Malwareteks: Forums / Hardware Support / PC Freezes in IE7, Failing hardware, or a software conflict?

Forums

Malwareteks :: Forums :: Technical Support :: Hardware Support		<< Previous thread \| Next thread >>
PC Freezes in IE7, Failing hardware, or a software conflict?


Moderators: ShadowPuterDude, Greg, D3m3nt3d, Brandon, Vmarm, peterparker, siljaline, jholland1964, TurcoLoco, Windsor, JeanInMontana, KZ, RatHat, Jason Amison, MrCharlie

Author

Post

six-h

Fri Mar 21 2008, 11:59PM

Registered Member #138

Joined: Fri Mar 21 2008, 10:53PM
Location: Manchester UK
Posts: 17
Thanked 0 times in 0 posts

Well here I am!
I'll not bore y'all with my long and pitiful tale of woe!
Suffice it to say ShadowPuterDude is painfully aware of my history, and continues valiantly to try and revive my ailing PC.
I was suffering freeze-ups in IE7 and Firefox, after deleting "TrojanSpy.Banker" and did a Factory re-set to try and escape from the problem.
Sadly, it didn't work, and despite dragging my PC back from 2003 (Date of purchase) to the present, it's still freezing, particularly on Video intensive sites!
Suspicion now falls on either bad memory, or some corruption of the data on my "E" sector, where the OS recovery files reside!

I'm attaching a "System report" as per SPD's instructions.

six-h

ShadowPuterDude

Sat Mar 22 2008, 07:08AM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts

The report didn't attach. Try zipping it and the try to attach the report again.

"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218

six-h

Sat Mar 22 2008, 03:08PM

Registered Member #138

Joined: Fri Mar 21 2008, 10:53PM
Location: Manchester UK
Posts: 17
Thanked 0 times in 0 posts

Hi ShadowPuterDude,

Sorry it wan't successful,
Sending again in a zipped folder.

six-h

ahah.zip

ShadowPuterDude

Sat Mar 22 2008, 05:52PM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Note:

DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts

If the following message from DSS appears, please click on "Yes" to allow it to download HijackThis, if you don't already have it.

Allow DSS through your firewall to download HijackThis by clicking "OK"

DSS has installed HijackThis, and placed a shortcut on your desktop. Click "OK" to allow the scan to continue.

.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.

What DSS will do:

create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

[ Edited Sat Mar 22 2008, 05:54PM ]

six-h

Sat Mar 22 2008, 06:28PM

Registered Member #138

Joined: Fri Mar 21 2008, 10:53PM
Location: Manchester UK
Posts: 17
Thanked 0 times in 0 posts

Hi SadowPuterDude

Since you're asking me to run Deckards scanner, can you reaffirm that you want me first to restore to C:\Windows\Programmes, the zipped Java folders that were created in 2003 as they are still in the Re-cycle Bin??

Also, referring to the instructions for copy and pasting the resultant text files,

When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.

I'm not sure where "here" is.
Is it in the body of my reply?

To attach a file to a new post, simply
Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:
C:\Deckard\System Scanner\extra.txt

Click Upload.

Can't see the "Manage attachments" button!
Sorry, I think I'm getting more stupid as we go on!

six-h

ShadowPuterDude

Sat Mar 22 2008, 06:48PM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts

Yes, restore the files from 2003 in the recycle bin.

Just attach both files to your reply.

six-h

Sat Mar 22 2008, 07:50PM

Registered Member #138

Joined: Fri Mar 21 2008, 10:53PM
Location: Manchester UK
Posts: 17
Thanked 0 times in 0 posts

Hi,ShadowPuterDude
I think I've duplicated the extra text file by pasting C:\Deckard\System Scanner\extra.txt
into the "File to attach" box

six-h

Deckard's System Scanner v20071014.68
Run by Geoff Vost on 2008-03-22 23:25:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
85: 2008-03-22 23:26:01 UTC - RP85 - Deckard's System Scanner Restore Point
84: 2008-03-22 14:44:06 UTC - RP84 - Unsigned driver install
83: 2008-03-21 18:30:32 UTC - RP83 - System Checkpoint
82: 2008-03-19 18:54:58 UTC - RP82 - Installed Windows XP KB926239.
81: 2008-03-19 18:54:25 UTC - RP81 - Installed Windows XP MSCompPackV1.

