Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Too Slow When Using A Browser


  • This topic is locked This topic is locked
4 replies to this topic

#1 netdude

netdude

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 06 May 2008 - 12:04 PM

cpu usage becomes 100% when i start the browser (Internet Explorer or Mozilla Firefox)

Deckard's System Scanner v20071014.68
Run by amar on 2008-05-05 09:59:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
91: 2008-05-05 16:59:56 UTC - RP727 - Deckard's System Scanner Restore Point
90: 2008-05-04 23:16:09 UTC - RP726 - System Checkpoint
89: 2008-05-03 22:56:39 UTC - RP725 - System Checkpoint
88: 2008-05-02 22:54:16 UTC - RP724 - Installed TestDrive Client.
87: 2008-05-01 22:56:21 UTC - RP723 - System Checkpoint


-- First Restore Point --
1: 2008-02-06 03:40:33 UTC - RP637 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as amar.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:53 AM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\amar\Desktop\dss.exe
C:\DOCUME~1\amar\Desktop\amar.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} (Loader Class v2) - http://pkdw0051l.corp.intranet/tdbin/Spider80.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/27.38/uploader2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://callidussoftware.webex.com/client/T...bex/ieatgpc.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup161.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NobleNet Portmapper for TCP - Unknown owner - C:\Program Files\Actuate8\iServer/bin/portserv.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\bin\omtsreco.exe
O23 - Service: Oracleora92Agent - Oracle Corporation - C:\oracle\bin\agntsrvc.exe
O23 - Service: Oracleora92ClientCache - Unknown owner - C:\oracle\BIN\ONRSD.EXE
O23 - Service: Oracleora92HTTPServer - Unknown owner - C:\oracle\Apache\Apache\apache.exe
O23 - Service: Oracleora92PagingServer - Unknown owner - C:\oracle/bin/pagntsrv.exe
O23 - Service: Oracleora92SNMPPeerEncapsulator - Unknown owner - C:\oracle\BIN\ENCSVC.EXE
O23 - Service: Oracleora92SNMPPeerMasterAgent - Unknown owner - C:\oracle\BIN\AGNTSVC.EXE
O23 - Service: Oracleora92TNSListener - Unknown owner - C:\oracle\BIN\TNSLSNR.exe
O23 - Service: OracleServiceORA92 - Oracle Corporation - c:\oracle\bin\ORACLE.EXE
O23 - Service: Informatica Repository Server (PmRepServer) - Unknown owner - C:\Program Files\Informatica PowerCenter 7.1.1\RepositoryServer\bin\pmrepserver.exe
O23 - Service: Informatica (Powermart) - Unknown owner - C:\Program Files\Informatica PowerCenter 7.1.1\Server\bin\pmserver.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Actuate Process Management Daemon 8 (__AC_PROCESS_MGMT_DAEMON8) - Actuate Corporation - C:\PROGRA~1\Actuate8\iServer\bin\pmd8.exe

--
End of file - 8852 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel® Wireless LAN Packet Driver>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 IPSECSHM (Nortel IPSECSHM Adapter) - c:\windows\system32\drivers\ipsecw2k.sys (file missing)
S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel® iQVW32.SYS>
S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - c:\windows\system32\drivers\symim.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RegSrvc - c:\windows\system32\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>

S3 __AC_PROCESS_MGMT_DAEMON8 (Actuate Process Management Daemon 8) - "c:\progra~1\actuate8\iserver\bin\pmd8.exe" <Not Verified; Actuate Corporation; Actuate Reporting System>
S3 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
S3 NobleNet Portmapper for TCP - c:\program files\actuate8\iserver/bin/portserv.exe tcp
S3 OracleMTSRecoveryService - c:\oracle\bin\omtsreco.exe "oraclemtsrecoveryservice" <Not Verified; Oracle Corporation; Oracle MTS Recovery Service>
S3 Oracleora92Agent - c:\oracle\bin\agntsrvc.exe <Not Verified; Oracle Corporation; >
S3 Oracleora92ClientCache - c:\oracle\bin\onrsd.exe
S3 Oracleora92HTTPServer - "c:\oracle\apache\apache\apache.exe" --ntservice
S3 Oracleora92PagingServer - c:\oracle/bin/pagntsrv.exe
S3 Oracleora92SNMPPeerEncapsulator - c:\oracle\bin\encsvc.exe
S3 Oracleora92SNMPPeerMasterAgent - c:\oracle\bin\agntsvc.exe
S3 Oracleora92TNSListener - c:\oracle\bin\tnslsnr (file missing)
S3 OracleServiceORA92 - c:\oracle\bin\oracle.exe ora92 <Not Verified; Oracle Corporation; >
S3 PmRepServer (Informatica Repository Server) - "c:\program files\informatica powercenter 7.1.1\repositoryserver\bin\pmrepserver.exe"
S3 Powermart (Informatica) - "c:\program files\informatica powercenter 7.1.1\server\bin\pmserver.exe"


