Logfile of HijackThis v1.99.1
Scan saved at 8:23:42 PM, on 2/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Check for High CPU Usage:
When it is running slow: Close all active programs then rightclick on the clock
and select Task Manager then select Processes. Click once or twice on the CPU
column heading until you get the bigger numbers at the top in that column. What
are the top three processes and what % do they each take. What does it say for
CPU usage at the bottom of the window?
Blacklight Rootkit Detector:
Download Blacklight trial from here:
http://www.f-secure.com/blacklight/ Hit "I accept." It will take you to the download page. Download blbeta.exe and
save it to the Desktop. Once saved... double click blbeta.exe (you may not be
able to see the .exe) to install the program. Click Accept Agreement and click
Scan This app may trigger a warning from your antivirus. Let the driver load.
Wait for it to finish. If it displays any items...don't do anything with them
yet. Just hit exit (close) It will drop a log on Desktop that starts with
fsbl....big number
Please post contents of log in your next reply.
Check for a bad file in System32:
Start, Run, sigverif, OK then press Start and wait for the program to finish.
What does it find?
On the CPU usage I need the percentage of CPU that you find in the column under CPU. Don't need the memory column info.
Check the Event logs for errors:
Start, Run, eventvwr.msc, OK then select System. Look for red marked files that
have a time stamp about the time of the slowdown. Open the event then click on
the bottom of the three buttons to copy the text. Move to a reply and Edit,
Paste. Repeat for any other different errors that happened during the last
slowdown period or last reboot. Please don't go back to the beginning of time
and no events from a Safe Mode boot. Repeat for Application. If your PC speaks
something other than English don't translate it unless it doesn't use the Latin
alphabet and then please include the timestamps.
The Application Management service terminated with the following error:
The specified module could not be found. For more information, see Help and ?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />SupportCenter at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 2/4/2007
Time: 4:08:59 PM
User: N/A
Computer:DBNR9981
Description:
The AVG7 Kernel service failed to start due to the following error:
Description:Faulting application LVPrcSrv.exe, version 9.5.0.1098, faulting module kernel32.dll, version 5.1.2600.2945, fault address 0x000edf9c.
For more information, see Help and SupportCenter at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 4c 56 50 ure LVP
0018: 72 63 53 72 76 2e 65 78 rcSrv.ex
0020: 65 20 39 2e 35 2e 30 2e e 9.5.0.
0028: 31 30 39 38 20 69 6e 20 1098 in
0030: 6b 65 72 6e 65 6c 33 32 kernel32
0038: 2e 64 6c 6c 20 35 2e 31 .dll 5.1
0040: 2e 32 36 30 30 2e 32 39 .2600.29
0048: 34 35 20 61 74 20 6f 66 45 at of
0050: 66 73 65 74 20 30 30 30 fset 000
0058: 65 64 66 39 63 edf9c
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 2/4/2007
Time: 12:51:42 PM
User: NT AUTHORITY\SYSTEM
Computer: DBNR9981
Description:
Windows saved user DBNR9981\Liviu registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
No Ron I didn't have kaspersky installed on my pc. As I told you this should be caused br Dr watson Debugger as I get a lot of error messages with Dr. Watson Postmortem debugger in the title. How does my HIJack log looks like? Do you see anything.
Here are some more appliction errors:
Event Type: Information
Event Source: EvtEng
Event Category: None
Event ID: 0
Date: 2/4/2007
Time: 2:43:03 PM
User: N/A
Computer: DBNR9981
Description:
The description for Event ID ( 0 ) in Source ( EvtEng ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
Event Type: Information
Event Source: RegSrvc
Event Category: None
Event ID: 0
Date: 2/4/2007
Time: 2:43:30 PM
User: N/A
Computer: DBNR9981
Description:
The description for Event ID ( 0 ) in Source ( RegSrvc ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 48 50 5a ure HPZ
0018: 69 70 6d 31 32 2e 65 78 ipm12.ex
0020: 65 20 39 2e 30 2e 30 2e e 9.0.0.
0028: 30 20 69 6e 20 6b 65 72 0 in ker
0030: 6e 65 6c 33 32 2e 64 6c nel32.dl
0038: 6c 20 35 2e 31 2e 32 36 l 5.1.26
0040: 30 30 2e 32 39 34 35 20 00.2945
0048: 61 74 20 6f 66 66 73 65 at offse
0050: 74 20 30 30 30 65 64 66 t 000edf
0058: 39 63 9c
Event Type: Information
Event Source: EAPOL
Event Category: None
Event ID: 2002
Date: 2/4/2007
Time: 2:44:04 PM
User: N/A
Computer: DBNR9981
Description:
The description for Event ID ( 2002 ) in Source ( EAPOL ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: The event log file is corrupt..
