who needs a chalenge [Archive] - Safer-Networking Forums

View Full Version : who needs a chalenge

musicalpulltoy

2009-03-11, 09:58

hello
i got hanging at login, things that go bump on the desk top,2 spybot runnin gat same time,msmsgs that runs from the mouse. :eek: or is it just me?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:24:26, on 3/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\IPoint.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\hjt.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://anywebcam.com/
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: TrueSwitch Wizard NetZero.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: TeaTimer.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236657663187
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10567 bytes

shelf life

2009-03-12, 23:28

hi musicalpulltoy,

Dont see any visible malware in the log. Spybot coming up clean after a scan?
Having any signs of malware? (http://www.virusvault.us/signs1.html)

musicalpulltoy

2009-03-13, 08:07

hey.
port access and restart messages would pop up and when restarted it show task bar then freeze. draging task manager window would leave trails was only way to shut down... ran ccleaner then finally it kept rebooting. i found brisv.a and infoseek, ran fix brisva. think they are gone... fumbled around in safe mode fiound a mystery administrator. found an extra line in environment variables for admin and alzip at the end of this line > C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files tryd last known good start up got back into windows.. but some programs wont open, it runs slow at times... trashed norton it had those script errors got avg.. spybot has 2 icons in task bar (usually 2) 1.6 and 1.5 so each 1 ask accept or deny..the spybot log is full of repeat actions the common folder opens at start up.. folders may open a-z or z-a have ran gner and just tried runalyzer... yes i tryied fixing already,,,give a fish eat for a day...teach to fish and... :D

thank you
oooh avg got trueassistant

heres the latest

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:47:55, on 3/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\program files\common files\installshield\updateservice\issch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NetZero\exec.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft IntelliPoint\IPoint.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Safer Networking\RunAlyzer\RunAlyzer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Sony\SonicStage\Omgjbox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://anywebcam.com/
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-21-568191015-1718633496-2420415380-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - Startup: TrueSwitch Wizard NetZero.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: TeaTimer.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236657663187
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9D056F3-F810-4735-9E1F-3A863E781EE8}: NameServer = 64.136.52.73 64.136.44.73
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 8792 bytes

shelf life

2009-03-14, 22:09

lets get MBAM as another check for any malware:

Please download Malwarebytes' Anti-Malware (MBAM) to your desktop:

http://www.malwarebytes.org/mbam.php

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click **Remove Selected.**
*A restart may be required to finish the clean up process*
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

please post the MBAM log in reply

musicalpulltoy

2009-03-15, 08:43

howdy

heres mbam log
it had to restart. when it did it froze after icons and task bar loaded. second restart seemed long. also blizzard download has suddenly appeared. whats a good firewall?

thanks

Malwarebytes' Anti-Malware 1.34
Database version: 1849
Windows 5.1.2600 Service Pack 3

3/14/2009 11:42:16 PM
mbam-log-2009-03-14 (23-42-16).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 296786
Time elapsed: 2 hour(s), 22 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.

shelf life

2009-03-15, 15:53

hi

Not seeing much as far as malware goes.
post a uninstall list using hjt:
start hjt
click on open misc tools section
open uninstall manager
save list
you can copy/paste the list in your reply.

musicalpulltoy

2009-03-16, 00:34

back bat ya

maybe the registry?? or...

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 3/15/2009
Time: 13:23:30
User: N/A
Computer: SAVANNAH
Description:
The COM+ System Application service terminated unexpectedly. It has done this 3 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