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: O2Micro SmartCardBus_Reader
Device ID: PCMCIA\O2MICRO-SMARTCARDBUS_READER-2E10\1
Manufacturer:
Name: O2Micro SmartCardBus_Reader
PNP Device ID: PCMCIA\O2MICRO-SMARTCARDBUS_READER-2E10\1
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_4C21134D&REV_01\3&61AAA01&0&FE
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_4C21134D&REV_01\3&61AAA01&0&FE
Service:


-- Files created between 2008-04-05 and 2008-05-05 -----------------------------

2008-05-02 15:54:42 0 d-------- C:\Documents and Settings\amar\Application Data\ICAClient
2008-05-02 15:54:18 0 d-------- C:\Program Files\Runaware
2008-04-22 19:39:13 0 d-------- C:\Documents and Settings\amar\Application Data\Uniblue
2008-04-19 20:33:32 0 d-------- C:\Program Files\Shutterfly
2008-04-12 10:41:32 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-04-11 06:24:42 0 d-------- C:\Program Files\Citrix
2008-04-09 21:06:45 0 d-------- C:\Documents and Settings\amar\Application Data\skypePM
2008-04-09 21:06:45 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-09 21:03:53 0 d-------- C:\Program Files\Skype
2008-04-09 21:03:52 0 d-------- C:\Program Files\Common Files\Skype
2008-04-06 12:55:37 0 d-------- C:\Documents and Settings\amar\.housecall6.6 <HOUSEC~1.6>


-- Find3M Report ---------------------------------------------------------------

2008-05-04 15:20:37 0 d-------- C:\Program Files\Quest Software
2008-04-26 19:02:30 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-26 18:50:45 0 d-------- C:\Program Files\Common Files
2008-04-15 20:25:48 0 d-------- C:\Documents and Settings\amar\Application Data\Google
2008-04-15 08:00:12 0 d-------- C:\Documents and Settings\amar\Application Data\Skype
2008-04-13 19:28:31 0 d-------- C:\Program Files\Common Files\SupportSoft
2008-04-12 10:47:31 0 d-------- C:\Program Files\ComcastToolbar
2008-03-30 18:35:11 0 d-------- C:\Documents and Settings\amar\Application Data\Real
2008-03-29 18:22:39 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-29 18:22:18 0 d-------- C:\Program Files\Common Files\Real
2008-03-26 19:23:23 1158 --a------ C:\WINDOWS\mozver.dat
2008-03-26 19:00:31 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-26 18:59:45 0 d-------- C:\Documents and Settings\amar\Application Data\Mozilla
2008-02-20 19:05:44 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-20 19:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-20 19:04:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-20 19:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-20 19:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-02-20 19:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-02-20 19:04:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-02-20 19:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/29/2008 06:21 PM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 05:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/02/2007 04:03 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 06:43 PM]
"GoToMeeting"="C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe" [04/11/2008 06:24 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll 07/05/2005 12:33 AM 188482 C:\WINDOWS\system32\LgNotify.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\BitTorrent_DNA\dna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
"C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
"C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZCfgSvc.exe]
C:\WINDOWS\system32\ZCfgSvc.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06a31d93-e1e6-11db-bdc2-444553544200}]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74a89199-e379-11db-bdc7-444553544200}]
AutoRun\command- E:\LaunchU3.exe -a




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8002 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-05 10:09:16 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1300MHz
Percentage of Memory in Use: 38%
Physical Memory (total/avail): 1279.23 MiB / 785.89 MiB
Pagefile Memory (total/avail): 3052.34 MiB / 2759.8 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.51 MiB

