1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My Drive does NOT detect my blank cd's. Nero caused it...

Discussion in 'Nero discussion' started by petjelly, Jun 28, 2006.

  1. binkie7

    binkie7 Moderator Staff Member

    Joined:
    Feb 12, 2005
    Messages:
    17,588
    Likes Received:
    0
    Trophy Points:
    116
    @mrbenz04
    This thread has nothing to do with that error - your error is due to Nero 6.6.1.4 'breaking' the autoburn w/ Shrink. So see this thread w/ instructions and downloads to correct the problem:
    http://forums.afterdawn.com/thread_view.cfm/325848

    If you are still having a problem you'll need to start a new thread.

    @petjelly
    Glad to see these guys are getting you straight!
    (oh and you may want to rethink about where you get your dl's even once the av & firewall are installed & running - some are worse than others for the crap you get from them)
     
  2. dolphin2

    dolphin2 Guest

    @mrbenz04
    Also edit out your Nero serial number! It starts with 1A23 and is at the top of the log file. Pirates will steal it!

    @binkie7
    Glad to see your staying with the thread!
     
    Last edited by a moderator: Jul 20, 2006
  3. binkie7

    binkie7 Moderator Staff Member

    Joined:
    Feb 12, 2005
    Messages:
    17,588
    Likes Received:
    0
    Trophy Points:
    116
    @dolphin2
    Oops missed that major one - txs for catching it :)
     
  4. petjelly

    petjelly Member

    Joined:
    Jun 28, 2006
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    16

    The list of viruses that i had to delete myself.
    [​IMG]

    Logfile of HijackThis v1.99.1
    Scan saved at 6:51:57 PM, on 7/20/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Documents and Settings\tami\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-system.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 221.10.124.34:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 221.10.124.34:8080:0
    O1 - Hosts: nu.com
    O1 - Hosts: nu.com
    O1 - Hosts: .whenu.com
    O1 - Hosts: .whenu.com
    O1 - Hosts: c.whenu.com
    O1 - Hosts: c.whenu.com
    O1 - Hosts: nc.whenu.com
    O1 - Hosts: nc.whenu.com
    O1 - Hosts: inc.whenu.com
    O1 - Hosts: inc.whenu.com
    O1 - Hosts: m
    O1 - Hosts: m
    O1 - Hosts: m
    O1 - Hosts: m
    O1 - Hosts: om
    O1 - Hosts: om
    O1 - Hosts: com
    O1 - Hosts: com
    O1 - Hosts: m
    O1 - Hosts: m
    O1 - Hosts: .com
    O1 - Hosts: .com
    O1 - Hosts: .com
    O1 - Hosts: .com
    O1 - Hosts: d.com
    O1 - Hosts: d.com
    O1 - Hosts: nd.com
    O1 - Hosts: nd.com
    O1 - Hosts: ind.com
    O1 - Hosts: ind.com
    O1 - Hosts: find.com
    O1 - Hosts: find.com
    O1 - Hosts: yfind.com
    O1 - Hosts: yfind.com
    O1 - Hosts: tyfind.com
    O1 - Hosts: tyfind.com
    O1 - Hosts: styfind.com
    O1 - Hosts: styfind.com
    O1 - Hosts: estyfind.com
    O1 - Hosts: estyfind.com
    O1 - Hosts: styfind.com
    O1 - Hosts: styfind.com
    O1 - Hosts: .zestyfind.com
    O1 - Hosts: .zestyfind.com
    O1 - Hosts: .offeroptimizer.com
    O1 - Hosts: so.offeroptimizer.com
    O1 - Hosts: 1
    O1 - Hosts: 127.0.0.
    O1 - Hosts: 1 www.z
    O1 - Hosts: .com
    O1 - Hosts: ar.com
    O1 - Hosts: lbar.com
    O1 - Hosts: oolbar.com
    O1 - Hosts: rtoolbar.com
    O1 - Hosts: 127.0.
    O1 - Hosts: sertoolbar.com
    O1 - Hosts: owsertoolbar.com
    O1 - Hosts: 127
    O1 - Hosts: 2.browsertoolbar.com
    O1 - Hosts: ww2.browsertoolbar.com
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [*tcpiis] C:\WINDOWS\system32\1028\tcpiis.exe
    O4 - HKLM\..\Run: [*jpegdb] C:\WINDOWS\Driver Cache\jpegdb.exe
    O4 - HKLM\..\Run: [*utilvss] C:\WINDOWS\AppPatch\utilvss.exe
    O4 - HKLM\..\Run: [*crbak] C:\WINDOWS\Tasks\crbak.exe
    O4 - HKLM\..\Run: [*expdrv] C:\WINDOWS\system32\Microsoft\expdrv.exe
    O4 - HKLM\..\Run: [*urlsvc] C:\WINDOWS\security\Database\urlsvc.exe
    O4 - HKLM\..\Run: [*mckey] C:\WINDOWS\Config\mckey.exe
    O4 - HKLM\..\Run: [*urljava] C:\WINDOWS\addins\urljava.exe
    O4 - HKLM\..\Run: [*logbas] C:\WINDOWS\Windows Update Setup Files\logbas.exe
    O4 - HKLM\..\Run: [*psvss] C:\WINDOWS\Config\psvss.exe
    O4 - HKLM\..\Run: [*xmltask] C:\WINDOWS\msagent\xmltask.exe
    O4 - HKLM\..\Run: [*mfcac] C:\WINDOWS\Web\mfcac.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [tcpiis] C:\WINDOWS\system32\1028\tcpiis.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
    O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Ink Monitor] C:\PROGRA~1\EPSON\INKMON~1\InkMonitor.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138331230\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O15 - Trusted Zone: http://*.windupdates.com
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137192597396
    O20 - Winlogon Notify: dbcab - C:\DOCUME~1\tami\LOCALS~1\Temp\bacbd.dat
    O20 - Winlogon Notify: dosreg - C:\DOCUME~1\tami\LOCALS~1\Temp\gersod.dat
    O20 - Winlogon Notify: hardcat - C:\DOCUME~1\tami\LOCALS~1\Temp\tacdrah.dat
    O20 - Winlogon Notify: liburl - C:\DOCUME~1\tami\LOCALS~1\Temp\lrubil.dat
    O20 - Winlogon Notify: msvcabr - C:\DOCUME~1\tami\LOCALS~1\Temp\rbacvsm.dat
    O20 - Winlogon Notify: runun - C:\DOCUME~1\tami\LOCALS~1\Temp\nunur.dat
    O20 - Winlogon Notify: svcjava - C:\DOCUME~1\tami\LOCALS~1\Temp\avajcvs.dat
    O20 - Winlogon Notify: svrvss - C:\DOCUME~1\tami\LOCALS~1\Temp\ssvrvs.dat
    O20 - Winlogon Notify: wintask - C:\DOCUME~1\tami\LOCALS~1\Temp\ksatniw.dat
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