uninstall log

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
ATI Control Panel
ATI Display Driver
AVG Free 8.5
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Big Kahuna Reef from HP Media Center (remove only)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Holidays from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
CCleaner (remove only)
Crystal Maze from HP Media Center (remove only)
Digby's Donuts from HP Media Center (remove only)
EPSON Printer Software
EPSON Scan
FATE Demo from HP Media Center (remove only)
Flip Words from HP Media Center (remove only)
GemMaster Mystic
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HP Tunes
Insaniquarium Deluxe from HP Media Center (remove only)
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
Java(TM) 6 Update 11
Jewel Quest from HP Media Center (remove only)
Logitech ImageStudio
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
muvee autoProducer 4.0
muvee autoProducer unPlugged 1.1 - HPD
NETGEAR WG111v3 wireless USB 2.0 adapter
Office 2003 Tour
Ogg Codecs 0.81.15562
Otto
PC-Doctor 5 for Windows
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PS2
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2005
QuickTime
RealPlayer
Ricochet Lost Worlds from HP Media Center (remove only)
RunAlyzer
SCRABBLE Blast from HP Media Center (remove only)
SCRABBLE from HP Media Center (remove only)
SCRABBLE Rack Attack from HP Media Center (remove only)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
Slingo Deluxe from HP Media Center (remove only)
Slyder from HP Media Center (remove only)
Sonic Encoders
SonicStage 2.3.00
Spybot - Search & Destroy
Super Granny from HP Media Center (remove only)
Swarm from HP Media Center (remove only)
TightVNC 1.3.10
Tradewinds from HP Media Center (remove only)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Updates from HP (remove only)
User Profile Hive Cleanup Service
Windows Media Format Runtime
Windows Media Player 10 Hotfix [See KB889858 for more information]
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB895678
Windows XP Service Pack 3

shelf life

2009-03-18, 19:43

hi,

sorry for delay, I have not been on line the last few days. Really i cant give you any specific answer for the error msg. Is the HP computer still under warranty?
Have you checked the HP website? They have good troubleshooting sections that could clues or suggestion to try. Install any new software lately?

you might try poping in the windows install cd and: run>start and type in:
sfc /scannow
see link:
http://www.bleepingcomputer.com/forums/topic43051.html

musicalpulltoy

2009-03-19, 21:11

hey

oki doki.. ill try them places. thank you tho :D

musicalpulltoy

2009-03-22, 16:49

hey...

i tried the sfc /scannow. the copy i made when pc was new doesnt have the files the scan is looking for. the xp discs i have dont either. the cd burner wont work to make the i386 disc....
i updated recently at hp and windows is on auto updeate..

shelf life

2009-03-22, 19:01

spybot has 2 icons in task bar (usually 2) 1.6 and 1.5
maybe you should uninstall Spybot just to narrow the problems down. Ever thought about re-installing Windows?

musicalpulltoy

2009-03-24, 23:33

hey....

reinstall as last resort. this is a learning process to.
had it restarting good the link below>>>>>>>

http://h10025.www1.hp.com/ewfrf/wc/document?docname=bph07365&cc=us&lc=en&dlc=en&product=1118241

looky at these..
thanks

from comodo install

Application.Win32.AdWare.Reboot.~A(ID = 0x168e22) C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe
ApplicUnsaf.Win32.Shutdowner.DB(ID = 0x581c4) C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\restart.exe
Application.Win32.AdWare.Reboot.~A(ID = 0x168e22) C:\Documents and Settings\HP_Administrator.SAVANNAH.000\Desktop\SmitfraudFix\Reboot.exe
ApplicUnsaf.Win32.Shutdowner.DB(ID = 0x581c4) C:\Documents and Settings\HP_Administrator.SAVANNAH.000\Desktop\SmitfraudFix\restart.exe
Application.Win32.KillProc.~A(ID = 0x7fa847) C:\hp\bin\KillWind.exe
Anti.Broadcaster.01(ID = 0xe284) C:\Program Files\anywebcam\Broadcaster.exe
ApplicUnwnt.Win32.Adware.SearchIt.t(ID = 0x588824) C:\Program Files\Online Services\AOL\United States\AOL90\comps\toolbar\toolbr.EXE
ruinanylize

