Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 15 of 15 Posts

·
Registered
Joined
·
7 Posts
Discussion Starter · #1 ·
Can someone please read my HJT log? I have been unable to complete adaware search as is always freezes as it is deep scanning my local registry file

clsid\{049bd180-1eeb-4881-84bb-2a6ac3304005

I have also been experiencing problems with an extremely slow response at times (Dell 8400 series computer only a few months old) as well as some programs such as Outlook and Word closing out on me for no reason. At other times, I experience no problems. I have Norton and have run Spybot. I am using Windows XP.

Here is my HJT log:

Natalie Grubb

1A23-2013-8064-3597-0828-6980

Windows XP 5.1
IA32
WinAspi: File 'Wnaspi32.dll': Ver=4.60 (1021), size=45056 bytes, created 10/4/2004 3:45:54 PM
ahead WinASPI: File 'C:\Program Files\Ahead\nero\Wnaspi32.dll': Ver=2.0.1.59, size=160016 bytes, created 6/17/2003 2:25:04 PM
Nero version: 6.0.0.11 (Nero Express)
Recorder: <Philips DVD+RW DVD8601> Version: 6D11 - HA 0 TA 1 - 6.0.0.11
Adapter driver: <atapi> HA 0
Drive buffer : 2048kB
Bus Type : via Inquiry data (1) -> ATAPI, detected: ATAPI
Connected to MMC as unknown drive with class-nr : 1
Drive is autodetected - recorder class: Std. MMC recorder
CD-ROM: <HL-DT-ST DVD-ROM GDR8163B>Version: 0D20 - HA 0 TA 0 - 6.0.0.11
Adapter driver: <atapi> HA 0

=== Scsi-Device-Map ===
CdRomPeripheral : HL-DT-ST DVD-ROM GDR8163B atapi Port 0 ID 0 DMA: On
CdRomPeripheral : Philips DVD+RW DVD8601 atapi Port 0 ID 1 DMA: On
DiskPeripheral : Maxtor 6Y160M0 iaStor Port 1 ID 0 DMA: On
=======================

AutoRun : 1
Excluded drive IDs:
CmdQueuing : 1
CmdNotification: 2
WriteBufferSize: 83886080 (0) Byte
ShowDrvBufStat : 0
EraseSpeed : 0
BUFE : 0
Physical memory : 1022MB (1046620kB)
Free physical memory: 653MB (668768kB)
Memory in use : 36 %
Uncached PFiles: 0x0
Use Static Write Speed Table: 0
Use Inquiry : 1
Global Bus Type: default (0)
Check supported media : Disabled (0)

21.12.2004
CD Copy
1:42:44 PM #1 Phase 90 File dlgbrnst.cpp, Line 1843
Buffer Underrun Protection activated

1:42:44 PM #2 Text 0 File Reader.cpp, Line 118
Reader running

1:42:44 PM #3 Text 0 File Writer.cpp, Line 127
Writer Philips DVD+RW DVD8601 running