-- First Restore Point --
1: 2008-03-05 15:03:44 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Geoff Vost.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:28:36, on 22/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Geoff Vost\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Geoff Vost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205343521984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205350058406
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1205702166_6945673d0eb6148302758105b3254e4e&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9984 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 snapman (Acronis Snapshots Manager) - c:\windows\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>
R0 timounter (Acronis TrueImage Backup Archive Explorer) - c:\windows\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
R1 OADevice (OADriver) - c:\windows\system32\drivers\oadriver.sys
R1 OAmon - c:\windows\system32\drivers\oamon.sys
R1 OAnet - c:\windows\system32\drivers\oanet.sys
R2 tifsfilter (Acronis TrueImage FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; TrueImage>
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 LogWatch (Event Log Watch) - c:\program files\ca\sharedcomponents\ca_lic\logwatnt.exe <Not Verified; Computer Associates; Computer Associates LogWatNT>
R2 SvcOnlineArmor (Online Armor) - "c:\program files\tall emu\online armor\oasrv.exe"
R3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module>

S3 CA_LIC_CLNT (CA License Client) - c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe <Not Verified; Computer Associates; Computer Associates lic98rmt>
S3 CA_LIC_SRVR (CA License Server) - c:\program files\ca\sharedcomponents\ca_lic\lic98rmtd.exe <Not Verified; Computer Associates; Computer Associates lic98rmtd>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-03-12 23:38:38 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-02-22 and 2008-03-22 -----------------------------