C: is Fixed (NTFS) - 55.85 GiB total, 18.16 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - FUJITSU MHT2060AT PL - 55.89 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 55.85 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\amar\Application Data
CLASSPATH=C:\Program Files\NCR\TeraJDBC\classes\terajdbc4.jar;C:\Program Files\NCR\TeraJDBC\classes\log4j.jar;C:\Program Files\NCR\TeraJDBC\classes\gui.jar;
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=AMARNATH
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\amar
ICU_DATA=C:\WINDOWS\system32\
JSERV=C:\oracle/Apache/Jserv/conf
LOGONSERVER=\\AMARNATH
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\oracle\jre\1.4.2\bin\client;C:\oracle\jre\1.4.2\bin;C:\oracle\bin;C:\Program Files\Oracle\jre\1.3.1\bin;C:\Program Files\Oracle\jre\1.1.8\bin;C:\oracle\product\10.2.0\db_1\bin;C:\oracle\product\10.2.0\db_2\bin;C:\Program Files\NCR\Teradata Warehouse Builder\bin;C:\Program Files\NCR\Teradata Client\Bin\;C:\Program Files\NCR\Teradata Client\\Bin;C:\Program Files\NCR\Teradata Client\Bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\gs\gs8.54\bin;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\NCR\TeraJDBC\bin;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PERL5LIB=C:\oracle\product\10.2.0\db_1\perl\5.8.3\lib\MSWin32-x86;C:\oracle\product\10.2.0\db_1\perl\5.8.3\lib;C:\oracle\product\10.2.0\db_1\perl\5.8.3\lib\MSWin32-x86;C:\oracle\product\10.2.0\db_1\perl\site\5.8.3;C:\oracle\product\10.2.0\db_1\perl\site\5.8.3\lib;C:\oracle\product\10.2.0\db_1\sysman\admin\scripts;C:\oracle\product\10.2.0\db_2\perl\5.8.3\lib\MSWin32-x86;C:\oracle\product\10.2.0\db_2\perl\5.8.3\lib;C:\oracle\product\10.2.0\db_2\perl\5.8.3\lib\MSWin32-x86;C:\oracle\product\10.2.0\db_2\perl\site\5.8.3;C:\oracle\product\10.2.0\db_2\perl\site\5.8.3\lib;C:\oracle\product\10.2.0\db_2\sysman\admin\scripts;
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_15\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\amar\LOCALS~1\Temp
TMP=C:\DOCUME~1\amar\LOCALS~1\Temp
USERDOMAIN=AMARNATH
USERNAME=amar
USERPROFILE=C:\Documents and Settings\amar
windir=C:\WINDOWS
WV_GATEWAY_CFG=C:\oracle\Apache\modplsql\cfg\wdbsvr.app


