Jump to content


Photo

CD Burning Problem


  • This topic is locked This topic is locked
11 replies to this topic

#1 mortstiff

mortstiff

    Member

  • Full Member
  • Pip
  • 80 posts

Posted 21 September 2005 - 03:33 PM

Two nights ago I tried burning a CD using musicmatch and my external burn drive. Never had a problem before. This time, the burn got to about 10% and then froze--the CD kept spinning, but the burn failed. Tried this 3 or 4 more times, with different mp3 files, same problem. Reinstalled musicmatch, same problem. Tried the internal burn drive, same problem. Tried Nero instead of musicmatch, same problem--the burn got to about 3%. Did a virus scan in safe mode and only came up with a couple spyware. Restored my saved registry and multimedia setup and everything seemed to be okay for two burns. Now I'm experiencing the same problem. The burn got to 11% and then went back to 10% and stayed there. Always freezes at 10%. I tried slowing down the burn speed a little bit, same problem. I'm now at a loss as to what to do. Using Windows 2000 and Firefox. Cleaned up all temporary files and cookies. Please help!

P.S. I should add: Last month I tried to backup with my system with Sonic Simple Backup, using my external burn drive and DVDs. Everything got off to a good start, but the backup froze at an early point. I tried several times and followed Sonic's suggestions for resolving the problem, but eventually gave up.

Here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 23:31:35, on 21/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\ZipToA.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iRiver\iHP100\iHPDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\WINNT\TPPALDR.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\ScanPanel\ScnPanel.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spam Manager\SpamMgrPersonal.exe
C:\Qualcomm\Eudora\Eudora.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: NewsStand Toolbar - {6E94ACD5-2C6A-48AC-84EF-A4DE746D385F} - C:\Program Files\NewsStand\Reader\NSIETool.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [CPortPatch] C:\WINNT\DockQuickInstall\cppch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\TPPALDR.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\RunServices: [TASK MANAGER] taskmgr.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [Mail Scanner] C:\Program Files\Astonsoft\Spam OFF\SpamOff.exe
O4 - HKCU\..\Run: [French] C:\Program Files\Learn To Speak French Demo V2.7\Study Conversation.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
O4 - Global Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools_NT\STARTNT.EXE
O4 - Global Startup: Refresh.lnk = C:\Program Files\Iomega\Tools_NT\REFRESH.EXE
O4 - Global Startup: Sagem - 802.11g Wi-Fi USB Dongle LAN Utility.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: =>&Anglais - http:\\wordreference.com\fr\en\j\0300.htm
O8 - Extra context menu item: =>Anglais - http:\\wordreference.com\fr\en\j\0300.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference...stall/fren2.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...409/mcfscan.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\Program Files\Iomega\Tools_NT\IOMEGAACCESS.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ZipToA - Unknown owner - C:\WINNT\System32\ZipToA.exe

#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,281 posts

Posted 25 September 2005 - 07:18 PM

Hello mortstiff

I can't find no valid data on the following entry. I suggest you search for the file and, when found, right click on it and then select properties. Carefully look over the data in properties to see when the file was created and what program, if any, that it's associated with. If the file does not appear to be legitimate, follow the instructions below. . If you know that it's good I would appreciate knowing what it is.
Please submit the file in bold to the following links for a scan, then post the results in your next message for me to see.
http://www.kaspersky.com/scanforvirus

C:\Program Files\Spam Manager\SpamMgrPersonal.exe <- file.

You could possibly do some clean up.

Download this clean Up tool
http://cleanup.stevengould.org/
Place in a separate folder and run it.
Clean the following:
Browser Cache
Browser History
Cookies

Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
http://www.ewido.net/en/download/updates/

Once the updates are installed do the following:
  • Reboot in "Safe Mode".
    How to: Visual presentation at Symantec.How to.
  • Click on the ewido scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.