2008-03-22 23:28:24 0 d-------- C:\Program Files\Trend Micro
2008-03-16 21:17:26 0 d-------- C:\WINDOWS\Sun
2008-03-16 21:17:26 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\Sun
2008-03-16 21:15:51 0 d-------- C:\Program Files\Java
2008-03-16 21:14:56 0 d-------- C:\Program Files\Common Files\Java
2008-03-13 18:40:36 0 d-------- C:\Program Files\Ulead Systems
2008-03-13 18:39:48 36864 --a------ C:\WINDOWS\system32\Vizmicro.dll <Not Verified; Visioneer Corporation; Microsoft(R) Windows NT(R) Operating System>
2008-03-13 18:11:13 0 d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-03-13 18:07:33 0 d-------- C:\WINDOWS\Profiles
2008-03-13 18:07:20 0 d-------- C:\WINDOWS\system32\Adobe
2008-03-13 18:07:19 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\InterTrust
2008-03-13 02:05:29 0 d-------- C:\Program Files\MSBuild
2008-03-13 02:05:25 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-03-13 02:05:20 0 d-------- C:\Program Files\Reference Assemblies
2008-03-13 02:01:37 0 d-------- C:\Program Files\MSXML 6.0
2008-03-13 00:37:19 0 d-------- C:\Program Files\dmt
2008-03-12 23:42:00 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\Apple Computer
2008-03-12 23:40:55 0 d-------- C:\Program Files\iPod
2008-03-12 23:40:51 0 d-------- C:\Program Files\iTunes
2008-03-12 23:39:52 0 d-------- C:\Program Files\Bonjour
2008-03-12 23:38:53 0 d-------- C:\Program Files\QuickTime
2008-03-12 23:38:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-12 23:38:10 0 d-------- C:\Program Files\Apple Software Update
2008-03-12 23:37:54 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-03-12 23:37:39 0 d-------- C:\Program Files\Common Files\Apple
2008-03-12 23:37:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-12 23:11:14 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\Google
2008-03-12 23:11:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-03-12 23:09:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-12 23:09:13 0 d-------- C:\Program Files\Google
2008-03-12 22:45:07 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-12 22:43:11 0 d-------- C:\WINDOWS\system32\LogFiles
2008-03-12 22:43:11 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-12 21:40:04 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-03-12 21:40:04 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-03-12 21:39:34 0 d-------- C:\Program Files\SiteAdvisor
2008-03-12 21:39:04 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\SiteAdvisor
2008-03-12 21:39:04 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-03-12 21:39:04 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-12 20:59:57 0 d-------- C:\WINDOWS\network diagnostic
2008-03-12 19:21:42 0 d-------- C:\Program Files\MSXML 4.0
2008-03-12 18:09:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-12 17:45:32 0 d-------- C:\WINDOWS\system32\PreInstall
2008-03-12 17:45:30 0 d--h----- C:\WINDOWS\$hf_mig$
2008-03-12 17:39:27 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-03-12 17:30:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\X10 Commander
2008-03-12 16:56:06 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\OnlineArmor
2008-03-12 16:56:06 0 d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-03-12 16:55:54 22016 --a------ C:\WINDOWS\system32\drivers\oanet.sys
2008-03-12 16:55:54 25088 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-03-12 16:55:54 69120 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-03-12 16:55:54 0 d-------- C:\Program Files\Tall Emu
2008-03-06 13:01:53 0 d-------- C:\WINDOWS\pss
2008-03-06 00:54:08 0 d-------- C:\Documents and Settings\Owner\Application Data
2008-03-06 00:54:08 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-03-06 00:45:51 0 d-------- C:\WINDOWS\system32\NtmsData
2008-03-05 22:11:34 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\MSN6