-- User Profiles ---------------------------------------------------------------

amar (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Actuate e.Report Designer 8 --> C:\WINDOWS\system32\ACUNIN~1.EXE -p "C:\Program Files\Actuate8\eRD\AcUninst.txt"
Actuate e.Report Designer Professional 8 --> C:\WINDOWS\system32\ACUNIN~1.EXE -p "C:\Program Files\Actuate8\eRDPro\AcUninst.txt"
Actuate iServer 8 --> C:\WINDOWS\system32\ACUNIN~1.EXE -p "C:\Program Files\Actuate8\iServer\AcUninst.txt"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Andhravaani Music --> C:\WINDOWS\iun6002.exe "C:\Program Files\Andhravaani Music\irunin.ini"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\Setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audio Browser --> C:\Program Files\ITS\Audio Browser\Uninst.exe /pid:{F4F8BF8F-4147-41AD-B3EB-9EB54F5CAB89} /asd
BEA WebLogic Platform 8.1 --> "C:\bea\weblogic81\uninstall\uninstall.cmd"
Benthic Software: Golden --> "C:\Program Files\Benthic\unins000.exe"
Benthic Software: PLEdit --> "C:\Program Files\Benthic\unins001.exe"
BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x9
Broadcom Gigabit Integrated Controller --> MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Callidus Portal --> "C:\Callidus\UninstallCallidus Portal\Uninstall Callidus Portal.exe"
Canon CanoScan Toolbox 4.9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x9 anything
Canon ScanGear Starter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x9 anything
Comcast High-Speed Internet Install Wizard --> C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
EPSON Printer Software --> C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}
GMail Drive Shell Extension --> rundll32.exe C:\WINDOWS\system32\ShellExt\GMailFS.dll,Uninstall C:\WINDOWS\system32\ShellExt\GMailFS.inf
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GoToMeeting/GoToWebinar 3.0.0.198 --> C:\Program Files\Citrix\GoToMeeting\198\G2MUninstall.exe /uninstall
HijackThis 2.0.2 --> "C:\Documents and Settings\amar\Desktop\HijackThis.exe" /uninstall
Informatica PowerCenter 7.1.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2799A56-3816-11D7-88A2-005004B0D711}\setup.exe" -l0x9
Intel® PROSet --> MsiExec.exe /I{b697396d-4bff-430d-9578-8aa5a549777a}
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java 2 Runtime Environment, SE v1.4.2_15 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142150}
Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java™ SE Development Kit 6 Update 2 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160020}
Korean Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5670-0000-800000000003}
Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech QuickCam Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Manual CanoScan LiDE 60 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B72D50-1C7E-491C-8086-9E060051D316}\setup.exe" -l0x9
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Oracle Data Provider for .NET Help --> MsiExec.exe /I{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}
PaperPort --> MsiExec.exe /I{71C97545-E547-4A8B-B0C8-61FF853270AC}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
SAP Front End --> "C:\WINDOWS\SAPwksta\setup\sapsetup.exe" /uninstall
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shutterfly Plugin --> C:\PROGRA~1\SHUTTE~1\UNWISE.EXE C:\PROGRA~1\SHUTTE~1\INSTALL.LOG
Skype 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
SopCast 2.0.4 --> C:\Program Files\SopCast\uninst.exe
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{1707BF02-0F5C-4A6C-8F17-053BB73E443F}
Teradata SQL Assistant 6.1 --> MsiExec.exe /I{12BAB8DD-A3D8-4D4F-9202-38D0F752143D}
TestDrive Client --> MsiExec.exe /X{36C9E08A-BE2B-40A0-83C5-576748F7B777}
TextPad 4.7 --> MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715}
TrueComp 5.1.4 --> "C:\Callidus\UninstallerTrueComp 5.1.4\Uninstall TrueComp 5.1.4.exe"
VideoLAN VLC media player 0.8.4a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth 3D (Beta) --> MsiExec.exe /I{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Live Toolbar --> MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinSCP 3.8.2 --> "C:\Program Files\WinSCP3\unins000.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Photos Easy Upload Tool --> C:\Program Files\Yahoo!\Common\ydropper_uninst.exe /ylog=C:\PROGRA~1\Yahoo!\Photos\Uploader\install.log
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type10123 / Error
Event Submitted/Written: 05/05/2008 08:46:13 AM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type10122 / Error
Event Submitted/Written: 05/05/2008 08:46:13 AM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type10118 / Error
Event Submitted/Written: 05/04/2008 09:17:26 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type10117 / Error
Event Submitted/Written: 05/04/2008 09:17:26 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type10113 / Error
Event Submitted/Written: 05/04/2008 06:51:06 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type24450 / Error
Event Submitted/Written: 05/05/2008 08:52:15 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type24440 / Error
Event Submitted/Written: 05/05/2008 08:46:18 AM
Event ID/Source: 7024 / Service Control Manager
Event Description:
The Routing and Remote Access service terminated with service-specific error 711 (0x2C7).

Event Record #/Type24439 / Error
Event Submitted/Written: 05/05/2008 08:46:18 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Event Record #/Type24438 / Error
Event Submitted/Written: 05/05/2008 08:46:18 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error:
%%1058

Event Record #/Type24437 / Error
Event Submitted/Written: 05/05/2008 08:46:13 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2008-05-05 10:09:16 ------------

BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:01 PM

Posted 29 May 2008 - 11:13 AM

Hello netdude,

Welcome to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 netdude

netdude
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 29 May 2008 - 11:24 AM

Hi Tea,

Thanks!!!

Here is the new hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:30 AM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Mercury\QUALIT~1\jboss\bin\QCJavaService.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlagent.EXE
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mercury Interactive\QuickTest Professional\bin\QTPro.exe
C:\WINDOWS\hh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\amar\Desktop\HiJackThis.exe

O2 - BHO: BHOManager Class - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\system32\BHOManager.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} (Loader Class v3) - http://amarnath:8080/qcbin/Spider90.ocx
O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll (file missing)
O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Mercury Quality Center - Alexandria Software Consulting - C:\PROGRA~1\Mercury\QUALIT~1\jboss\bin\QCJavaService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Informatica Repository Server (PmRepServer) - Unknown owner - C:\Program Files\Informatica PowerCenter 7.1.1\RepositoryServer\bin\pmrepserver.exe
O23 - Service: Informatica (Powermart) - Unknown owner - C:\Program Files\Informatica PowerCenter 7.1.1\Server\bin\pmserver.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Actuate Process Management Daemon 8 (__AC_PROCESS_MGMT_DAEMON8) - Actuate Corporation - C:\PROGRA~1\Actuate8\iServer\bin\pmd8.exe

--
End of file - 3085 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:01 PM

Posted 29 May 2008 - 11:35 AM

Hello,

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:01 PM

Posted 15 June 2008 - 02:47 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users