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 33 32 31 37 38 37 35 37 32178757
0010: 38 0d 0a 8..
Logfile of HijackThis v1.99.1
Scan saved at 6:36:02 PM, on 2/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
I checked againt the events log and I noticed this:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 2/4/2007
Time: 7:19:45 PM
User: N/A
Computer: DBNR9981
Description:
The kl1 service failed to start due to the following error:
The system cannot find the file specified.
Could this be related with the next error and could it be because I uninstalled the McAfee Security software. My subscription was up and I got Zonelab. So I uninstalled McAfee. Could this be the problem. Pls. look at this:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 2/4/2007
Time: 7:19:11 PM
User: N/A
Computer: DBNR9981
Description:
The McAfee WSC Integration service failed to start due to the following error:
The system cannot find the file specified.
If they do not go away then Start, Run, Services.msc, OK then Standard then find anything that starts with McAfee and doubleclick. Change the StartupType: to Disabled. OK Repeat for anything that has McAfee in the name.
Then reboot and check the event logs and see if you are still getting any of the mcafee errors.
Start, Run, drwtsn32, OK this should bring up a little window . At the top it says: Log FIle Path then a box and a Browse button. Click on the Browse button and then on Desktop then OK.
Then when you get another DrWatson error you will get a log file on your desktop. Doubleclick on it and copy the text into a reply .
I did what you told me to do and I didn't get anymore popups and actually my computer was running great yesterday until today when it totally froze without having anymore popups coming up.
I send you the error logs and pls. tell me what to do.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 2/6/2007
Time: 6:37:38 PM
User: N/A
Computer: DBNR9981
Description:
The kl1 service failed to start due to the following error:
The system cannot find the file specified.
What's this kl.dll. What to do? I think my computer is freezing because of this. When I wanted to uninstall McAfee I tried to do it several times without success. So I had to download a removal tool from McAfee customer services and it worked. Could this removal tool erase that driver I'm missing?
liviu_lupsor
9 Posts
0
February 3rd, 2007 23:00
Scan saved at 8:23:42 PM, on 2/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Liviu\My Documents\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
RKinner
2 Intern
•
5.9K Posts
0
February 3rd, 2007 23:00
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Message Edited by RKinner on 02-03-2007 07:08 PM
RKinner
2 Intern
•
5.9K Posts
0
February 4th, 2007 10:00
When it is running slow: Close all active programs then rightclick on the clock
and select Task Manager then select Processes. Click once or twice on the CPU
column heading until you get the bigger numbers at the top in that column. What
are the top three processes and what % do they each take. What does it say for
CPU usage at the bottom of the window?
Blacklight Rootkit Detector:
Download Blacklight trial from here: http://www.f-secure.com/blacklight/
Hit "I accept." It will take you to the download page. Download blbeta.exe and
save it to the Desktop. Once saved... double click blbeta.exe (you may not be
able to see the .exe) to install the program. Click Accept Agreement and click
Scan This app may trigger a warning from your antivirus. Let the driver load.
Wait for it to finish. If it displays any items...don't do anything with them
yet. Just hit exit (close) It will drop a log on Desktop that starts with
fsbl....big number
Please post contents of log in your next reply.
Start, Run, sigverif, OK then press Start and wait for the program to finish.
What does it find?
liviu_lupsor
9 Posts
0
February 4th, 2007 15:00
First of all, thank you for your help Ron,
It�s really appreciated.
CPU usage 100% and here are the most 3 consuming processes:
DVDLauncher. Exe 23524k
ZCfgSvc.exe 34553k
Mantispm.exe 31300k
Sometimes I see a lot of cpu usage from WinWord.exe and IEXPLORER.exe if it helps you.