2008-03-05 22:11:34 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-03-05 19:00:40 0 d-------- C:\Program Files\DVD Decrypter
2008-03-05 18:58:01 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-05 18:58:00 0 d-------- C:\Program Files\DVD Shrink
2008-03-05 18:55:24 0 d-------- C:\WINDOWS\mkisofs
2008-03-05 18:55:24 0 d-------- C:\Program Files\CloneDVD
2008-03-05 18:46:14 126976 --a------ C:\WINDOWS\system32\snapapi.dll <Not Verified; Acronis; Acronis Snapshot API>
2008-03-05 18:46:14 37888 --a------ C:\WINDOWS\system32\setupnt.dll <Not Verified; ; Setupnt Dynamic Link Library>
2008-03-05 18:46:14 211520 --a------ C:\WINDOWS\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
2008-03-05 18:46:14 28896 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys <Not Verified; Acronis; TrueImage>
2008-03-05 18:46:14 82464 --a------ C:\WINDOWS\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>
2008-03-05 18:46:07 0 d-------- C:\Program Files\Common Files\Acronis
2008-03-05 18:46:07 0 d-------- C:\Program Files\Acronis
2008-03-05 17:22:52 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\Ulead Systems
2008-03-05 17:22:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-03-05 17:02:39 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-03-05 17:02:26 0 d-------- C:\WINDOWS\Prefetch
2008-03-05 16:57:08 0 d-------- C:\WINDOWS\provisioning
2008-03-05 16:55:47 0 d-------- C:\WINDOWS\ServicePackFiles
2008-03-05 16:50:07 0 d-------- C:\WINDOWS\EHome
2008-03-05 16:12:03 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\AVG7
2008-03-05 16:11:54 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-05 16:11:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-05 16:11:45 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-05 15:57:10 1409024 --a------ C:\WINDOWS\system32\MGIIpl4W7.dll <Not Verified; MGI Software Corp.; MGIIpl4>
2008-03-05 15:57:10 1191936 --a------ C:\WINDOWS\system32\MGIIpl4P6.dll <Not Verified; MGI Software Corp.; MGIIpl4>
2008-03-05 15:57:10 1351680 --a------ C:\WINDOWS\system32\MGIIpl4M6.dll <Not Verified; MGI Software Corp.; MGIIpl4>
2008-03-05 15:57:10 1318912 --a------ C:\WINDOWS\system32\MGIIpl4M5.dll <Not Verified; MGI Software Corp.; MGIIpl4>
2008-03-05 15:56:44 24576 --a------ C:\WINDOWS\system32\SFWUTS20.DLL <Not Verified; Seattle FilmWorks; SFWUTS20 Dynamic Link Library>
2008-03-05 15:56:44 254976 --a------ C:\WINDOWS\system32\SFWIUDLL.DLL <Not Verified; Seattle FilmWorks; SFWIDLL Dynamic Link Library>
2008-03-05 15:56:44 63488 --a------ C:\WINDOWS\system32\PICN1111.DLL <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-03-05 15:56:44 29184 --a------ C:\WINDOWS\system32\PICN11.DLL <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-03-05 15:56:44 1187840 --a------ C:\WINDOWS\system32\MGIIpl4PX.dll <Not Verified; MGI Software Corp.; MGIIpl4>
2008-03-05 15:56:44 24576 --a------ C:\WINDOWS\system32\MGIIpl4.dll <Not Verified; MGI Software Corp.; MGIIpl4>
2008-03-05 15:56:44 1977856 --a------ C:\WINDOWS\system32\LPControl.dll <Not Verified; Live Picture; LPControl Module>
2008-03-05 15:56:44 5632 --a------ C:\WINDOWS\system32\HELLUT32.DLL <Not Verified; Seattle FilmWorks; Seattle FilmWorks HELLUT32>
2008-03-05 15:56:44 458752 --a------ C:\WINDOWS\system32\Fpl.dll
2008-03-05 15:56:44 45568 --a------ C:\WINDOWS\system32\DC210.dll <Not Verified; Eastman Kodak Company; DC210 SDK Win32 Library Ver.2.05>
2008-03-05 15:56:44 19968 --a------ C:\WINDOWS\system32\CPUINF32.DLL
2008-03-05 15:56:44 29184 --a------ C:\WINDOWS\system32\Comm32.dll <Not Verified; SANYO Electric Co., Ltd.; comm32>
2008-03-05 15:56:33 196608 --a------ C:\WINDOWS\system32\opccli32.dll <Not Verified; PictureVision Inc.; Online PhotoCenter>
2008-03-05 15:56:33 122880 --a------ C:\WINDOWS\system32\JPEGLIB.DLL <Not Verified; ; Reference Implementation>
2008-03-05 15:56:33 332800 --a------ C:\WINDOWS\system32\FPXLIB.DLL <Not Verified; ; Reference Implementation>