1:42:44 PM #4 Phase 48 File dlgbrnst.cpp, Line 1843
Analyzing disc

1:42:44 PM #5 CDCOPY -1 File CDCopy.cpp, Line 1868
The CD is copyrighted

1:42:46 PM #6 Text 0 File CDCopy.cpp, Line 2084
_Index0_ _______Index1_______ PostPause ___LastBlockOfTrack_
Track 1: 0 0 ( 0:02.00) 17632 17631 ( 3:57.06)
Track 2: 17632 17632 ( 3:57.07) 32592 32591 ( 7:16.41)
Track 3: 32592 32592 ( 7:16.42) 51082 51081 ( 11:23.06)
Track 4: 51082 51082 ( 11:23.07) 67087 67086 ( 14:56.36)
Track 5: 67087 67087 ( 14:56.37) 85882 85881 ( 19:07.06)
Track 6: 85882 85882 ( 19:07.07) 105965 105964 ( 23:34.64)
Track 7: 105965 105965 ( 23:34.65) 125255 125254 ( 27:52.04)
Track 8: 125255 125255 ( 27:52.05) 143447 143446 ( 31:54.46)
Track 9: 143447 143447 ( 31:54.47) 159842 159841 ( 35:33.16)
Track 10: 159842 159842 ( 35:33.17) 181677 181676 ( 40:24.26)
Track 11: 181677 181677 ( 40:24.27) 195437 195436 ( 43:27.61)
Track 12: 195437 195437 ( 43:27.62) 215472 215471 ( 47:54.71)
Track 13: 215472 215472 ( 47:54.72) 231895 231894 ( 51:33.69)
Track 14: 231895 231895 ( 51:33.70) 246472 246471 ( 54:48.21)
Track 15: 246472 246472 ( 54:48.22) 261697 261696 ( 58:11.21)
Track 16: 261697 261697 ( 58:11.22) 277065 277064 ( 61:36.14)
Track 17: 277065 277065 ( 61:36.15) 291897 291896 ( 64:53.71)
Track 18: 291897 291897 ( 64:53.72) 308985 308984 ( 68:41.59)

1:42:46 PM #7 Text 0 File CDCopy.cpp, Line 839
Copy options: copy on-the-fly: ON
read ISRC/MCN: OFF
use jitter correction: OFF
data options
ignore read error: ON write defekt blocks OFF
read raw data: OFF read r-w subchannel data: OFF
audio options
ignore read error: ON
read indexes: OFF read r-w subchannel data: OFF
source disc does not look like CD Extra
01. 0 - 17632 = 17632, audio (TRM_AUDIO_NOPRE, block size 2352)
02. 17632 - 32592 = 14960, audio (TRM_AUDIO_NOPRE, block size 2352)
03. 32592 - 51082 = 18490, audio (TRM_AUDIO_NOPRE, block size 2352)
04. 51082 - 67087 = 16005, audio (TRM_AUDIO_NOPRE, block size 2352)
05. 67087 - 85882 = 18795, audio (TRM_AUDIO_NOPRE, block size 2352)
06. 85882 - 105965 = 20083, audio (TRM_AUDIO_NOPRE, block size 2352)
07. 105965 - 125255 = 19290, audio (TRM_AUDIO_NOPRE, block size 2352)
08. 125255 - 143447 = 18192, audio (TRM_AUDIO_NOPRE, block size 2352)
09. 143447 - 159842 = 16395, audio (TRM_AUDIO_NOPRE, block size 2352)
10. 159842 - 181677 = 21835, audio (TRM_AUDIO_NOPRE, block size 2352)
11. 181677 - 195437 = 13760, audio (TRM_AUDIO_NOPRE, block size 2352)
12. 195437 - 215472 = 20035, audio (TRM_AUDIO_NOPRE, block size 2352)
13. 215472 - 231895 = 16423, audio (TRM_AUDIO_NOPRE, block size 2352)
14. 231895 - 246472 = 14577, audio (TRM_AUDIO_NOPRE, block size 2352)
15. 246472 - 261697 = 15225, audio (TRM_AUDIO_NOPRE, block size 2352)
16. 261697 - 277065 = 15368, audio (TRM_AUDIO_NOPRE, block size 2352)
17. 277065 - 291897 = 14832, audio (TRM_AUDIO_NOPRE, block size 2352)
18. 291897 - 308985 = 17088, audio (TRM_AUDIO_NOPRE, block size 2352)

1:43:11 PM #8 Text 0 File Burncd.cpp, Line 3173
Turn on Disc-at-once, using CD-R/RW media

1:43:11 PM #9 Text 0 File DlgWaitCD.cpp, Line 228
Last possible write address on media: 359845 (79:59.70)
Last address to be written: 308984 (68:41.59)

1:43:11 PM #10 Text 0 File DlgWaitCD.cpp, Line 233
Write in overburning mode: FALSE