     
  5. dolphin2

    dolphin2 Guest

    @binkie7
    No problem!
     
  6. dolphin2

    dolphin2 Guest

    Click the check boxes for the following lines in HiJack This! then click Fix:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 221.10.124.34:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 221.10.124.34:8080:0
    O1 - Hosts: nu.com
    O1 - Hosts: nu.com
    O1 - Hosts: .whenu.com
    O1 - Hosts: .whenu.com
    O1 - Hosts: c.whenu.com
    O1 - Hosts: c.whenu.com
    O1 - Hosts: nc.whenu.com
    O1 - Hosts: nc.whenu.com
    O1 - Hosts: inc.whenu.com
    O1 - Hosts: inc.whenu.com
    O1 - Hosts: m
    O1 - Hosts: m
    O1 - Hosts: m
    O1 - Hosts: m
    O1 - Hosts: om
    O1 - Hosts: om
    O1 - Hosts: com
    O1 - Hosts: com
    O1 - Hosts: m
    O1 - Hosts: m
    O1 - Hosts: .com
    O1 - Hosts: .com
    O1 - Hosts: .com
    O1 - Hosts: .com
    O1 - Hosts: d.com
    O1 - Hosts: d.com
    O1 - Hosts: nd.com
    O1 - Hosts: nd.com
    O1 - Hosts: ind.com
    O1 - Hosts: ind.com
    O1 - Hosts: find.com
    O1 - Hosts: find.com
    O1 - Hosts: yfind.com
    O1 - Hosts: yfind.com
    O1 - Hosts: tyfind.com
    O1 - Hosts: tyfind.com
    O1 - Hosts: styfind.com
    O1 - Hosts: styfind.com
    O1 - Hosts: estyfind.com
    O1 - Hosts: estyfind.com
    O1 - Hosts: styfind.com
    O1 - Hosts: styfind.com
    O1 - Hosts: .zestyfind.com
    O1 - Hosts: .zestyfind.com
    O1 - Hosts: .offeroptimizer.com
    O1 - Hosts: so.offeroptimizer.com
    O1 - Hosts: 1
    O1 - Hosts: 127.0.0.
    O1 - Hosts: 1 www.z
    O1 - Hosts: .com
    O1 - Hosts: ar.com
    O1 - Hosts: lbar.com
    O1 - Hosts: oolbar.com
    O1 - Hosts: rtoolbar.com
    O1 - Hosts: 127.0.
    O1 - Hosts: sertoolbar.com
    O1 - Hosts: owsertoolbar.com
    O1 - Hosts: 127
    O1 - Hosts: 2.browsertoolbar.com
    O1 - Hosts: ww2.browsertoolbar.com

    Download, install and run this
    http://www.ewido.net/en/

    Post another HiJack log when completed.
     