2008-03-05 15:56:33 522752 --a------ C:\WINDOWS\system32\DC120fc7_32.dll <Not Verified; Eastman Kodak Japan; DC120SDK Win32 Ver.f1c7>
2008-03-05 15:56:33 71168 --a------ C:\WINDOWS\system32\Camapi32.dll <Not Verified; SANYO Electric Co., Ltd.; camapi32>
2008-03-05 15:56:32 32768 --a------ C:\WINDOWS\system32\F210.dll <Not Verified; Eastman Kodak Company; DC200/DC210/DC240 SDK Control Layer Ver.1.0.1300>
2008-03-05 15:56:32 0 d-------- C:\Program Files\Common Files\MGI Shared
2008-03-05 15:56:31 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\MGI
2008-03-05 15:53:00 126976 --a------ C:\WINDOWS\system32\ipubgrnd.dll <Not Verified; Intel Corporation; >
2008-03-05 15:52:58 0 d-------- C:\WINDOWS\Live Picture
2008-03-05 15:52:58 0 d-------- C:\Program Files\MGI
2008-03-05 15:43:06 159744 --a------ C:\WINDOWS\BJPSUNST.EXE <Not Verified; CANON INC.; BJPSUNST.EXE>
2008-03-05 15:41:30 0 d-------- C:\Program Files\RemoteCapture Task
2008-03-05 15:41:14 0 d-------- C:\Program Files\RAW Image Task
2008-03-05 15:39:55 0 d-------- C:\Program Files\Canon
2008-03-05 15:34:43 2840 --a------ C:\Documents and Settings\Geoff Vost\Application Data\wklnhst.dat
2008-03-05 15:23:31 73728 -ra------ C:\WINDOWS\system32\CNMCP5m.exe <Not Verified; CANON INC.; Canon BJ Raster Printer Driver Installer>
2008-03-05 15:23:22 0 d--h----- C:\BJPrinter
2008-03-05 15:23:17 0 d-------- C:\WINDOWS\I865
2008-03-05 15:23:16 0 d-------- C:\WINDOWS\StartHtmico
2008-03-05 15:13:26 26112 -ra------ C:\WINDOWS\RunUnDrv.exe
2008-03-05 15:03:50 0 dr------- C:\Documents and Settings\Geoff Vost\Favorites
2008-03-05 15:03:50 0 d-------- C:\Documents and Settings\Geoff Vost\Desktop
2008-03-05 15:03:50 0 d--hs---- C:\Documents and Settings\Geoff Vost\Cookies
2008-03-05 15:03:50 0 dr-h----- C:\Documents and Settings\Geoff Vost\Application Data
2008-03-05 15:03:50 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\Real
2008-03-05 15:03:50 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\Macromedia
2008-03-05 15:03:50 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\Identities
2008-03-05 15:03:50 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\Help
2008-03-05 15:03:50 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\CyberLink
2008-03-05 15:03:50 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\Ahead
2008-03-05 15:03:50 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\Adobe
2008-03-05 15:03:49 0 d--hs---- C:\Documents and Settings\Geoff Vost\UserData
2008-03-05 15:03:49 0 d--h----- C:\Documents and Settings\Geoff Vost\Templates
2008-03-05 15:03:49 0 dr------- C:\Documents and Settings\Geoff Vost\Start Menu
2008-03-05 15:03:49 0 dr-h----- C:\Documents and Settings\Geoff Vost\SendTo
2008-03-05 15:03:49 0 dr-h----- C:\Documents and Settings\Geoff Vost\Recent
2008-03-05 15:03:49 0 d--h----- C:\Documents and Settings\Geoff Vost\PrintHood
2008-03-05 15:03:49 3407872 --ah----- C:\Documents and Settings\Geoff Vost\NTUSER.DAT
2008-03-05 15:03:49 0 d--h----- C:\Documents and Settings\Geoff Vost\NetHood
2008-03-05 15:03:49 0 dr------- C:\Documents and Settings\Geoff Vost\My Documents
2008-03-05 15:03:49 0 d--h----- C:\Documents and Settings\Geoff Vost\Local Settings
2008-03-05 15:03:38 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-03-05 15:03:35 0 d---s---- C:\Documents and Settings\Default User\UserData
2008-03-05 15:03:35 0 d-------- C:\Documents and Settings\Default User\Application Data\Real
2008-03-05 15:03:35 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia
2008-03-05 15:03:35 0 d-------- C:\Documents and Settings\Default User\Application Data\Help
2008-03-05 15:03:35 0 d-------- C:\Documents and Settings\Default User\Application Data\CyberLink
2008-03-05 15:03:35 0 d-------- C:\Documents and Settings\Default User\Application Data\Ahead
2008-03-05 15:03:35 0 d-------- C:\Documents and Settings\Default User\Application Data\Adobe