1:43:11 PM #11 Text 0 File DlgWaitCD.cpp, Line 1722
Recorder: Philips DVD+RW DVD8601;
CDR code: 00 97 26 66; OSJ entry from: CMC Magnetics Corporation
ATIP Data:
Special Info [hex] 1: D0 00 98, 2: 61 1A 42 (LI 97:26.66), 3: 4F 3B 47 (LO 79:59.71)
Additional Info [hex] 1: 00 00 00 (invalid), 2: 00 00 00 (invalid), 3: 00 00 00 (invalid)

1:43:11 PM #12 Text 0 File ThreadedTransferInterface.cpp, Line 768
Setup items (after recorder preparation)
0: TRM_AUDIO_NOPRE (1 Audio)
2 indices, index0 (150) not provided
original disc pos #0 + 17632 (17632) = #17632/3:55.7
relocatable, disc pos for caching/writing not required/not required, no patch infos
-> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 17632 blocks [Philips DVD+RW DVD8601 ]
1: TRM_AUDIO_NOPRE (2 Audio)
2 indices, index0 (0) provided
original disc pos #17632 + 14960 (14960) = #32592/7:14.42
relocatable, disc pos for caching/writing not required/not required, no patch infos
-> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 14960 blocks [Philips DVD+RW DVD8601 ]
2: TRM_AUDIO_NOPRE (3 Audio)
2 indices, index0 (0) provided
original disc pos #32592 + 18490 (18490) = #51082/11:21.7
relocatable, disc pos for caching/writing not required/not required, no patch infos
-> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 18490 blocks [Philips DVD+RW DVD8601 ]
3: TRM_AUDIO_NOPRE (4 Audio)
2 indices, index0 (0) provided
original disc pos #51082 + 16005 (16005) = #67087/14:54.37
relocatable, disc pos for caching/writing not required/not required, no patch infos
-> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 16005 blocks [Philips DVD+RW DVD8601 ]
4: TRM_AUDIO_NOPRE (5 Audio)
2 indices, index0 (0) provided
original disc pos #67087 + 18795 (18795) = #85882/19:5.7
relocatable, disc pos for caching/writing not required/not required, no patch infos
-> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 18795 blocks [Philips DVD+RW DVD8601 ]
5: TRM_AUDIO_NOPRE (6 Audio)
2 indices, index0 (0) provided
original disc pos #85882 + 20083 (20083) = #105965/23:32.65
relocatable, disc pos for caching/writing not required/not required, no patch infos
-> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 20083 blocks [Philips DVD+RW DVD8601 ]
6: TRM_AUDIO_NOPRE (7 Audio)
2 indices, index0 (0) provided
original disc pos #105965 + 19290 (19290) = #125255/27:50.5
relocatable, disc pos for caching/writing not required/not required, no patch infos
-> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 19290 blocks [Philips DVD+RW DVD8601 ]
7: TRM_AUDIO_NOPRE (8 Audio)
2 indices, index0 (0) provided
original disc pos #125255 + 18192 (18192) = #143447/31:52.47
relocatable, disc pos for caching/writing not required/not required, no patch infos
-> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 18192 blocks [Philips DVD+RW DVD8601 ]
8: TRM_AUDIO_NOPRE (9 Audio)
2 indices, index0 (0) provided
original disc pos #143447 + 16395 (16395) = #159842/35:31.17
relocatable, disc pos for caching/writing not required/not required, no patch infos
-> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 16395 blocks [Philips DVD+RW DVD8601 ]
9: TRM_AUDIO_NOPRE (10 Audio)
2 indices, index0 (0) provided
original disc pos #159842 + 21835 (21835) = #181677/40:22.27
relocatable, disc pos for caching/writing not required/not required, no patch infos
-> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 21835 blocks [Philips DVD+RW DVD8601 ]
10: TRM_AUDIO_NOPRE (11 Audio)
2 indices, index0 (0) provided
original disc pos #181677 + 13760 (13760) = #195437/43:25.62
relocatable, disc pos for caching/writing not required/not required, no patch infos
-> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 13760 blocks [Philips DVD+RW DVD8601 ]
11: TRM_AUDIO_NOPRE (12 Audio)
2 indices, index0 (0) provided
original disc pos #195437 + 20035 (20035) = #215472/47:52.72
relocatable, disc pos for caching/writing not required/not required, no patch infos
-> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 20035 blocks [Philips DVD+RW DVD8601 ]
12: TRM_AUDIO_NOPRE (13 Audio)
2 indices, index0 (0) provided
original disc pos #215472 + 16423 (16423) = #231895/51:31.70
relocatable, disc pos for caching/writing not required/not required, no patch infos
-> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 16423 blocks [Philips DVD+RW DVD8601 ]
13: TRM_AUDIO_NOPRE (14 Audio)
2 indices, index0 (0) provided
original disc pos #231895 + 14577 (14577) = #246472/54:46.22
relocatable, disc pos for caching/writing not required/not required, no patch infos
-> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 14577 blocks [Philips DVD+RW DVD8601 ]
14: TRM_AUDIO_NOPRE (15 Audio)
2 indices, index0 (0) provided
original disc pos #246472 + 15225 (15225) = #261697/58:9.22
relocatable, disc pos for caching/writing not required/not required, no patch infos
-> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 15225 blocks [Philips DVD+RW DVD8601 ]
15: TRM_AUDIO_NOPRE (16 Audio)
2 indices, index0 (0) provided
original disc pos #261697 + 15368 (15368) = #277065/61:34.15
relocatable, disc pos for caching/writing not required/not required, no patch infos
-> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 15368 blocks [Philips DVD+RW DVD8601 ]
16: TRM_AUDIO_NOPRE (17 Audio)
2 indices, index0 (0) provided
original disc pos #277065 + 14832 (14832) = #291897/64:51.72
relocatable, disc pos for caching/writing not required/not required, no patch infos
-> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 14832 blocks [Philips DVD+RW DVD8601 ]
17: TRM_AUDIO_NOPRE (18 Audio)
2 indices, index0 (0) provided
original disc pos #291897 + 17088 (17088) = #308985/68:39.60
relocatable, disc pos for caching/writing not required/not required, no patch infos
-> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 17088 blocks [Philips DVD+RW DVD8601 ]
--------------------------------------------------------------