date/time : 2009-03-12, 18:47:00, 417ms
computer name : SAVANNAH
user name : HP_Administrator <admin>
operating system : Windows XP Media Center Service Pack 3 build 2600
system language : English
system up time : 8 hours 26 minutes
program up time : 4 minutes 44 seconds
processor : AMD Athlon(tm) 64 Processor 3500+
physical memory : 107/446 MB (free/total)
free disk space : (C:) 136.95 GB
display mode : 1280x1024, 32 bit
process id : $794
allocated memory : 84.59 MB
executable : RunAlyzer.exe
exec. date/time : 2008-06-24 10:51
version : 1.6.0.22
compiled with : Delphi 2006/07
madExcept version : 3.0h
callstack crc : $6cbda850, $adf51517, $adf51517
RunAlyzer.exe.mad : $0002b5e8, $465138d8, $d0cffba1
exception number : 1
exception class : EOutOfResources
exception message : Out of system resources.

main thread ($cf4):
004736a0 +034 RunAlyzer.exe segment%32 public%3479
0047373e +07e RunAlyzer.exe segment%32 public%3480
0047376f +007 RunAlyzer.exe segment%32 public%3481
00477112 +2d2 RunAlyzer.exe segment%32 public%3602
00477917 +063 RunAlyzer.exe segment%32 public%3608
004792e4 +04c RunAlyzer.exe segment%32 public%3652
00478bcf +013 RunAlyzer.exe segment%32 public%3641
004eaaa2 +dc6 RunAlyzer.exe segment%61 public%6563
004e45f7 +0b3 RunAlyzer.exe segment%61 public%6449
004b182f +057 RunAlyzer.exe segment%51 public%5346
004ad0c9 +055 RunAlyzer.exe segment%51 public%5139
004ad6ab +03f RunAlyzer.exe segment%51 public%5143
004b17c8 +010 RunAlyzer.exe segment%51 public%5345
004dc1f5 +055 RunAlyzer.exe segment%61 public%6271
004a91e7 +2bb RunAlyzer.exe segment%51 public%4991
004acf2d +499 RunAlyzer.exe segment%51 public%5136
004e64f2 +0e6 RunAlyzer.exe segment%61 public%6481
004ac6b8 +02c RunAlyzer.exe segment%51 public%5131
0046d3f4 +014 RunAlyzer.exe segment%28 public%3245
7c90e450 +010 ntdll.dll KiUserCallbackDispatcher
0046c733 +00f RunAlyzer.exe segment%28 public%3200
004bcb6d +031 RunAlyzer.exe segment%53 public%5673
004bd834 +050 RunAlyzer.exe segment%53 public%5730
0046c5ff +013 RunAlyzer.exe segment%28 public%3189
004a96d5 +04d RunAlyzer.exe segment%51 public%4998
00505bf4 +000 RunAlyzer.exe segment%68 public%7224
004a9b67 +06b RunAlyzer.exe segment%51 public%5015
004a91e7 +2bb RunAlyzer.exe segment%51 public%4991
004a8e74 +024 RunAlyzer.exe segment%51 public%4987
004ac7ae +0aa RunAlyzer.exe segment%51 public%5132
004ac876 +0a6 RunAlyzer.exe segment%51 public%5133
004a8e74 +024 RunAlyzer.exe segment%51 public%4987
004aca81 +0a1 RunAlyzer.exe segment%51 public%5135
004acde7 +353 RunAlyzer.exe segment%51 public%5136
0050a479 +241 RunAlyzer.exe segment%68 public%7344
004ac6b8 +02c RunAlyzer.exe segment%51 public%5131
0046d3f4 +014 RunAlyzer.exe segment%28 public%3245
7e4196c2 +00a USER32.dll DispatchMessageA
0049fc08 +0fc RunAlyzer.exe segment%50 public%4674
0049fc2a +00a RunAlyzer.exe segment%50 public%4675
005bdcf8 +3d0 RunAlyzer.exe segment%233 public%10559
005b9a16 +02e RunAlyzer.exe segment%233 public%10484
0048e8d3 +00f RunAlyzer.exe segment%45 public%4155
0048e7b7 +02b RunAlyzer.exe segment%45 public%4150
0046d3f4 +014 RunAlyzer.exe segment%28 public%3245
7e4196c2 +00a USER32.dll DispatchMessageA
0049fc08 +0fc RunAlyzer.exe segment%50 public%4674
0049fc42 +00a RunAlyzer.exe segment%50 public%4676
0049fe62 +096 RunAlyzer.exe segment%50 public%4681
005c0ac8 +064 RunAlyzer.exe segment%360 public%10690