-- Find3M Report ---------------------------------------------------------------

2008-03-16 21:14:56 0 d-------- C:\Program Files\Common Files
2008-03-13 18:40:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-13 18:01:32 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-12 20:01:55 0 d-------- C:\Program Files\Messenger
2008-03-12 17:39:29 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-05 16:57:08 0 d-------- C:\Program Files\Movie Maker
2008-03-05 16:55:29 0 d-------- C:\Program Files\Windows NT
2008-03-05 16:04:08 0 d-------- C:\Program Files\CA

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [13/08/2003 04:10]
"Cmaudio"="cmicnfg.cpl" [14/10/2003 16:31 C:\WINDOWS\CMICNFG.CPL]
"CHotkey"="mHotkey.exe" [27/06/2003 22:39 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [27/06/2003 16:36 C:\WINDOWS\CNYHKey.exe]
"PCMService"="C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe" [24/06/2003 14:23]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [05/03/2008 16:11]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [16/10/2003 15:39]
"PRISMSTA.EXE"="PRISMSTA.exe" [04/08/2003 13:54 C:\WINDOWS\system32\PRISMSTA.exe]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [25/02/2008 09:46]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [04/12/2007 21:03]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 13:10]
"HotKey"="C:\WINDOWS\Twain_32\SlimU2\HotKey.exe" [07/08/2002 09:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [12/03/2008 23:09]

C:\Documents and Settings\Geoff Vost\Start Menu\Programs\Startup\
WKCALREM.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [16/04/2003 23:14:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [05/03/2008 18:27:42]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [12/03/2008 23:09:16]
Ulead Photo Express 4.0 SE Calendar Checker .lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [13/03/2008 18:41:05]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [25/02/2008 09:46 660992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
Dit.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29124ce0-eace-11dc-907d-0013d356a116}]
AutoRun\command- L:\setupSNK.exe

-- End of Deckard's System Scanner: finished at 2008-03-22 23:32:12 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1023.48 MiB / 610.25 MiB
Pagefile Memory (total/avail): 2463.96 MiB / 2139.28 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.18 MiB

C: is Fixed (NTFS) - 74.55 GiB total, 51.05 GiB free.
D: is Fixed (NTFS) - 68.64 GiB total, 66.37 GiB free.
E: is Fixed (FAT32) - 5.85 GiB total, 2.03 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 74.55 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 74.5 GiB - D: - E:

\\.\PHYSICALDRIVE3 - Medion Flash XL MMC/SD USB Device

\\.\PHYSICALDRIVE1 - Medion Flash XL CF USB Device

\\.\PHYSICALDRIVE2 - Medion Flash XL MS USB Device

\\.\PHYSICALDRIVE4 - Medion Flash XL SM USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Online Armor Firewall v2.1.0.95 (Tall Emu)
AV: AVG 7.5.519 v7.5.519 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Geoff Vost\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VOST
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Geoff Vost
LOGONSERVER=\\VOST
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\GEOFFV~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\GEOFFV~1\LOCALS~1\Temp
USERDOMAIN=VOST
USERNAME=Geoff Vost
USERPROFILE=C:\Documents and Settings\Geoff Vost
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Geoff Vost (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Acronis True Image --> C:\Program Files\Acronis\TrueImage\MediaBuilder.exe -uninstall
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7646-000000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
Canon Camera Window for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}
Canon i865 --> C:\WINDOWS\System32\CNMCP5m.exe "-PRINTERNAMECanon i865" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i865 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i865 Installer\Inst2\cnmi0409.dll"
Canon PhotoRecord --> MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
Canon RAW Image Task for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2236B741-6631-49AE-B76E-3E14CA01CC87}
Canon Utilities Easy-PhotoPrint --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint\EZUNINST.DLL"
Canon Utilities Easy-PhotoPrint Plus --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint Plus\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint Plus\EZUNINST.DLL"
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CD-LabelPrint --> "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
CloneDVD 2.2 --> "C:\Program Files\CloneDVD\unins000.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.1.4 --> "C:\Program Files\DVD Shrink\unins000.exe"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Home Cinema XL II --> "C:\Program Files\Uninstall_PCM.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Informations about your PC --> MsiExec.exe /I{0AB149EB-2AE0-466C-9BA4-3A718CF06432}
InstantCopy --> MsiExec.exe /I{9ACEBC7B-4D46-462A-929C-99177EC5BEA6}
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6253\uninstall.exe
Medi@Show --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Medion Home Cinema XL II\MediaShow\Uninst.isu"
Medion Flash XL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9
MGI PhotoSuite 4 (Remove Only) --> "C:\Program Files\MGI\MGI PhotoSuite 4\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\MGI PhotoSuite 4\Uninst.isu" -c"C:\Program Files\MGI\MGI PhotoSuite 4\System\CustomUninstall.dll"
MGI Photovista 2.02(Remove only) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\Photovista\Uninst.isu"
Microsoft AutoRoute v11.0 --> MsiExec.exe /I{8704D51E-25B7-4F23-81E7-AA4F54790220}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard - WE 2004 --> MsiExec.exe /I{045A0044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Money --> MsiExec.exe /I{1D643CD2-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money System Pack --> MsiExec.exe /I{8C64E149-54BA-11D6-91B1-00500462BE80}
Microsoft Picture It! Photo Standard 9 --> C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{B9966F27-9678-4620-9579-925E3084647E}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{33BEE6F3-9987-4F98-A069-97A64EC8321A}
MSN Messenger 6.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600602}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Online Armor 2.1 --> "C:\Program Files\Tall Emu\Online Armor\unins000.exe"
PowerCinema 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
PowerDirector --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Slim USB2 Scanner --> C:\WINDOWS\RunUnDrv.exe C:\WINDOWS\Twain_32\SlimU2\PmxScan.INF DefaultUnInstall.USB.NTX86
Ulead Photo Express 4.0 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}\setup.exe"
USB Wireless Keyboard Driver Ver1.24M --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1955A3A-EA24-4682-8641-43B5B688B09A}\Setup.exe" -l0x9
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VideoLive Mail --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FABA7C7-6DC0-11D6-9EAB-0050BAE317E1}\setup.exe" -uninstall
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
X10 Hardware(TM) --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
XML Paper Specification Shared Components Pack 1.0 -->

-- Application Event Log -------------------------------------------------------

Event Record #/Type836 / Error
Event Submitted/Written: 03/16/2008 11:51:12 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 126833367.

Event Record #/Type835 / Error
Event Submitted/Written: 03/16/2008 11:51:10 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application helpctr.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type834 / Error
Event Submitted/Written: 03/16/2008 11:47:55 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 126833367.

Event Record #/Type833 / Error
Event Submitted/Written: 03/16/2008 11:47:53 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application helpctr.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type832 / Error
Event Submitted/Written: 03/16/2008 11:45:45 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 126833367.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type9559 / Error
Event Submitted/Written: 03/22/2008 11:26:15 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type9558 / Error
Event Submitted/Written: 03/22/2008 11:26:11 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type9557 / Error
Event Submitted/Written: 03/22/2008 11:26:07 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type9482 / Warning
Event Submitted/Written: 03/22/2008 07:29:38 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type8095 / Error
Event Submitted/Written: 03/13/2008 05:54:02 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

-- End of Deckard's System Scanner: finished at 2008-03-22 23:32:12 ------------

extra.txt

ShadowPuterDude

Sat Mar 22 2008, 08:18PM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts

The Event Log is telling me that your hard drive is going bad.

Run HiJackFree.

Under Processes, kill the following processes:
LogWatNT.exe

Under Services make sure the following are stopped and set to disabled:
CA License Client
CA License Server
Event Log Watch

Uninstall each service using HiJackFree.

Now run HijackThis and fix the following, if the still exist:
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

Reboot and attach a fresh HijackThis log.