1:43:11 PM #13 Text 0 File ThreadedTransferInterface.cpp, Line 937
Prepare recorder [Philips DVD+RW DVD8601 ] for write in CUE-sheet-DAO
DAO infos:
==========
MCN: ""
TOCType: 0x00; Session Closed, disc fixated
Tracks 1 to 18:
1: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 0 352800 41823264, ISRC ""
2: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 41823264 41823264 77009184, ISRC ""
3: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 77009184 77009184 120497664, ISRC ""
4: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 120497664 120497664 158141424, ISRC ""
5: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 158141424 158141424 202347264, ISRC ""
6: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 202347264 202347264 249582480, ISRC ""
7: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 249582480 249582480 294952560, ISRC ""
8: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 294952560 294952560 337740144, ISRC ""
9: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 337740144 337740144 376301184, ISRC ""
10: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 376301184 376301184 427657104, ISRC ""
11: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 427657104 427657104 460020624, ISRC ""
12: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 460020624 460020624 507142944, ISRC ""
13: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 507142944 507142944 545769840, ISRC ""
14: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 545769840 545769840 580054944, ISRC ""
15: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 580054944 580054944 615864144, ISRC ""
16: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 615864144 615864144 652009680, ISRC ""
17: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 652009680 652009680 686894544, ISRC ""
18: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 686894544 686894544 727085520, ISRC ""
DAO layout:
===========
__Start_|____Track_|_Idx_|_RecDep_|_CtrlAdr_
-150 | lead-in | 0 | 0x00 | 0x01
-150 | 1 | 0 | 0x00 | 0x01
0 | 1 | 1 | 0x00 | 0x01
17632 | 2 | 0 | 0x00 | 0x01
17632 | 2 | 1 | 0x00 | 0x01
32592 | 3 | 0 | 0x00 | 0x01
32592 | 3 | 1 | 0x00 | 0x01
51082 | 4 | 0 | 0x00 | 0x01
51082 | 4 | 1 | 0x00 | 0x01
67087 | 5 | 0 | 0x00 | 0x01
67087 | 5 | 1 | 0x00 | 0x01
85882 | 6 | 0 | 0x00 | 0x01
85882 | 6 | 1 | 0x00 | 0x01
105965 | 7 | 0 | 0x00 | 0x01
105965 | 7 | 1 | 0x00 | 0x01
125255 | 8 | 0 | 0x00 | 0x01
125255 | 8 | 1 | 0x00 | 0x01
143447 | 9 | 0 | 0x00 | 0x01
143447 | 9 | 1 | 0x00 | 0x01
159842 | 10 | 0 | 0x00 | 0x01
159842 | 10 | 1 | 0x00 | 0x01
181677 | 11 | 0 | 0x00 | 0x01
181677 | 11 | 1 | 0x00 | 0x01
195437 | 12 | 0 | 0x00 | 0x01
195437 | 12 | 1 | 0x00 | 0x01
215472 | 13 | 0 | 0x00 | 0x01
215472 | 13 | 1 | 0x00 | 0x01
231895 | 14 | 0 | 0x00 | 0x01
231895 | 14 | 1 | 0x00 | 0x01
246472 | 15 | 0 | 0x00 | 0x01
246472 | 15 | 1 | 0x00 | 0x01
261697 | 16 | 0 | 0x00 | 0x01
261697 | 16 | 1 | 0x00 | 0x01
277065 | 17 | 0 | 0x00 | 0x01
277065 | 17 | 1 | 0x00 | 0x01
291897 | 18 | 0 | 0x00 | 0x01
291897 | 18 | 1 | 0x00 | 0x01
308985 | lead-out | 1 | 0x00 | 0x01