Reboot Normally

Copy and paste the content of the ewido report back to this thread.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 bmv1973

bmv1973

    Computer Engineer

  • Full Member
  • Pip
  • 10 posts

Posted 25 September 2005 - 07:29 PM

Howdy mortstiff,
Can you do me a favor and go into your event viewer by right clicking my computer...click manage...then when the window pop's up, there will be a little + next to system and applications..Can you let us know what error's are in there when you try to burn.. Might say something like aspi failed etc..both apps, and sytem errors can help us locate the problem with the drives better..
Thanks

#4 mortstiff

mortstiff

    Member

  • Full Member
  • Pip
  • 80 posts

Posted 26 September 2005 - 07:34 PM

nasdaq,

Thanks for your help. I'm pretty sure the C:\...spammgrpersonal.exe file is okay. Its an anti-spam software that I installed some time ago.
Here's the ewido report:

--------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 03:12:01, 27/09/2005
+ Report-Checksum: 680F1862

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\HyperbarSS3.DLL -> Spyware.HyperBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F31C42B7-5475-47E0-8220-4696A7EC59C3}\{8853F881-81B6-4049-9AFF-483A20184268}\\ClassObject -> Spyware.HyperBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F31C42B7-5475-47E0-8220-4696A7EC59C3}\{8853F881-81B6-4049-9AFF-483A20184268}\\ProductID -> Spyware.HyperBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{C4AC1481-6C39-433E-BD39-2A05FBF45BA7} -> Spyware.HyperBar : Cleaned with backup
HKU\S-1-5-21-484763869-813497703-1343024091-1000\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{1A00C40B-DA85-4aa3-A67F-582D9347EECD} -> Spyware.iSearch : Cleaned with backup
:mozilla.44:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.123:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.124:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.132:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.133:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.134:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.135:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.136:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.137:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.139:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.140:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.141:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.142:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.143:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.144:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
:mozilla.148:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.149:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.150:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.191:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.289:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.290:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.291:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.292:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.293:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.294:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.295:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.296:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.429:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.442:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.443:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.444:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.445:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.446:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.447:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.449:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.452:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.453:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.454:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.455:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.456:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.457:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.511:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.512:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.513:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.514:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.515:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.516:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.653:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.772:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.774:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.775:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.798:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.808:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.827:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.851:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\default.mz3\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.18:C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\3ym34w2b.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\3ym34w2b.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.41:C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\3ym34w2b.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.42:C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\3ym34w2b.slt\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.90:C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\3ym34w2b.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.91:C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\3ym34w2b.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.164:C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\3ym34w2b.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.208:C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\3ym34w2b.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.209:C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\3ym34w2b.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.210:C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\3ym34w2b.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup


::Report End

bmv1973,

The next time I have the problem I'll supply that info. I find if I set the burn speed way down, the burn is successful..so something must be slowing my computer down.

Edited by mortstiff, 26 September 2005 - 07:36 PM.


#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,281 posts

Posted 26 September 2005 - 08:36 PM

mortstiff

I find if I set the burn speed way down, the burn is successful..so something must be slowing my computer down.

These are the possible issues.
Free Space on the disk.
Active processes when you burn a CD.
Size of you swap file, best I think to let windows manage it.

Now see what we can find with this tool.

Download Silent Runners - http://www.silentrun....org/index.html
Place it in it's own folder.
Double-click "Silent Runners.vbs", it will create a text file.
Note: if you get a pop-up warning about a "script" file, ignore and allow it to run completely.
Post the content of the text file back to this thread.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 hornet777

hornet777

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 607 posts

Posted 26 September 2005 - 09:12 PM

Realising the differences between 98 and XP, I would add the following suggestion: to examine the properties of your burner drive(s) and enable or disable DMA. Try both, rebooting after each.

My system locks up w/o DMA enabled for the burner.
When t'shooting check the simple things first, although from the logs you posted, there may be some malware problems as well. For those you are in good hands here. Just throwing my $0.02...:-).

Take care and good luck.
After all is invested in correctness, then how does it stand with truth?

#7 mortstiff

mortstiff

    Member

  • Full Member
  • Pip
  • 80 posts

Posted 27 September 2005 - 03:11 AM

mortstiff

I find if I set the burn speed way down, the burn is successful..so something must be slowing my computer down.

These are the possible issues.
Free Space on the disk.
Active processes when you burn a CD.
Size of you swap file, best I think to let windows manage it.

Now see what we can find with this tool.

Download Silent Runners - http://www.silentrun....org/index.html
Place it in it's own folder.
Double-click "Silent Runners.vbs", it will create a text file.
Note: if you get a pop-up warning about a "script" file, ignore and allow it to run completely.
Post the content of the text file back to this thread.