Have you created the MemTest86+ CD and ran it yet?

six-h

Sat Mar 22 2008, 08:52PM

Registered Member #138

Joined: Fri Mar 21 2008, 10:53PM
Location: Manchester UK
Posts: 17
Thanked 0 times in 0 posts

HijackThis fixed the first 4 items on the list, the others were already gone.
On clicking "Fix", the window just went white, and nothing else happened, so I closed it after ensuring there was no activity in task manager, and rebooted.

No I haven't yet burned a new bootable disk, I need to download the burning software, and the memtest86 files again.
I was afraid to upset my PC by downloading yet more software.
I'll do it now.

Heres the new HJT log : -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:45:26, on 23/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205343521984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205350058406
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1205702166_6945673d0eb6148302758105b3254e4e&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9245 bytes

[ Edited Sat Mar 22 2008, 08:56PM ]

ShadowPuterDude

Sat Mar 22 2008, 09:00PM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts

Open ExplorerXP and delete the following folder and everything in it:
C:\Program Files\CA

Empty the Recycle Bin

Run ATF Cleaner

Reboot

Run the MemTest

Use the computer for a bit then come back and tell me how things are working.

six-h

Sat Mar 22 2008, 09:41PM

Registered Member #138

Joined: Fri Mar 21 2008, 10:53PM
Location: Manchester UK
Posts: 17
Thanked 0 times in 0 posts

OK,
Deleted CA folder and contents
Recycle bin already empty.
Before I run ATF and re-boot, I've now Downloaded memtest86+-2.01, and extracted the iso file.
I've also downloaded Imgburn.

Can you guide me through creating a bootable CD using this programme, 'cos it's all double Dutch to me!
And I don't need any more coasters.

six-h

ShadowPuterDude

Sat Mar 22 2008, 10:00PM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts

Click-on Write image file to disc.

Click-on the folder with a magnifying glass next to Please select a file...

Navigate to and select the MemTest86+ ISO

Select your CD/DVD burner in Destination

Click-on the CD image to begin writing the CD.

Exit ImgBurn when finished.

six-h

Sat Mar 22 2008, 10:32PM

Registered Member #138

Joined: Fri Mar 21 2008, 10:53PM
Location: Manchester UK
Posts: 17
Thanked 0 times in 0 posts

OK, ShadowPuterDude,
I'm back.
Thanks for your instructions, disk burned OK, I'll get to understand the programme later, but it looks much simpler than Nero!
Ran ATF, and rebooted, the memtest disk was immediately detected on boot up.
I left it to do 30 cycles whilst I made some Coffee!
Came back, and no errors found!

One bit of good news since the middle of February can't be too bad!

six-h

ShadowPuterDude

Sat Mar 22 2008, 11:24PM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts

OK, looks like RAM is not an issue. However, the Event Log from the DSS scan showed that there are a couple of bad blocks on the D: drive. This may or may not be what is causing the system freezes.

There were a few services left over from ETrust that I had you remove, they shouldn't have been on the system any longer. Those could also cause conflicts.

Use the system for a day or so, then come back and let me know how things are working.

six-h

Sun Mar 23 2008, 02:30PM

Registered Member #138

Joined: Fri Mar 21 2008, 10:53PM
Location: Manchester UK
Posts: 17
Thanked 0 times in 0 posts

Hi ShadowPuterDude

After the re-set, I thought I had eradicated eTrust, sorry about that!

A few questions so that I can try to understand what's happening in the "Big Box"

"A couple of bad blocks": -
Given that my HD is relatively unused, is this a problem?
The beginning of the end for it?
Can they be "repaired" by windows, so that they are no longer addressed?
I'm surprised that errors on the D sector (Back-up) would impinge on the performance of the C sector, which is where all the action takes place, isn't it?

I don't know if this is indicative of anything, but I mentioned to Medion way back in February, that the "Windows Loading Screen" runs about 7 passes of the blue lights, then disappears for a second or so, and returns to do 2 or 3 more before the black scre