Processes 107 CPU usage 100% Commit Charge 668m/1154m
Also, I�ve notice that when the popups are coming 2 processes keep on repeating in the task manager:
drwtsn32.exe
dwwin.exe
Blacklight Rootkit Detector found no hidden files. Here�s the log:
02/04/07 10:26:37 [Info]: BlackLight Engine 1.0.55 initialized
02/04/07 10:26:37 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/04/07 10:26:38 [Note]: 7019 4
02/04/07 10:26:38 [Note]: 7005 0
02/04/07 10:26:44 [Note]: 7006 0
02/04/07 10:26:44 [Note]: 7011 3656
02/04/07 10:26:44 [Note]: 7026 0
02/04/07 10:26:45 [Note]: 7026 0
02/04/07 10:26:58 [Note]: FSRAW library version 1.7.1021
02/04/07 10:37:32 [Note]: 7007 0
Microsoft Signature Verification found the following files that are not digitally signed:
omci.sys 2/13/2004 7.1.382.0 Not Signed
acfpdf.txt 9/20/2002 None Not Signed
acpdf207.dll 9/20/2002 0.2.0.207 Not Signed N/A
acpdfui207.dll 9/20/2002 0.2.0.207 Not Signed
mdigraph.dll 6/18/2003 0.3.1897.0 Not Signed N/A
mdiui.dll 6/18/2003 0.3.1897.0 Not Signed
I have a lot of popups coming on all the time. Here are some of the them:
PML Driver has encountered a problem and needs to close. We are sorry for the inconvenience.
Dr. Watson Postmortem Debugger has encountered a problem and must close.
RKinner
2 Intern
•
5.9K Posts
0
February 4th, 2007 19:00
Start, Run, eventvwr.msc, OK then select System. Look for red marked files that
have a time stamp about the time of the slowdown. Open the event then click on
the bottom of the three buttons to copy the text. Move to a reply and Edit,
Paste. Repeat for any other different errors that happened during the last
slowdown period or last reboot. Please don't go back to the beginning of time
and no events from a Safe Mode boot. Repeat for Application. If your PC speaks
something other than English don't translate it unless it doesn't use the Latin
alphabet and then please include the timestamps.
Ron
liviu_lupsor
9 Posts
0
February 4th, 2007 20:00
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 2/4/2007
Time: 4:00:43 PM
User: N/A
Computer: DBNR9981
Description:
The Application Management service terminated with the following error:
The specified module could not be found. For more information, see Help and ?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />SupportCenter at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 2/4/2007
Time: 4:08:59 PM
User: N/A
Computer:DBNR9981
Description:
The AVG7 Kernel service failed to start due to the following error:
Access is denied. For more information, see Help and SupportCenter at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 2/4/2007
Time: 4:04:30 PM
User: N/A
Computer: DBNR9981
Description:
The following boot-start or system-start driver(s) failed to load:
kl1For more information, see Help and SupportCenter at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source:Application Error
Event Category: (100)
Event ID: 1000
Date: 2/4/2007
Time: 3:07:56 PM
User: N/A
Computer: DBNR9981
Description:Faulting application LVPrcSrv.exe, version 9.5.0.1098, faulting module kernel32.dll, version 5.1.2600.2945, fault address 0x000edf9c.
For more information, see Help and SupportCenter at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 4c 56 50 ure LVP
0018: 72 63 53 72 76 2e 65 78 rcSrv.ex
0020: 65 20 39 2e 35 2e 30 2e e 9.5.0.
0028: 31 30 39 38 20 69 6e 20 1098 in
0030: 6b 65 72 6e 65 6c 33 32 kernel32
0038: 2e 64 6c 6c 20 35 2e 31 .dll 5.1
0040: 2e 32 36 30 30 2e 32 39 .2600.29
0048: 34 35 20 61 74 20 6f 66 45 at of
0050: 66 73 65 74 20 30 30 30 fset 000
0058: 65 64 66 39 63 edf9c
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 2/4/2007
Time: 12:51:42 PM
User: NT AUTHORITY\SYSTEM
Computer: DBNR9981
Description:
Windows saved user DBNR9981\Liviu registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and SupportCenter at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 2/4/2007
Time: 11:47:45 AM
User: N/A
Computer: DBNR9981
Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module , version 0.0.0.0, fault address 0x00000000.
For more information, see Help and SupportCenter at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 64 72 77 ure drw
0018: 74 73 6e 33 32 2e 65 78 tsn32.ex
0020: 65 20 35 2e 31 2e 32 36 e 5.1.26
0028: 30 30 2e 30 20 69 6e 20 00.0 in
0030: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0038: 20 61 74 20 6f 66 66 73 at offs
0040: 65 74 20 30 30 30 30 30 et 00000
0048: 30 30 30 0d 0a 000..
Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 2/4/2007
Time: 11:52:26 AM
User: N/A
Computer: DBNR9981
Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module kernel32.dll, version 5.1.2600.2945, fault address 0x000edf9c.