  7. syxguns

    syxguns Active member

    Joined:
    Jan 13, 2006
    Messages:
    1,378
    Likes Received:
    4
    Trophy Points:
    68
    dolphin2-
    Is ewido better than Lavasoft?
     
  8. scorpNZ

    scorpNZ Active member

    Joined:
    Mar 23, 2005
    Messages:
    4,261
    Likes Received:
    63
    Trophy Points:
    78
    I would recommend removal of the file sharing program bearshare,i just googled and it's flagged as a spyware installer and cnet also no longer have it for download,the good news is it looks like your getting there *woot*
     
  9. dolphin2

    dolphin2 Guest

    Ewido, Ad-aware and SpyBot all catch different things. So is it any better, no, but just as good and should be used also.
     
  10. petjelly

    petjelly Member

    Joined:
    Jun 28, 2006
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    16
    Logfile of HijackThis v1.99.1
    Scan saved at 11:26:17 PM, on 7/20/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Common Files\AOL\1138331230\ee\AOLSoftware.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    c:\program files\common files\aol\1138331230\ee\aim6.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Documents and Settings\tami\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-system.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [*tcpiis] C:\WINDOWS\system32\1028\tcpiis.exe
    O4 - HKLM\..\Run: [*jpegdb] C:\WINDOWS\Driver Cache\jpegdb.exe
    O4 - HKLM\..\Run: [*utilvss] C:\WINDOWS\AppPatch\utilvss.exe
    O4 - HKLM\..\Run: [*crbak] C:\WINDOWS\Tasks\crbak.exe
    O4 - HKLM\..\Run: [*expdrv] C:\WINDOWS\system32\Microsoft\expdrv.exe
    O4 - HKLM\..\Run: [*urlsvc] C:\WINDOWS\security\Database\urlsvc.exe
    O4 - HKLM\..\Run: [*mckey] C:\WINDOWS\Config\mckey.exe
    O4 - HKLM\..\Run: [*urljava] C:\WINDOWS\addins\urljava.exe
    O4 - HKLM\..\Run: [*logbas] C:\WINDOWS\Windows Update Setup Files\logbas.exe
    O4 - HKLM\..\Run: [*psvss] C:\WINDOWS\Config\psvss.exe
    O4 - HKLM\..\Run: [*xmltask] C:\WINDOWS\msagent\xmltask.exe
    O4 - HKLM\..\Run: [*mfcac] C:\WINDOWS\Web\mfcac.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [tcpiis] C:\WINDOWS\system32\1028\tcpiis.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
    O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Ink Monitor] C:\PROGRA~1\EPSON\INKMON~1\InkMonitor.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138331230\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O15 - Trusted Zone: http://*.windupdates.com
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137192597396
    O20 - Winlogon Notify: dbcab - C:\DOCUME~1\tami\LOCALS~1\Temp\bacbd.dat
    O20 - Winlogon Notify: dosreg - C:\DOCUME~1\tami\LOCALS~1\Temp\gersod.dat
    O20 - Winlogon Notify: hardcat - C:\DOCUME~1\tami\LOCALS~1\Temp\tacdrah.dat
    O20 - Winlogon Notify: liburl - C:\DOCUME~1\tami\LOCALS~1\Temp\lrubil.dat
    O20 - Winlogon Notify: msvcabr - C:\DOCUME~1\tami\LOCALS~1\Temp\rbacvsm.dat
    O20 - Winlogon Notify: runun - C:\DOCUME~1\tami\LOCALS~1\Temp\nunur.dat
    O20 - Winlogon Notify: svcjava - C:\DOCUME~1\tami\LOCALS~1\Temp\avajcvs.dat
    O20 - Winlogon Notify: svrvss - C:\DOCUME~1\tami\LOCALS~1\Temp\ssvrvs.dat
    O20 - Winlogon Notify: wintask - C:\DOCUME~1\tami\LOCALS~1\Temp\ksatniw.dat
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

     
  11. binkie7

    binkie7 Moderator Staff Member

    Joined:
    Feb 12, 2005
    Messages:
    17,588
    Likes Received:
    0
    Trophy Points:
    116
    @dolphin2
    Yep staying up w/ this thread (missed that early).
    Learning a thing or 2 from you guys :)
    Nero logs are 1 thing - Hijack This is another!
    Quite a good learning thread actually.