thread $ef8:
7c90df2a +a ntdll.dll NtWaitForMultipleObjects

thread $9c8:
7c90d1fa +a ntdll.dll NtDelayExecution

thread $f88:
7c90da2a +a ntdll.dll NtRemoveIoCompletion

thread $810:
7c90df2a +a ntdll.dll NtWaitForMultipleObjects

thread $99c (TWorkerThread):
7c90df3a +0a ntdll.dll NtWaitForSingleObject
7c8025d5 +85 kernel32.dll WaitForSingleObjectEx
7c80253d +0d kernel32.dll WaitForSingleObject
004cba4d +19 RunAlyzer.exe segment%61 public%5926
0044c087 +2b RunAlyzer.exe segment%22 public%2071
0046b6e0 +34 RunAlyzer.exe segment%28 public%3118
004050c4 +28 RunAlyzer.exe segment%0 public%229
0044bf69 +0d RunAlyzer.exe segment%22 public%2069
0044bfd3 +37 RunAlyzer.exe segment%22 public%2070
>> created by main thread ($cf4) at:
004cb992 +16 RunAlyzer.exe segment%61 public%5923

thread $398c:
7c90df2a +00a ntdll.dll NtWaitForMultipleObjects
7c80956e +000 kernel32.dll WaitForMultipleObjectsEx
7c80a100 +013 kernel32.dll WaitForMultipleObjects
0044bf69 +00d RunAlyzer.exe segment%22 public%2069
0044bfd3 +037 RunAlyzer.exe segment%22 public%2070
>> created by main thread ($cf4) at:
769c887a +273 USERENV.dll RegisterGPNotification

date/time : 2009-03-12, 18:57:14, 995ms
computer name : SAVANNAH
user name : HP_Administrator <admin>
operating system : Windows XP Media Center Service Pack 3 build 2600
system language : English
system up time : 8 hours 36 minutes
program up time : 14 minutes 59 seconds
processor : AMD Athlon(tm) 64 Processor 3500+
physical memory : 87/446 MB (free/total)
free disk space : (C:) 136.95 GB
display mode : 1280x1024, 32 bit
process id : $794
allocated memory : 86.87 MB
executable : RunAlyzer.exe
exec. date/time : 2008-06-24 10:51
version : 1.6.0.22
compiled with : Delphi 2006/07
madExcept version : 3.0h
callstack crc : $6cbda850, $5280db03, $5280db03
count : 3
RunAlyzer.exe.mad : $0002b5e8, $465138d8, $d0cffba1
exception number : 6
exception class : EOutOfResources
exception message : Out of system resources.

