Apple Computer, Inc. QuickDraw 3D Viewer Controller>
2008-07-28 01:16:45 553984 -----n--- C:\WINNT\system32\rave.dll <Not Verified; Apple Computer, Inc.; Apple Computer, Inc. QuickDraw 3D Rendering Acceleration Virtual Engine - RAVE>
2008-07-28 01:16:45 909312 -----n--- C:\WINNT\system32\qd3d.dll <Not Verified; Apple Computer Inc.; Apple Computer, Inc. QuickDraw 3D>
2008-07-28 01:16:34 168448 -----n--- C:\WINNT\system32\Awrtl30.dll <Not Verified; WexTech Systems, Inc.; AnswerWorks>
2008-07-28 01:16:34 100864 -----n--- C:\WINNT\system32\awpe.dll <Not Verified; Corel Corporation Limited; AnswerWorks PerfectExpert>
2008-07-28 01:16:23 225280 -----n--- C:\WINNT\system32\Scint91.dll <Not Verified; Corel Corporation; CorelDRAW®>
2008-07-28 01:16:23 110592 -----n--- C:\WINNT\system32\Sccres91.dll <Not Verified; Corel Corporation; CorelDRAW®>
2008-07-28 01:16:23 245760 -----n--- C:\WINNT\system32\Sccomp91.dll <Not Verified; Corel Corporation; CorelDRAW®>
2008-07-28 01:16:17 0 d-------- C:\WINNT\Profiles
2008-07-28 01:16:16 0 d-------- C:\Program Files\Corel
2008-07-28 01:15:21 0 d-------- C:\WINNT\Corel
2008-07-25 14:24:06 0 d-------- C:\Documents and Settings\Ali\.thumbnails
2008-07-25 14:22:20 0 d-------- C:\Documents and Settings\Ali\Application Data\gtk-2.0
2008-07-25 14:20:30 0 d-------- C:\Documents and Settings\Ali\.gimp-2.4
2008-07-25 14:20:07 0 d-------- C:\Program Files\GIMP-2.0


-- Find3M Report ---------------------------------------------------------------

2008-07-28 02:08:15 1284772 ---h----- C:\WINNT\ShellIconCache
2008-06-02 00:56:29 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-01 00:02:35 0 d-------- C:\Documents and Settings\Ali\Application Data\Help


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [12/19/05 07:58p]
"Synchronization Manager"="mobsync.exe" [06/19/03 12:05p C:\WINNT\system32\mobsync.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/07 09:41a]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\Ali\Start Menu\Programs\Startup\
ClientManager3.LNK - C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe [7/24/2007 10:21:21 PM]
Corel Registration.lnk - C:\Program Files\Corel\Graphics9\Register\Remind32.exe [7/28/2008 1:16:57 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 1:15:54 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2008-08-01 21:26:29 ------------



-------------extra.txt.------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows 2000 Professional (build 2195) SP 4.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 4000+
Percentage of Memory in Use: 18%
Physical Memory (total/avail): 2046.47 MiB / 1676.01 MiB
Pagefile Memory (total/avail): 3939.93 MiB / 3692.82 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1959.86 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 127.99 GiB total, 89.68 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD1600JS-00MHB0 - 128 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 127.99 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is not configured.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ali\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALICAT
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ali
LOGONSERVER=\\ALICAT
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\Program Files\Mozilla Firefox;C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 7 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0702
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\Ali\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ali\LOCALS~1\Temp
USERDOMAIN=ALICAT
USERNAME=Ali
USERPROFILE=C:\Documents and Settings\Ali
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

Ali (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

Adobe Flash Player 9 ActiveX --> C:\WINNT\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player 11 --> C:\WINNT\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Adobe\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Software Update --> MsiExec.exe /I{492724FC-3B26-46B4-824F-3CE2722D9AA0}
BUFFALO Client Manager 3 --> C:\WINNT\UN800114.EXE /U
Corel Applications --> C:\WINNT\Corel\Uninst32.exe
GIMP 2.4.6 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{ABCE1C63-56ED-41FF-BEAF-57321F70DC49}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB928366) --> "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}
NVIDIA Drivers --> C:\WINNT\system32\nvudisp.exe UninstallGUI
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Security Update for DirectX 9 (KB941568) --> "C:\WINNT\$NtUninstallKB941568_DX9$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB904706) --> "C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB923689) --> "C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB941569) --> "C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
StoryView 2.0 --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Screenplay Systems\StoryView 2.0\Uninst.isu"
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 Family Fun Stuff --> C:\Program Files\EA GAMES\The Sims 2 Family Fun Stuff\EAUninstall.exe
The Sims 2 Glamour Life Stuff --> C:\Program Files\EA GAMES\The Sims 2 Glamour Life Stuff\EAUninstall.exe
The Sims 2 Nightlife --> C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business --> C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets --> C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University --> C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims™ 2 Bon Voyage --> C:\Program Files\EA GAMES\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 Celebration! Stuff --> C:\Program Files\EA GAMES\The Sims 2 Celebration! Stuff\EAUninstall.exe
The Sims™ 2 H&M® Fashion Stuff --> C:\Program Files\EA GAMES\The Sims 2 H&M® Fashion Stuff\EAUninstall.exe
The Sims™ 2 Seasons --> C:\Program Files\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2542 / Warning
Event Submitted/Written: 08/01/2008 03:23:34 AM
Event ID/Source: 4098 / EventSystem
Event Description:
The COM+ Event System failed to fire the Logoff method on subscription {0D957BDA-B10F-4544-8394-68C8B9CBA00B}. The subscriber returned HRESULT 800706BA.