For more information, see Help and SupportCenter at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 64 72 77 ure drw
0018: 74 73 6e 33 32 2e 65 78 tsn32.ex
0020: 65 20 35 2e 31 2e 32 36 e 5.1.26
0028: 30 30 2e 30 20 69 6e 20 00.0 in
0030: 6b 65 72 6e 65 6c 33 32 kernel32
0038: 2e 64 6c 6c 20 35 2e 31 .dll 5.1
0040: 2e 32 36 30 30 2e 32 39 .2600.29
0048: 34 35 20 61 74 20 6f 66 45 at of
0050: 66 73 65 74 20 30 30 30 fset 000
0058: 65 64 66 39 63 edf9c
liviu_lupsor
9 Posts
0
February 4th, 2007 21:00
Event Source: EvtEng
Event Category: None
Event ID: 0
Date: 2/4/2007
Time: 2:43:03 PM
User: N/A
Computer: DBNR9981
Description:
The description for Event ID ( 0 ) in Source ( EvtEng ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
Event Source: RegSrvc
Event Category: None
Event ID: 0
Date: 2/4/2007
Time: 2:43:30 PM
User: N/A
Computer: DBNR9981
Description:
The description for Event ID ( 0 ) in Source ( RegSrvc ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 2/4/2007
Time: 3:02:08 PM
User: N/A
Computer: DBNR9981
Description:
Faulting application HPZipm12.exe, version 9.0.0.0, faulting module kernel32.dll, version 5.1.2600.2945, fault address 0x000edf9c.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 48 50 5a ure HPZ
0018: 69 70 6d 31 32 2e 65 78 ipm12.ex
0020: 65 20 39 2e 30 2e 30 2e e 9.0.0.
0028: 30 20 69 6e 20 6b 65 72 0 in ker
0030: 6e 65 6c 33 32 2e 64 6c nel32.dl
0038: 6c 20 35 2e 31 2e 32 36 l 5.1.26
0040: 30 30 2e 32 39 34 35 20 00.2945
0048: 61 74 20 6f 66 66 73 65 at offse
0050: 74 20 30 30 30 65 64 66 t 000edf
0058: 39 63 9c
Event Source: EAPOL
Event Category: None
Event ID: 2002
Date: 2/4/2007
Time: 2:44:04 PM
User: N/A
Computer: DBNR9981
Description:
The description for Event ID ( 2002 ) in Source ( EAPOL ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: The event log file is corrupt..
Event Source: Application Error
Event Category: None
Event ID: 1001
Date: 2/4/2007
Time: 10:52:34 AM
User: N/A
Computer: DBNR9981
Description:
Fault bucket 321787578.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 33 32 31 37 38 37 35 37 32178757
0010: 38 0d 0a 8..
RKinner
2 Intern
•
5.9K Posts
0
February 4th, 2007 21:00
The following boot-start or system-start driver(s) failed to load:
kl1
Some versions of Kaspersky betas are known to cause some of the kernel32.dll errors in your log.
Do you also have Application errors?
Ron
liviu_lupsor
9 Posts
0
February 4th, 2007 21:00
liviu_lupsor
9 Posts
0
February 4th, 2007 21:00
Scan saved at 6:36:02 PM, on 2/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Liviu\My Documents\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
liviu_lupsor
9 Posts
0
February 4th, 2007 23:00
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 2/4/2007
Time: 7:19:45 PM
User: N/A
Computer: DBNR9981
Description:
The kl1 service failed to start due to the following error:
The system cannot find the file specified.
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 2/4/2007
Time: 7:19:11 PM
User: N/A
Computer: DBNR9981
Description:
The McAfee WSC Integration service failed to start due to the following error:
The system cannot find the file specified.
RKinner
2 Intern
•
5.9K Posts
0
February 5th, 2007 13:00
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
RKinner
2 Intern
•
5.9K Posts
0
February 5th, 2007 13:00
RKinner
2 Intern
•
5.9K Posts
0
February 5th, 2007 16:00
liviu_lupsor
9 Posts
0
February 6th, 2007 21:00
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 2/6/2007
Time: 6:37:38 PM
User: N/A
Computer: DBNR9981
Description:
The kl1 service failed to start due to the following error:
The system cannot find the file specified.
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 2/6/2007
Time: 6:37:35 PM
User: N/A
Computer: DBNR9981
Description:
The following boot-start or system-start driver(s) failed to load:
kl1
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 2/6/2007
Time: 6:26:49 PM
User: N/A
Computer: DBNR9981
Description:
Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.