main thread ($cf4):
004736a0 +034 RunAlyzer.exe segment%32 public%3479
0047373e +07e RunAlyzer.exe segment%32 public%3480
0047376f +007 RunAlyzer.exe segment%32 public%3481
00477112 +2d2 RunAlyzer.exe segment%32 public%3602
00477917 +063 RunAlyzer.exe segment%32 public%3608
004792e4 +04c RunAlyzer.exe segment%32 public%3652
00478bcf +013 RunAlyzer.exe segment%32 public%3641
004eaaa2 +dc6 RunAlyzer.exe segment%61 public%6563
004e45f7 +0b3 RunAlyzer.exe segment%61 public%6449
004b182f +057 RunAlyzer.exe segment%51 public%5346
004ad0c9 +055 RunAlyzer.exe segment%51 public%5139
004ad6ab +03f RunAlyzer.exe segment%51 public%5143
004b17c8 +010 RunAlyzer.exe segment%51 public%5345
004dc1f5 +055 RunAlyzer.exe segment%61 public%6271
004a91e7 +2bb RunAlyzer.exe segment%51 public%4991
004acf2d +499 RunAlyzer.exe segment%51 public%5136
004e64f2 +0e6 RunAlyzer.exe segment%61 public%6481
004ac6b8 +02c RunAlyzer.exe segment%51 public%5131
0046d3f4 +014 RunAlyzer.exe segment%28 public%3245
7c90eb74 +059 ntdll.dll RtlAnsiStringToUnicodeString
7c90e450 +010 ntdll.dll KiUserCallbackDispatcher
0046c733 +00f RunAlyzer.exe segment%28 public%3200
004bcb6d +031 RunAlyzer.exe segment%53 public%5673
004bd834 +050 RunAlyzer.exe segment%53 public%5730
0046c5ff +013 RunAlyzer.exe segment%28 public%3189
004a96d5 +04d RunAlyzer.exe segment%51 public%4998
00505bf4 +000 RunAlyzer.exe segment%68 public%7224
004a9b67 +06b RunAlyzer.exe segment%51 public%5015
004a91e7 +2bb RunAlyzer.exe segment%51 public%4991
004a8e74 +024 RunAlyzer.exe segment%51 public%4987
004ac7ae +0aa RunAlyzer.exe segment%51 public%5132
004ac876 +0a6 RunAlyzer.exe segment%51 public%5133
004a8e74 +024 RunAlyzer.exe segment%51 public%4987
004aca81 +0a1 RunAlyzer.exe segment%51 public%5135
004acde7 +353 RunAlyzer.exe segment%51 public%5136
0050a479 +241 RunAlyzer.exe segment%68 public%7344
004ac6b8 +02c RunAlyzer.exe segment%51 public%5131
0046d3f4 +014 RunAlyzer.exe segment%28 public%3245
7e4196c2 +00a USER32.dll DispatchMessageA
0049fc08 +0fc RunAlyzer.exe segment%50 public%4674
0049fc2a +00a RunAlyzer.exe segment%50 public%4675
005bdcf8 +3d0 RunAlyzer.exe segment%233 public%10559
005b9a16 +02e RunAlyzer.exe segment%233 public%10484
0048e8d3 +00f RunAlyzer.exe segment%45 public%4155
0048e7b7 +02b RunAlyzer.exe segment%45 public%4150
0046d3f4 +014 RunAlyzer.exe segment%28 public%3245
7e4196c2 +00a USER32.dll DispatchMessageA
0049fc08 +0fc RunAlyzer.exe segment%50 public%4674
0049fc42 +00a RunAlyzer.exe segment%50 public%4676
0049fe62 +096 RunAlyzer.exe segment%50 public%4681
005c0ac8 +064 RunAlyzer.exe segment%360 public%10690

thread $9c8:
7c90d1fa +a ntdll.dll NtDelayExecution

thread $f88:
7c90da2a +a ntdll.dll NtRemoveIoCompletion

thread $810:
7c90df2a +a ntdll.dll NtWaitForMultipleObjects

thread $99c (TWorkerThread):
7c90df3a +0a ntdll.dll NtWaitForSingleObject
7c8025d5 +85 kernel32.dll WaitForSingleObjectEx
7c80253d +0d kernel32.dll WaitForSingleObject
004cba4d +19 RunAlyzer.exe segment%61 public%5926
0044c087 +2b RunAlyzer.exe segment%22 public%2071
0046b6e0 +34 RunAlyzer.exe segment%28 public%3118
004050c4 +28 RunAlyzer.exe segment%0 public%229
0044bf69 +0d RunAlyzer.exe segment%22 public%2069
0044bfd3 +37 RunAlyzer.exe segment%22 public%2070
>> created by main thread ($cf4) at:
004cb992 +16 RunAlyzer.exe segment%61 public%5923

thread $398c:
7c90df2a +00a ntdll.dll NtWaitForMultipleObjects
7c80956e +000 kernel32.dll WaitForMultipleObjectsEx
7c80a100 +013 kernel32.dll WaitForMultipleObjects
0044bf69 +00d RunAlyzer.exe segment%22 public%2069
0044bfd3 +037 RunAlyzer.exe segment%22 public%2070
>> created by main thread ($cf4) at:
769c887a +273 USERENV.dll RegisterGPNotification