Event Record #/Type2528 / Warning
Event Submitted/Written: 07/30/2008 00:30:14 AM
Event ID/Source: 4098 / EventSystem
Event Description:
The COM+ Event System failed to fire the Logoff method on subscription {3703BE2B-186D-4708-ABC6-69D67C28F575}. The subscriber returned HRESULT 800706BA.

Event Record #/Type2522 / Warning
Event Submitted/Written: 07/29/2008 04:57:32 AM
Event ID/Source: 4098 / EventSystem
Event Description:
The COM+ Event System failed to fire the Logoff method on subscription {28FDC5A3-4D4B-4BBB-AD3C-A190F2EF5730}. The subscriber returned HRESULT 800706BA.

Event Record #/Type2519 / Warning
Event Submitted/Written: 07/28/2008 05:50:13 PM
Event ID/Source: 4098 / EventSystem
Event Description:
The COM+ Event System failed to fire the Logoff method on subscription {CC68FAF2-B46B-4EDD-9A36-89C7ADD3A577}. The subscriber returned HRESULT 800706BA.

Event Record #/Type2498 / Warning
Event Submitted/Written: 07/27/2008 00:56:26 AM
Event ID/Source: 4098 / EventSystem
Event Description:
The COM+ Event System failed to fire the Logoff method on subscription {529BC44E-7BB7-4E6B-AAD4-4FBFC7554E3A}. The subscriber returned HRESULT 800706BA.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type6088 / Warning
Event Submitted/Written: 08/01/2008 08:50:33 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\FRED on the network \Device\NetBT_Tcpip_{4B6C32AE-9BF6-4242-AC9B-D18A6700D2DB}.
The data is the error code.

Event Record #/Type6087 / Warning
Event Submitted/Written: 08/01/2008 07:25:16 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\FRED on the network \Device\NetBT_Tcpip_{4B6C32AE-9BF6-4242-AC9B-D18A6700D2DB}.
The data is the error code.

Event Record #/Type6086 / Warning
Event Submitted/Written: 08/01/2008 06:48:02 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver HP Deskjet F300 series for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, hpoF3003.GPD, UNIDRV.HLP, hpoF300a.ini, hpzst43a.dll, hpoF3003.xml, hpzsc43a.dtd, hpzui43a.dll, hpz3r43a.dll, hpzpr43a.dll, hpcdmc32.dll, hpbcfgre.dll, hpohF300.exp, hpzle43a.dll, hpzsm43a.gpd, hpz3m43a.gpd, hpzev43a.dll, hpzhl43a.cab, STDNAMES.GPD, hpzla43a.dll, hpz3a43a.dll, hpzss43a.dll, hpfie43a.dll, hpfig43a.dll, hpfrs43a.dll, UNIRES.DLL.

Event Record #/Type6085 / Warning
Event Submitted/Written: 08/01/2008 04:36:36 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\FRED on the network \Device\NetBT_Tcpip_{4B6C32AE-9BF6-4242-AC9B-D18A6700D2DB}.
The data is the error code.

Event Record #/Type6084 / Error
Event Submitted/Written: 08/01/2008 03:08:40 PM / 08/01/2008 03:08:42 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Ventrilo service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-08-01 21:26:29 ------------

BC AdBot (Login to Remove)

 


#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:12:55 PM

Posted 10 August 2008 - 10:41 PM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


If you already preformed the steps above We still need to see the current state of the machine fresh scan and logs are still necessary

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with dss reports main.txt, extra.txt and Kaspersky report.

Regards
SNOWHITE
Posted Image

#3 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:12:55 PM

Posted 21 August 2008 - 04:19 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Thank you :thumbsup:
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users