View Post





I'm a bit stuck because I don't know how to download a script. When I downloaded the zip file, Norton popped up saying it was malicious.

#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,281 posts

Posted 27 September 2005 - 05:17 AM

mortstiff

That is good some .vbs files can be. Let Norton ignore it this time and run the file.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 mortstiff

mortstiff

    Member

  • Full Member
  • Pip
  • 80 posts

Posted 27 September 2005 - 05:41 AM

mortstiff

That is good some .vbs files can be. Let Norton ignore it this time and run the file.

View Post


Okay, here's what I got:

"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"TClockEx" = "C:\Program Files\TClockEx\TCLOCKEX.EXE" ["Dale Nurden"]
"NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"TPP Auto Loader" = "C:\WINNT\TPPALDR.EXE" ["In-System Design, Inc."]
"TotalRecorderScheduler" = ""C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"" ["High Criteria inc."]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"StorageGuard" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"SSC_UserPrompt" = "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"RegistryMechanic" = (empty string)
"RegisterDropHandler" = "C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [empty string]
"Pop-Up Stopper" = ""C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"" ["Panicware, Inc."]
"PCTVOICE" = "pctspk.exe" [empty string]
"nwiz" = "nwiz.exe /installquiet" ["NVIDIA Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
"NeroFilterCheck" = "C:\WINNT\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"NAV CfgWiz" = "C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"" ["Symantec Corporation"]
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]
"ISUSPM Startup" = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup" ["InstallShield Software Corporation"]
"InstantAccess" = "C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h" [null data]
"iHP-100" = "C:\Program Files\iRiver\iHP100\iHPDetect.exe" ["Reigncom, Jonadan Jeon"]
"HPDJ Taskbar Utility" = "C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"]
"EM_EXEC" = "C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" ["Logitech Inc. "]
"dla" = "C:\WINNT\system32\dla\tfswctrl.exe" ["Sonic Solutions"]
"CPortPatch" = "C:\WINNT\DockQuickInstall\cppch.exe" ["Dell Computer Corporation"]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Apoint" = "C:\Program Files\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."]
"Acronis True Image Monitor" = ""C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"" ["Acronis"]
"Acronis Scheduler2 Service" = ""C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"" ["Acronis"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = "DriveLetterAccess" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\dla\tfswshx.dll" ["Sonic Solutions"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\dla\tfswshx.dll" ["Sonic Solutions"]
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.5 Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.5 DragDrop Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.5 Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.5 Property Sheet Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}" = "Eudora's Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Qualcomm\Eudora\EuShlExt.dll" ["Qualcomm Inc."]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
iRivEncrypt\(Default) = "{10020E84-840F-474A-9B5C-B043F0EBFC65}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iRiver\iHP100\iRivEncrypt.dll" ["iRiver"]
IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}"
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
iRivEncrypt\(Default) = "{10020E84-840F-474A-9B5C-B043F0EBFC65}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iRiver\iHP100\iRivEncrypt.dll" ["iRiver"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}"
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINNT\System32\ssmyst.scr" [MS]


Startup items in "User" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Iomega Icons" -> shortcut to: "C:\Program Files\Iomega\Tools_NT\IMGICON.EXE" ["Iomega Corp."]
"Iomega Startup Options" -> shortcut to: "C:\Program Files\Iomega\Tools_NT\STARTNT.EXE" ["Iomega Corporation"]
"Refresh" -> shortcut to: "C:\Program Files\Iomega\Tools_NT\REFRESH.EXE" ["Iomega"]
"Sagem - 802.11g Wi-Fi USB Dongle LAN Utility" -> shortcut to: "C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe" [" "]
"ScanPanel" -> shortcut to: "C:\ScanPanel\ScnPanel.exe" [empty string]


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Scan my computer - User" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.EXE /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

"{6E94ACD5-2C6A-48AC-84EF-A4DE746D385F}" = "NewsStand Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\NewsStand\Reader\NSIETool.dll" ["NewsStand, Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{F4FBA929-A891-492C-A0F6-5C79CC4F1742}\
"ButtonText" = "HiDownload"
"Exec" = "C:\PROGRA~1\HIDOWN~1\hidownload.exe" ["HiDownload Software"]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Acronis Scheduler2 Service, AcrSch2Svc, ""C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"" ["Acronis"]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
iPod Service, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Kerio Personal Firewall, PersFw, ""C:\Program Files\Kerio\Personal Firewall\persfw.exe"" ["Kerio Technologies"]
Norton AntiVirus Auto Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
SAVScan, SAVScan, "C:\Program Files\Norton AntiVirus\SAVScan.exe" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
ZipToA, ZipToA, "C:\WINNT\System32\ZipToA.exe" [null data]