date/time : 2009-03-12, 18:57:16, 58ms
computer name : SAVANNAH
user name : HP_Administrator <admin>
operating system : Windows XP Media Center Service Pack 3 build 2600
system language : English
system up time : 8 hours 36 minutes
program up time : 15 minutes
processor : AMD Athlon(tm) 64 Processor 3500+
physical memory : 87/446 MB (free/total)
free disk space : (C:) 136.95 GB
display mode : 1280x1024, 32 bit
process id : $794
allocated memory : 86.87 MB
executable : RunAlyzer.exe
exec. date/time : 2008-06-24 10:51
version : 1.6.0.22
compiled with : Delphi 2006/07
madExcept version : 3.0h
callstack crc : $6cbda850, $022bf186, $022bf186
count : 3
RunAlyzer.exe.mad : $0002b5e8, $465138d8, $d0cffba1
exception number : 7
exception class : EOutOfResources
exception message : Out of system resources.

main thread ($cf4):
004736a0 +034 RunAlyzer.exe segment%32 public%3479
0047373e +07e RunAlyzer.exe segment%32 public%3480
0047376f +007 RunAlyzer.exe segment%32 public%3481
00477112 +2d2 RunAlyzer.exe segment%32 public%3602
00477917 +063 RunAlyzer.exe segment%32 public%3608
004792e4 +04c RunAlyzer.exe segment%32 public%3652
00478bcf +013 RunAlyzer.exe segment%32 public%3641
004eaaa2 +dc6 RunAlyzer.exe segment%61 public%6563
004e45f7 +0b3 RunAlyzer.exe segment%61 public%6449
004b182f +057 RunAlyzer.exe segment%51 public%5346
004ad0c9 +055 RunAlyzer.exe segment%51 public%5139
004ad6ab +03f RunAlyzer.exe segment%51 public%5143
004b17c8 +010 RunAlyzer.exe segment%51 public%5345
004dc1f5 +055 RunAlyzer.exe segment%61 public%6271
004a91e7 +2bb RunAlyzer.exe segment%51 public%4991
004a9a82 +06e RunAlyzer.exe segment%51 public%5012
004a91e7 +2bb RunAlyzer.exe segment%51 public%4991
004acf2d +499 RunAlyzer.exe segment%51 public%5136
004e64f2 +0e6 RunAlyzer.exe segment%61 public%6481
004ac6b8 +02c RunAlyzer.exe segment%51 public%5131
0046d3f4 +014 RunAlyzer.exe segment%28 public%3245
7c90eb74 +059 ntdll.dll RtlAnsiStringToUnicodeString
7c90e450 +010 ntdll.dll KiUserCallbackDispatcher
0046c733 +00f RunAlyzer.exe segment%28 public%3200
004bcb6d +031 RunAlyzer.exe segment%53 public%5673
004bd834 +050 RunAlyzer.exe segment%53 public%5730
0046c5ff +013 RunAlyzer.exe segment%28 public%3189
004a96d5 +04d RunAlyzer.exe segment%51 public%4998
00505bf4 +000 RunAlyzer.exe segment%68 public%7224
004a9b67 +06b RunAlyzer.exe segment%51 public%5015
004a91e7 +2bb RunAlyzer.exe segment%51 public%4991
004a8e74 +024 RunAlyzer.exe segment%51 public%4987
004ac7ae +0aa RunAlyzer.exe segment%51 public%5132
004ac876 +0a6 RunAlyzer.exe segment%51 public%5133
004a8e74 +024 RunAlyzer.exe segment%51 public%4987
004aca81 +0a1 RunAlyzer.exe segment%51 public%5135
004acde7 +353 RunAlyzer.exe segment%51 public%5136
0050a479 +241 RunAlyzer.exe segment%68 public%7344
004ac6b8 +02c RunAlyzer.exe segment%51 public%5131
0046d3f4 +014 RunAlyzer.exe segment%28 public%3245
7e4196c2 +00a USER32.dll DispatchMessageA
0049fc08 +0fc RunAlyzer.exe segment%50 public%4674
0049fc2a +00a RunAlyzer.exe segment%50 public%4675
005bdcf8 +3d0 RunAlyzer.exe segment%233 public%10559
005b9a16 +02e RunAlyzer.exe segment%233 public%10484
0048e8d3 +00f RunAlyzer.exe segment%45 public%4155
0048e7b7 +02b RunAlyzer.exe segment%45 public%4150
0046d3f4 +014 RunAlyzer.exe segment%28 public%3245
7e4196c2 +00a USER32.dll DispatchMessageA
0049fc08 +0fc RunAlyzer.exe segment%50 public%4674
0049fc42 +00a RunAlyzer.exe segment%50 public%4676
0049fe62 +096 RunAlyzer.exe segment%50 public%4681
005c0ac8 +064 RunAlyzer.exe segment%360 public%10690