1:43:11 PM #14 Phase 36 File dlgbrnst.cpp, Line 1843
Burn process started at 32x (4,800 KB/s)

1:43:11 PM #15 Text 0 File ThreadedTransferInterface.cpp, Line 2130
Verifying disc position of item 0 (relocatable, no disc pos, no patch infos, orig at #0): write at #0

1:43:11 PM #16 Text 0 File ThreadedTransferInterface.cpp, Line 2130
Verifying disc position of item 1 (relocatable, no disc pos, no patch infos, orig at #17632): write at #17632

1:43:11 PM #17 Text 0 File ThreadedTransferInterface.cpp, Line 2130
Verifying disc position of item 2 (relocatable, no disc pos, no patch infos, orig at #32592): write at #32592

1:43:11 PM #18 Text 0 File ThreadedTransferInterface.cpp, Line 2130
Verifying disc position of item 3 (relocatable, no disc pos, no patch infos, orig at #51082): write at #51082

1:43:11 PM #19 Text 0 File ThreadedTransferInterface.cpp, Line 2130
Verifying disc position of item 4 (relocatable, no disc pos, no patch infos, orig at #67087): write at #67087

1:43:11 PM #20 Text 0 File ThreadedTransferInterface.cpp, Line 2130
Verifying disc position of item 5 (relocatable, no disc pos, no patch infos, orig at #85882): write at #85882

1:43:11 PM #21 Text 0 File ThreadedTransferInterface.cpp, Line 2130
Verifying disc position of item 6 (relocatable, no disc pos, no patch infos, orig at #105965): write at #105965

1:43:11 PM #22 Text 0 File ThreadedTransferInterface.cpp, Line 2130
Verifying disc position of item 7 (relocatable, no disc pos, no patch infos, orig at #125255): write at #125255

1:43:11 PM #23 Text 0 File ThreadedTransferInterface.cpp, Line 2130
Verifying disc position of item 8 (relocatable, no disc pos, no patch infos, orig at #143447): write at #143447

1:43:11 PM #24 Text 0 File ThreadedTransferInterface.cpp, Line 2130
Verifying disc position of item 9 (relocatable, no disc pos, no patch infos, orig at #159842): write at #159842

1:43:11 PM #25 Text 0 File ThreadedTransferInterface.cpp, Line 2130
Verifying disc position of item 10 (relocatable, no disc pos, no patch infos, orig at #181677): write at #181677