    From the little I can see petjelly it's cleaner but you'll need to wait for the others for better advice :)
     
  12. petjelly

    petjelly Member

    Joined:
    Jun 28, 2006
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    16
    ^im learning too lol
     
  13. dolphin2

    dolphin2 Guest

    Glad to hear your both learning! I've been taking things slow as others are learning from this thread also.

    Nero logs and HiJackThis! logs are not so hard once you learn the things to look for.

    @petjelly
    I need to know if you ever completed one of the on-line scans. It's important that you do one of those.
     
  14. petjelly

    petjelly Member

    Joined:
    Jun 28, 2006
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    16
    i was not able to complete the online house call scan. it was SLOOOW... a scan shouldnt take 4 hours. after 4 hours it said approximate time left was 2 hours 1/2. when i started the san it said 1 hour. i have comcast internet. it shouldnt take that long.
     
  15. petjelly

    petjelly Member

    Joined:
    Jun 28, 2006
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    16
    just to let you know. my drive still does not detect cd's. :)
     
  16. syxguns

    syxguns Active member

    Joined:
    Jan 13, 2006
    Messages:
    1,378
    Likes Received:
    4
    Trophy Points:
    68
    petjelly

    1) Okay run HjT again and select the following items in the list.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main Start Page = http://search-system.com/

    O15 - Trusted Zone: http://*.windupdates.com

    O4 - HKLM\..\Run: [tcpiis] C:\WINDOWS\system32\1028\tcpiis.exe

    O4 - HKLM\..\Run: [*tcpiis] C:\WINDOWS\system32\1028\tcpiis.exe

    O4 - HKLM\..\Run: [*jpegdb] C:\WINDOWS\Driver Cache\jpegdb.exe

    O4 - HKLM\..\Run: [*utilvss] C:\WINDOWS\AppPatch\utilvss.exe

    O4 - HKLM\..\Run: [*crbak] C:\WINDOWS\Tasks\crbak.exe

    O4 - HKLM\..\Run: [*expdrv] C:\WINDOWS\system32\Microsoft\expdrv.exe

    O4 - HKLM\..\Run: [*urlsvc] C:\WINDOWS\security\Database\urlsvc.exe

    O4 - HKLM\..\Run: [*mckey] C:\WINDOWS\Config\mckey.exe

    O4 - HKLM\..\Run: [*urljava] C:\WINDOWS\addins\urljava.exe

    O4 - HKLM\..\Run: [*logbas] C:\WINDOWS\Windows Update Setup Files\logbas.exe

    O4 - HKLM\..\Run: [*psvss] C:\WINDOWS\Config\psvss.exe

    O4 - HKLM\..\Run: [*xmltask] C:\WINDOWS\msagent\xmltask.exe

    O4 - HKLM\..\Run: [*mfcac] C:\WINDOWS\Web\mfcac.exe

    After the following items are selected hit the fix items button.

    2) You need to complete your updates for IE.

    3) You need to delete all file that show up in the following folder. C:\DOCUMENT AND SETTINGS\tami\LOCAL SETTINGS\Temp\

    There may be an item or two that will not delete, however that is okay.

    After you have completed the following reboot and run another HjT log for us to look at.

    Thanks!


     
  17. syxguns

    syxguns Active member

    Joined:
    Jan 13, 2006
    Messages:
    1,378
    Likes Received:
    4
    Trophy Points:
    68
    Don't worry about your drive right now. We still need to get your system cleaned out. After that we will go back to the original problem at hand!
     
  18. dolphin2

    dolphin2 Guest

    @petjelly
    Retry the other on-line scan I gave you. If that one doesn't work also, we'll try another or go a different route.
     
  19. petjelly

    petjelly Member

    Joined:
    Jun 28, 2006
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    16
    C:\DOCUMENT AND SETTINGS\tami\LOCAL SETTINGS\Temp\

    pasted it in run. it says windows cannot find????
     
  20. ozzy214

    ozzy214 Regular member

    Joined:
    Jul 28, 2005
    Messages:
    918
    Likes Received:
    0
    Trophy Points:
    26
    Petjelly where are you at? Look me up in pm if your in Ne Pennsylavania. I can fix that comp right up for you. I do repairs for people here now and then.
     
    Last edited: Jul 21, 2006

Share This Page