thread $9c8:
7c90d1fa +a ntdll.dll NtDelayExecution

thread $f88:
7c90da2a +a ntdll.dll NtRemoveIoCompletion

thread $810:
7c90df2a +a ntdll.dll NtWaitForMultipleObjects

thread $99c (TWorkerThread):
7c90df3a +0a ntdll.dll NtWaitForSingleObject
7c8025d5 +85 kernel32.dll WaitForSingleObjectEx
7c80253d +0d kernel32.dll WaitForSingleObject
004cba4d +19 RunAlyzer.exe segment%61 public%5926
0044c087 +2b RunAlyzer.exe segment%22 public%2071
0046b6e0 +34 RunAlyzer.exe segment%28 public%3118
004050c4 +28 RunAlyzer.exe segment%0 public%229
0044bf69 +0d RunAlyzer.exe segment%22 public%2069
0044bfd3 +37 RunAlyzer.exe segment%22 public%2070
>> created by main thread ($cf4) at:
004cb992 +16 RunAlyzer.exe segment%61 public%5923

thread $398c:
7c90df2a +00a ntdll.dll NtWaitForMultipleObjects
7c80956e +000 kernel32.dll WaitForMultipleObjectsEx
7c80a100 +013 kernel32.dll WaitForMultipleObjects
0044bf69 +00d RunAlyzer.exe segment%22 public%2069
0044bfd3 +037 RunAlyzer.exe segment%22 public%2070
>> created by main thread ($cf4) at:
769c887a +273 USERENV.dll RegisterGPNotification

date/time : 2009-03-13, 00:56:23, 542ms
computer name : SAVANNAH
user name : HP_Administrator <admin>
operating system : Windows XP Media Center Service Pack 3 build 2600
system language : English
system up time : 14 hours 35 minutes
program up time : 5 hours 59 minutes
processor : AMD Athlon(tm) 64 Processor 3500+
physical memory : 24/446 MB (free/total)
free disk space : (C:) 136.91 GB
display mode : 1280x1024, 32 bit
process id : $ff30
allocated memory : 133.33 MB
executable : RunAlyzer.exe
exec. date/time : 2008-06-24 10:51
version : 1.6.0.22
compiled with : Delphi 2006/07
madExcept version : 3.0h
callstack crc : $b0064146, $cbc99bf1, $cbc99bf1
RunAlyzer.exe.mad : $0002b5e8, $465138d8, $d0cffba1
exception number : 1
exception class : EOutOfMemory
exception message : Out of memory.

