View Full Version : Computer Runs Slow And Sound Delays
gard9070
2007-06-03, 18:57
I'm not sure what is wrong with my computer but I have a gateway that has an AMD Athlon 64 bit Processor with 1 GB of RAM, processor is 1.78 GHz and I do have service pack 2 installed for windows.
Here is my log from HijackThis - v1.99.1:
Logfile of HijackThis v1.99.1
Scan saved at 12:47:37 PM, on 6/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\VPro610.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7527
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7527
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7527
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7527
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7527
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.kettering.edu:3128
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE" /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [X-Cleaner Freeware] "C:\PROGRA~1\X-CLEA~1\XCleaner_free.exe" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: VProperty.lnk = C:\WINDOWS\VPro610.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gard9070.spaces.live.com//PhotoUpload/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
If you could help me PLEASE DO...my computer is my baby
Hello and welcome to the Forums :)
Let's see...
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.
gard9070
2007-06-05, 13:40
here are the results for kaspersky:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, June 05, 2007 7:37:22 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/06/2007
Kaspersky Anti-Virus database records: 339591
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 215393
Number of viruses found: 4
Number of infected objects: 13 / 0
Number of suspicious objects: 0
Duration of the scan process: 07:23:56
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0A618E26-F44D-4CCB-9B93-595B44EDDC4D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0D74F5FF-5184-4DDF-81A2-1921CEB8F847.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0E1D735D-F277-4067-9B86-1F1DF1A744DE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1111D8BD-B262-41B9-A303-5077FAD89FC0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS11981DAB-69E8-41B5-83ED-FF0778437127.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS16BDBDCD-863E-41EE-AA8A-2A66BFF256B6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1DECD153-6EC9-4AAA-8C86-4469BD30381E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1F7BBE43-FFB8-452F-B183-2C873A88C962.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS22EEF032-C315-40BA-9CB2-5B5F97AE9D89.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS23494218-E05F-4206-887C-D00ABEFF141A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS23C180B0-0B60-4847-9A56-E1E3F827B435.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2808357E-6E77-4C3F-AA65-CD1EB215378B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2B9E928D-5D03-4B39-BAB6-84E7A158FF83.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2F52C963-5F67-45DF-9B43-83A28C937956.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS34179B8E-1DDE-4DE9-AAD2-AB64870A4E57.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3631777A-4FDF-4EA1-B39F-A2F62600D7BE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS37A7BA58-C561-4DE9-9FEF-12C2951C2BDB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS38DC4AA9-8B78-4094-860B-7118D2AA5AFA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3A3A5EAA-BD9A-4AC0-BE4B-830F2FBA7FE4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3EF03875-7014-4ECE-85E6-E1C3DD4B932E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3EFEC8F9-C947-4C4D-BEC2-FDAF00171D99.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS418519BC-7B0D-446F-A8C8-0B9FAD48E4E3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4461F7FD-AA50-4537-8C2A-73AA4784BB44.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS46BAC35E-13BB-4DFF-94A6-D8012F062EF1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS53735AB7-C3B1-4B3E-B404-340C35F7663A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS563D0745-D729-49FB-83DC-FBEEAA48D5F6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS577E5057-136D-494C-94FC-019D3B92E213.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6207D944-CBF1-42F3-8760-940762207AFD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS62553570-1ED7-48E7-B4E7-85EBA55574C8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS685024EC-BEA8-49DD-8E09-DC6CD3F7057B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS692BF454-3053-42BD-A32B-6CC510BADA6F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6A27DD32-F310-4556-8B7E-892A57853367.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6AAC10B7-4720-4471-82C4-3BD07D8D7DD6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6B22D0C9-DCAE-446A-8067-2B31479EC1BA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6BFF752E-AE61-4EA6-A4F5-E0EBEAC77A39.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6E622D33-407E-4A36-83B3-74316A8E4CD5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6FFB3AF0-8097-435C-9C43-3EB5C92C4E9D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS735C9C56-B8E6-451D-8441-31182EE71E5E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS73A71EEC-3DBD-4436-9AFD-909DEA25778F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS75191572-74D8-4654-B479-62EE1096DFC7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7C752CBC-5836-409C-8DC7-22E9DACBBA1A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8123735A-5C00-4E69-AB2D-C3F8CAB15AA0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8E8BA2AA-2136-451E-9C6E-F9C01C68DA45.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS90CFE597-42C4-499E-B97B-E7E1A574BA04.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS931055CE-7EAF-4D97-99F6-6560B5D131E8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS93A32256-4B0B-4C4D-8A84-A5E947ED6D46.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9421E08F-E269-4432-A8DA-BDC0B2D58FEA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS952E0400-1B26-4EA5-AB81-C15335BE03B7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9626CE2A-4BD5-458C-8701-E30BCE32748E.tmp Object is locked skipped
gard9070
2007-06-05, 13:40
here is the rest:
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS96B1790E-5374-4AEC-A1C8-DE2F9840A1CE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS98DEB606-B846-4098-8DCF-D0B262C4401C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS993487BF-5AD9-40DC-83D0-76D3FF1F33A8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9D3ADBEB-7D31-4062-8C36-D09CA30A2C39.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA041F9FD-978A-48FD-B0E5-9647F1BAFC98.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA3FE140D-45BA-4FF4-913E-7B47AC2D49CD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA73C0E58-479E-414D-A080-91F40F5EC518.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA8602882-A3DF-48D8-AB00-F27D1663A9B9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAEA9C9D1-4326-4584-A15B-F4A70DA7E27F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAFB6A1EA-71A6-4753-BB2F-2A53C7F63EA8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB20EDAEB-7881-470F-8B45-25280BCC41F8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBAF09DBE-B757-4E2A-895E-49D7DFCC8CB9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBC2637D8-E1D1-4222-B996-7808A2FD4D46.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBF201988-25FF-4724-97E4-22759F036982.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBF2F42A5-6B16-4EA4-927D-DAD6BE1D482F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBF33818B-5110-4180-9091-5FC1C5B1A6AD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC0DA96D5-0D48-4C81-8F28-AEFDE8C073AD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC4FF0EB3-C80C-42D3-BC82-ADED80692E1F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC5B4C5E6-B0DB-455C-B16D-7933EBD27FFC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC6784214-A591-4EF6-9F1B-685BFFCD6544.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC6870725-51BE-4BEC-A750-D8FA91607940.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC89C279B-61CB-4ED5-A68E-C7F7C8D7FBBF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCB1893AD-4E71-4E27-922A-B37C8411A4F6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD0777F0A-B317-4B46-8B35-010EE816FB5E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD16EBB1D-2D7A-4C92-BA08-3CE95C7ADD72.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD48C2AEA-492D-4D58-BB90-3F698CCFA5E3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD7D1D0E2-49AE-4D06-94F9-4DED35FAF56B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD86581C7-EC2F-41AC-9FD5-1F676E8CE554.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD8BB325B-ECC5-45BB-AA82-DEF2915FE576.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDBA20982-C5F4-463C-BBE7-81A5E0CF061D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE09346B2-4701-4152-BAAD-5C0D305FFD09.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE43B4CCF-B4C2-4EFE-B65E-52778B92FE78.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE53233B0-6F9A-4379-9869-5A83D007739F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE7C69215-1DBC-4F85-9A7E-FDFED9FF3009.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEBA25D10-7A33-4EAE-8119-A55F7E257EA3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEDC59266-4177-4B0A-91E1-BE2A40F03B8D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEFCC6FB3-5254-4DDE-AFB9-C70BED30B86E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF0B264CB-F2B2-4EE5-85DC-6B55E9B1086B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF1BD4299-A9A4-4A2F-B8B4-1BF16B2BCC01.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF5227628-19E8-41B5-98E7-EFCBB166E17F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFB1923A2-104F-4F3D-A63A-4AA30F426779.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFC87A4BB-1818-4082-B98B-F6B141C78783.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8pnw8tiz.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8pnw8tiz.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8pnw8tiz.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8pnw8tiz.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8pnw8tiz.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8pnw8tiz.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8pnw8tiz.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Webroot\Spy Sweeper\Logs\070604125937.ses Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\8pnw8tiz.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\8pnw8tiz.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\8pnw8tiz.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\8pnw8tiz.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007060420070605\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\fla5C6.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Downloads\TorrentQ-2.1.0.0-setup-0350.exe/file02 Infected: not-a-virus:AdWare.Win32.Lop.bo skipped
C:\Documents and Settings\Owner\My Documents\Downloads\TorrentQ-2.1.0.0-setup-0350.exe/file13 Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Owner\My Documents\Downloads\TorrentQ-2.1.0.0-setup-0350.exe Inno: infected - 2 skipped
C:\Documents and Settings\Owner\My Documents\Internet Downloads\DivXInstaller.exe/stream/data0061/product.cab/xpi/components/googletoolbar.dll Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\Documents and Settings\Owner\My Documents\Internet Downloads\DivXInstaller.exe/stream/data0061/product.cab/xpi Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\Documents and Settings\Owner\My Documents\Internet Downloads\DivXInstaller.exe/stream/data0061/product.cab Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\Documents and Settings\Owner\My Documents\Internet Downloads\DivXInstaller.exe/stream/data0061 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\Documents and Settings\Owner\My Documents\Internet Downloads\DivXInstaller.exe/stream Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\Documents and Settings\Owner\My Documents\Internet Downloads\DivXInstaller.exe NSIS: infected - 5 skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-06-04.12-53-05.log Object is locked skipped
C:\Program Files\themexp\Themexp.org File\NNWDAB638.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\TorrentQ\minime.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Program Files\TorrentQ\TorrentManager.dll Infected: not-a-virus:AdWare.Win32.Lop.bo skipped
C:\Program Files\Trend Micro\Antivirus\temp\aubin\AU_Cache\vsapi507.zip Object is locked skipped
C:\Program Files\Trend Micro\Antivirus\temp\aubin\AU_Temp\AU_Down\pattern\vsapi507.zip Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP181\A0043175.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP191\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_AC97 Soft Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{3B395CFE-6408-44DF-93FC-58F5C32F09CA}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{626C358B-7B89-477F-8750-35B488CEA8B6}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\T30DebugLogFile.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP191\change.log Object is locked skipped
Scan process completed.