Keyboard Driver Filters:
------------------------

HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = INFECTION WARNING! "Lkbdflt2" ["Logitech"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 63 seconds, including 18 seconds for message boxes)

#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,281 posts

Posted 27 September 2005 - 06:14 AM

mortstiff

The only thing that may indicate your problem, not saying its an infection but possibly some registry items that are not correct.

HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = INFECTION WARNING! "Lkbdflt2" ["Logitech"]


Researching Lkbdflt2 string I came across this article.

http://www.ntcompati...ead11906-1.html

The lockup are due to the infamous Logitech drivers that adds filter drivers to enhance mouse and keyboard functionality. Those filters "Lkbdflt2" and "Lmouflt2" appear as entries in the following Registry locations:

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}:
UpperFilters:REG_MULTI_SZ: Lkbdflt2 kbdclass

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}:
UpperFilters:REG_MULTI_SZ: Lmouflt2 mouclass


These entries require associated entries in the HKLM\System\services key to be added to work properly, but these entries will be missing when you switch from ACPI to Standard computer.


Run RegEdit from the Start/Run applet navigate to the key in BOLD above and make sure both are listed.

You may even consider removing the Mouse and reinstalling it.

Also this Item in the HijackThis log is NOT required and you may decide to fix it.

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

Read on.

http://www.liutiliti...ibrary/em_exec/

em_exec.exe is installed alongside Logitech MouseWare. Gives fast access via the desktop tray to Logitech's configuration utility. This program is a non-essential system process, and is installed for ease of use.


Also check google for "Lkbdflt2" no quotes. It may give your more information.

You problem does not seem to come from an infection. So let me know how you make out.

p.s. Please use this button Posted Image to reply. Its easier to read. Thanks.

Edited by nasdaq, 27 September 2005 - 06:14 AM.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#11 mortstiff

mortstiff

    Member

  • Full Member
  • Pip
  • 80 posts

Posted 27 September 2005 - 09:59 AM

mortstiff

The only thing that may indicate your problem, not saying its an infection but possibly some registry items that are not correct.

HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = INFECTION WARNING! "Lkbdflt2" ["Logitech"]


Researching Lkbdflt2 string I came across this article.

http://www.ntcompati...ead11906-1.html

The lockup are due to the infamous Logitech drivers that adds filter drivers to enhance mouse and keyboard functionality. Those filters "Lkbdflt2" and "Lmouflt2" appear as entries in the following Registry locations:

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}:
UpperFilters:REG_MULTI_SZ: Lkbdflt2 kbdclass

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}:
UpperFilters:REG_MULTI_SZ: Lmouflt2 mouclass


These entries require associated entries in the HKLM\System\services key to be added to work properly, but these entries will be missing when you switch from ACPI to Standard computer.


Run RegEdit from the Start/Run applet navigate to the key in BOLD above and make sure both are listed.

You may even consider removing the Mouse and reinstalling it.

Also this Item in the HijackThis log is NOT required and you may decide to fix it.

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

Read on.

http://www.liutiliti...ibrary/em_exec/

em_exec.exe is installed alongside Logitech MouseWare. Gives fast access via the desktop tray to Logitech's configuration utility. This program is a non-essential system process, and is installed for ease of use.


Also check google for "Lkbdflt2" no quotes. It may give your more information.

You problem does not seem to come from an infection. So let me know how you make out.

p.s. Please use this button Posted Image to reply. Its easier to read. Thanks.

View Post


Thanks again nasdaq. I'm going to need some time to process this, which will have to wait until I return from a short trip next week. Hope you'll still be around if I have
further questions.

#12 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,281 posts

Posted 27 September 2005 - 02:18 PM

mortstiff

I should be around, I keep my thread open for 2 weeks. If no feedback I close the thread.
You can always then ask that it be reopened.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




Member of UNITE
Support SpywareInfo Forum - click the button