1:43:11 PM #26 Text 0 File ThreadedTransferInterface.cpp, Line 2130
Verifying disc position of item 11 (relocatable, no disc pos, no patch infos, orig at #195437): write at #195437

1:43:11 PM #27 Text 0 File ThreadedTransferInterface.cpp, Line 2130
Verifying disc position of item 12 (relocatable, no disc pos, no patch infos, orig at #215472): write at #215472

1:43:11 PM #28 Text 0 File ThreadedTransferInterface.cpp, Line 2130
Verifying disc position of item 13 (relocatable, no disc pos, no patch infos, orig at #231895): write at #231895

1:43:11 PM #29 Text 0 File ThreadedTransferInterface.cpp, Line 2130
Verifying disc position of item 14 (relocatable, no disc pos, no patch infos, orig at #246472): write at #246472

1:43:11 PM #30 Text 0 File ThreadedTransferInterface.cpp, Line 2130
Verifying disc position of item 15 (relocatable, no disc pos, no patch infos, orig at #261697): write at #261697

1:43:11 PM #31 Text 0 File ThreadedTransferInterface.cpp, Line 2130
Verifying disc position of item 16 (relocatable, no disc pos, no patch infos, orig at #277065): write at #277065

1:43:11 PM #32 Text 0 File ThreadedTransferInterface.cpp, Line 2130
Verifying disc position of item 17 (relocatable, no disc pos, no patch infos, orig at #291897): write at #291897

1:43:11 PM #33 Text 0 File Mmc.cpp, Line 14420
StartDAO : CD-Text - On

1:43:11 PM #34 Text 0 File Mmc.cpp, Line 18878
Set BUFE: supported -> ON

1:43:11 PM #35 Text 0 File Mmc.cpp, Line 14720
CueData, Len=304
01 00 00 41 00 00 00 00
01 01 00 00 00 00 00 00
01 01 01 00 00 00 02 00
01 02 00 00 00 03 39 07
01 02 01 00 00 03 39 07
01 03 00 00 00 07 10 2a
01 03 01 00 00 07 10 2a
01 04 00 00 00 0b 17 07
01 04 01 00 00 0b 17 07
01 05 00 00 00 0e 38 25
01 05 01 00 00 0e 38 25
01 06 00 00 00 13 07 07
01 06 01 00 00 13 07 07
01 07 00 00 00 17 22 41
01 07 01 00 00 17 22 41
01 08 00 00 00 1b 34 05
01 08 01 00 00 1b 34 05
01 09 00 00 00 1f 36 2f
01 09 01 00 00 1f 36 2f
01 0a 00 00 00 23 21 11
01 0a 01 00 00 23 21 11
01 0b 00 00 00 28 18 1b
01 0b 01 00 00 28 18 1b
01 0c 00 00 00 2b 1b 3e
01 0c 01 00 00 2b 1b 3e
01 0d 00 00 00 2f 36 48
01 0d 01 00 00 2f 36 48
01 0e 00 00 00 33 21 46
01 0e 01 00 00 33 21 46
01 0f 00 00 00 36 30 16
01 0f 01 00 00 36 30 16
01 10 00 00 00 3a 0b 16
01 10 01 00 00 3a 0b 16
01 11 00 00 00 3d 24 0f
01 11 01 00 00 3d 24 0f
01 12 00 00 00 40 35 48
01 12 01 00 00 40 35 48
01 aa 01 01 00 44 29 3c

1:43:38 PM #36 SCSI -1076 File Cdrdrv.cpp, Line 1415
SCSI Exec, HA 0, TA 1, LUN 0, buffer 0x03E00000
Status: 0x04 (0x01, SCSI_ERR)
HA-Status 0x00 (0x00, OK)
TA-Status 0x02 (0x01, SCSI_TASTATUS_CHKCOND)
Sense Key: 0x06 (KEY_UNIT_ATTENTION)
Sense Code: 0x28
Sense Qual: 0x00
CDB Data: 0x2A 0x00 0xFF 0xFF 0xD2 0x8E 0x00 0x02 0xAA 0x00 0x00 0x00
Sense Data: 0x70 0x00 0x06 0x00 0x00 0x00 0x00 0x12
0x00 0x00 0x00 0x00 0x28 0x00