main thread ($ff34):
00405225 +11 RunAlyzer.exe segment%0 public%236
0040524b +0b RunAlyzer.exe segment%0 public%237
0045038b +13 RunAlyzer.exe segment%23 public%2163
005be1dc +74 RunAlyzer.exe segment%233 public%10560
0048e8d3 +0f RunAlyzer.exe segment%45 public%4155
0048e7b7 +2b RunAlyzer.exe segment%45 public%4150
0046d3f4 +14 RunAlyzer.exe segment%28 public%3245
7e4196c2 +0a USER32.dll DispatchMessageA
0049fc08 +fc RunAlyzer.exe segment%50 public%4674
0049fc42 +0a RunAlyzer.exe segment%50 public%4676
0049fe62 +96 RunAlyzer.exe segment%50 public%4681
005c0ac8 +64 RunAlyzer.exe segment%360 public%10690

thread $ff48:
7c90d1fa +a ntdll.dll NtDelayExecution

thread $ff4c:
7c90da2a +a ntdll.dll NtRemoveIoCompletion

thread $ff50:
7c90df2a +a ntdll.dll NtWaitForMultipleObjects

thread $ff54 (TWorkerThread):
7c90df3a +0a ntdll.dll NtWaitForSingleObject
7c8025d5 +85 kernel32.dll WaitForSingleObjectEx
7c80253d +0d kernel32.dll WaitForSingleObject
004cba4d +19 RunAlyzer.exe segment%61 public%5926
0044c087 +2b RunAlyzer.exe segment%22 public%2071
0046b6e0 +34 RunAlyzer.exe segment%28 public%3118
004050c4 +28 RunAlyzer.exe segment%0 public%229
0044bf69 +0d RunAlyzer.exe segment%22 public%2069
0044bfd3 +37 RunAlyzer.exe segment%22 public%2070
>> created by main thread ($ff34) at:
004cb992 +16 RunAlyzer.exe segment%61 public%5923

thread $ff94:
7c90df2a +00a ntdll.dll NtWaitForMultipleObjects
7c80956e +000 kernel32.dll WaitForMultipleObjectsEx
7c80a100 +013 kernel32.dll WaitForMultipleObjects
0044bf69 +00d RunAlyzer.exe segment%22 public%2069
0044bfd3 +037 RunAlyzer.exe segment%22 public%2070
>> created by main thread ($ff34) at:
769c887a +273 USERENV.dll RegisterGPNotification

musicalpulltoy

2009-03-25, 00:48

been meaning to ask....when you techs see the problem in the logs etc. why dont you point out the suspect?? :scratch: or are they

shelf life

2009-03-25, 02:15

hi,

All those that have SmitfraudFix in the line at the top. those are tools from the fix. they are harmless. Some AV/anti-malware may flag them as malware.

Sorry Iam not familiar with Run analyzer

why dont you point out the suspect??
there is more than one suspect in the majority of logs, in the case of malware anyway.

that link solved the problem then?

musicalpulltoy

2009-03-25, 05:39

greetins

harmless...ok. eliminated 1 s&d icon yay. by the way im useing some ones router when availible :lip: some of this stuf may have came from that ie the new firewall. login was solved for a day. many of the other glitches seem to have vanished. that kaesper? online scan hit a couple items but had to shut down. will try again. time in taskbar keeps going back to military time. upgraded bios at hp maybe should put old 1 back. dont want to reinstal lest i can get keeper files to burn. remote registry is enabled??? so that mystery administrator (its a shadow figure with question marks) is makeing me wonder, wtf.

appreciate your help and theres no hurry lest you want me gone i understand your plite here :bigthumb:

musicalpulltoy

2009-03-29, 21:11

hmmm

:spider:

Event Type: Warning
Event Source: SNL HiveManager
Event Category: Devices
Event ID: 100
Date: 3/28/2009
Time: 16:15:20
User: N/A
Computer: SAVANNAH
Description:
The description for Event ID ( 100 ) in Source ( SNL HiveManager ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Error user loading hive C:\Documents and Settings\HP_Administrator.SAVANNAH.000\ntuser.dat
The process cannot access the file because it is being used by another process.

shelf life

2009-03-30, 23:05

sounds like you are still having problems. Dont know what that msg is all about, maybe spybot couldnt scan the file. some files are locked and cant be scanned.

musicalpulltoy

2009-04-04, 10:36

:bigthumb:
found it
http://support.microsoft.com/kb/312216

any way the os is messed up. or maybe its that PEBKAC virus again.

:rotfl:

case closed....

thanks