1:43:38 PM #37 CDR -1114 File Writer.cpp, Line 335
Reset occurred

1:43:38 PM #38 Text 0 File ThreadedTransfer.cpp, Line 227
all writers idle, stopping conversion

1:43:38 PM #39 Text 0 File ThreadedTransfer.cpp, Line 221
conversion idle, stopping reader

1:43:38 PM #40 Text 0 File dlgbrnst.cpp, Line 1703
Set remaining time: 0:00,000 (0ms) -> OK

1:43:38 PM #41 Phase 38 File dlgbrnst.cpp, Line 1843
Burn process failed at 32x (4,800 KB/s)

Existing drivers:
File 'Drivers\ADPU160M.SYS': Ver=v3.60a (Lab01_N(johnstra).010529-2218), size=101888 bytes, created 8/17/2001 2:07:32 PM
File 'Drivers\ASPI32.SYS': Ver=4.60 (1021), size=25244 bytes, created 10/4/2004 3:45:54 PM
File 'Drivers\PXHELP20.SYS': Ver=2.02.70a, size=20176 bytes, created 3/3/2004 2:02:00 AM (Prassi/Veritas driver for win 2K)
File 'Drivers\atapi.sys': Ver=5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), size=95360 bytes, created 8/4/2004 12:59:42 AM (Adapter driver for rec)

Registry Keys:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\AllocateCDROMs : 0 (Security Option)
 

·
Retired Moderator
Joined
·
72,109 Posts
Hi linzer99, Welcome to TSG!!

Create a permanent folder on your hard drive for Hijackthis, like My Documents\HJT
Click on this link: http://www.spywareinfo.com/~merijn/files/HijackThis.exe and "Save" hijackthis to the folder you have created.

Double click on the program to run hijackthis, click "scan" then click on "Save Log".

Post a copy back here and someone will be happy to review it.

Don't make any changes until instructed to do so.
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #3 ·
Logfile of HijackThis v1.99.0
Scan saved at 11:40:26 AM, on 1/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Natalie Grubb\My Documents\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

·
Registered
Joined
·
230 Posts
please click on that link and download hijack this, and put it in a folder you make and name hijack, Run it and select "do a system scan and save the log file". Then copy/paste the contents of the log to a reply.
 

·
Retired Moderator
Joined
·
72,109 Posts
Run HJT again and put a check in the following:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)

Close all applications and browser windows before you click "fix checked".

Go to Start, Run, type %temp%, click OK
Delete the entire contents of this folder.

Now run adaware again. When it finds 50 items hit the cancel button and fix those, repeat until you can complete a full scan.
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #7 ·
Followed instructions. Ran adaware again (perform full system scan) and it locked up again at the same file while deep scanning local registry (clsid\{049bd180-1eeb-4881-84bb-2a6ac3304005). This happens within a few seconds before any infected files are found. Here is the most recent HJT log:

Logfile of HijackThis v1.99.0
Scan saved at 1:07:02 PM, on 1/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Natalie Grubb\My Documents\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #11 ·
I do not know how to export my registry. Can you walk me throught that? When you say to give you the entire key, what else besides "clsid\{049bd180-1eeb-4881-84bb-2a6ac3304005" do you mean?
 

·
Retired Moderator
Joined
·
72,109 Posts
Open the registry, go to start, run, type regedit. Now go to Registry, export registry file. By Default mine wants to save to My documents, your's may be different and you can put the backup anywhere you like. For the name you can call it anything you like I would suggest backup or something you will know the meaning of.
 

·
Retired Moderator
Joined
·
72,109 Posts
Sorry, I thought I had given you a reply. Perhaps that is when the site went down yesterday... :eek:

Open your registry again and go to Edit, find, paste this into the box
049bd180-1eeb-4881-84bb-2a6ac3304005

When you find this entry delete it. Press the F3 key to search again until you get to the end.
 
1 - 15 of 15 Posts
Status
Not open for further replies.
Top