Ok only a few adware bundled installers...
Please run a GMER Rootkit scan:
Download GMER's application from here:
http://www.gmer.net/gmer.zip
Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.
Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.
Warning ! Please, do not select the "Show all" checkbox during the scan.
gard9070
2007-06-06, 19:20
GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-06-06 13:16:39
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT 86FC7918 ZwAllocateVirtualMemory
SSDT 86FAA468 ZwCreateKey
SSDT 86F5A8B8 ZwCreateProcess
SSDT 86F578B8 ZwCreateProcessEx
SSDT 86FCBD40 ZwCreateThread
SSDT 86FAA3F0 ZwDeleteKey
SSDT 86F5EDA0 ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT 86FA3100 ZwQueueApcThread
SSDT 86FC5918 ZwReadVirtualMemory
SSDT 86F4F870 ZwRenameKey
SSDT 86FA6350 ZwSetContextThread
SSDT 86FA4098 ZwSetInformationKey
SSDT 86F88428 ZwSetInformationProcess
SSDT 86F588D8 ZwSetInformationThread
SSDT 86FCD8B8 ZwSetValueKey
SSDT 86FA3750 ZwSuspendProcess
SSDT 86FDA100 ZwSuspendThread
SSDT 86F5EB58 ZwTerminateProcess
SSDT 86F5B8D8 ZwTerminateThread
SSDT 86FA6108 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.12 ----
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F6D1762C 5 Bytes JMP 86DE5970
? C:\WINDOWS\System32\Drivers\vaxscsi.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\system32\DRIVERS\update.sys
---- User code sections - GMER 1.0.12 ----
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[2516] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 03, FF, C3, 83 ]
.text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2832] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0002FCB0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2832] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0002FEDC C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2832] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0002FCB0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2832] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 0002FE60 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2832] kernel32.dll!VirtualFree 7C809AE4 5 Bytes JMP 0002FEA0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[3832] kernel32.dll!CreateThread
gard9070
2007-06-06, 19:22
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 86F4D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 86F4D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86F4D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 86F4D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 86F4D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 86F4D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 86F4D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 86F4D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 86F4D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 86F4D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 86F4D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 86F4D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 86F4D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 86F4D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 86F4D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 86F4D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 86F4D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 86F4D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 86F4D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 86F4D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 86F4D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 86F4D1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 869E1990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 869E1990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 869E1990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 869E1990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 869E1990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 869E1990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 869E1990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 869E1990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 869E1990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 869E1990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 869E1990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 869E1990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 869E1990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 869E1990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 869E1990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 869E1990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 869E1990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP
gard9070
2007-06-06, 19:23
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 86A01380
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE 86A01308
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE 86A01290
Device \Driver\Tcpip \Device\Ip IRP_MJ_READ 86A01218
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 86A011A0
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 86A01128
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION 869F8020
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA 869F8FA8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 869F8F30
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 869F8EB8
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION 869F8E40
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION 869F8DC8
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL 869F8D50
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL 869F8CD8
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL 869F8C60
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL 869F8BE8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN 869F8B70
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL 869F8AF8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP 869F8A80
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT 869F8A08
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY 869F8990
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY 869F8918
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER 869F88A0
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL 869F8828
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE 869F87B0
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA 869F8738
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA 869F86C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP 869F8648
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 86DE41D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 86DE41D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 86DE41D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DE41D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 86DE41D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 86DE41D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 86DE41D8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CREATE 86DE41D8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CLOSE 86DE41D8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 86DE41D8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DE41D8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_POWER 86DE41D8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 86DE41D8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_PNP
gard9070
2007-06-06, 19:25
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 86F681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 86F681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 86F681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 86F681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 86F681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 86F681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 86F681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 86F681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 86F681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 86F681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 86F681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 86F681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 86F681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 86F681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 86F681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 86F681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 86F681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 86F681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 86F681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 86F681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 86F681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 86F681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 86F681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 86F681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 86F681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 86F681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 86F681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 86F681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 86F681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 86F681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 86F681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 86F681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 86F681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 86F681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 86F681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 86F681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 86F681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 86F681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 86F681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 86F681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 86F681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 86F681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 86F681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP
gard9070
2007-06-06, 19:26
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CREATE 86DCD1D8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CLOSE 86DCD1D8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 86DCD1D8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DCD1D8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_POWER 86DCD1D8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 86DCD1D8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_PNP 86DCD1D8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 86A01380
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE 86A01308
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE 86A01290
Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ 86A01218
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 86A011A0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 86A01128
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION 869F8020
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA 869F8FA8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 869F8F30
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 869F8EB8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION 869F8E40
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION 869F8DC8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL 869F8D50
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL 869F8CD8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL 869F8C60
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL 869F8BE8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN 869F8B70
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL 869F8AF8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP 869F8A80
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT 869F8A08
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY 869F8990
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY 869F8918
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER 869F88A0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL 869F8828
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE 869F87B0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA 869F8738
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA 869F86C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP
gard9070
2007-06-06, 19:30
86F681D8
869F8648
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 86FCE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 86FCE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 86FCE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 86FCE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 86FCE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86FCE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 86FCE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 86FCE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 86FCE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 86FCE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 86FCE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 86FCE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 86FCE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 86FCE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 86FCE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 86FCE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86FCE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 86FCE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 86FCE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 86FCE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 86FCE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 86FCE1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86DC13F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86DC13F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86DC13F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86DC13F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86DC13F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86DC13F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DC13F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86DC13F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86DC13F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86DC13F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86DC13F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86DC13F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86DC13F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86DC13F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86DC13F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86DC13F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86DC13F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DC13F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86DC13F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86DC13F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86DC13F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP
gard9070
2007-06-06, 19:36
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 86A01380
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE 86A01308
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE 86A01290
Device \Driver\Tcpip \Device\RawIp IRP_MJ_READ 86A01218
Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE 86A011A0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION 86A01128
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION 869F8020
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA 869F8FA8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA 869F8F30
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS 869F8EB8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION 869F8E40
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION 869F8DC8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL 869F8D50
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL 869F8CD8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL 869F8C60
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL 869F8BE8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN 869F8B70
Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL 869F8AF8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP 869F8A80
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT 869F8A08
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY 869F8990
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY 869F8918
Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER 869F88A0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL 869F8828
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE 869F87B0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA 869F8738
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA 869F86C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP
gard9070
2007-06-06, 19:37
Device \Driver\usbstor \Device\000000d6 IRP_MJ_CREATE 8694D990
Device \Driver\usbstor \Device\000000d6 IRP_MJ_CLOSE 8694D990
Device \Driver\usbstor \Device\000000d6 IRP_MJ_READ 8694D990
Device \Driver\usbstor \Device\000000d6 IRP_MJ_WRITE 8694D990
Device \Driver\usbstor \Device\000000d6 IRP_MJ_DEVICE_CONTROL 8694D990
Device \Driver\usbstor \Device\000000d6 IRP_MJ_INTERNAL_DEVICE_CONTROL 8694D990
Device \Driver\usbstor \Device\000000d6 IRP_MJ_POWER 8694D990
Device \Driver\usbstor \Device\000000d6 IRP_MJ_SYSTEM_CONTROL 8694D990
Device \Driver\usbstor \Device\000000d6 IRP_MJ_PNP 8694D990
Device \Driver\usbstor \Device\000000d7 IRP_MJ_CREATE 8694D990
Device \Driver\usbstor \Device\000000d7 IRP_MJ_CLOSE 8694D990
Device \Driver\usbstor \Device\000000d7 IRP_MJ_READ 8694D990
Device \Driver\usbstor \Device\000000d7 IRP_MJ_WRITE 8694D990
Device \Driver\usbstor \Device\000000d7 IRP_MJ_DEVICE_CONTROL 8694D990
Device \Driver\usbstor \Device\000000d7 IRP_MJ_INTERNAL_DEVICE_CONTROL 8694D990
Device \Driver\usbstor \Device\000000d7 IRP_MJ_POWER 8694D990
Device \Driver\usbstor \Device\000000d7 IRP_MJ_SYSTEM_CONTROL 8694D990
Device \Driver\usbstor \Device\000000d7 IRP_MJ_PNP 8694D990
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 86DE41D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 86DE41D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 86DE41D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DE41D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 86DE41D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 86DE41D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 86DE41D8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CREATE 86DE41D8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CLOSE 86DE41D8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 86DE41D8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DE41D8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_POWER 86DE41D8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 86DE41D8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_PNP
gard9070
2007-06-06, 19:38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 869E8990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 869E8990
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 86A01380
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE 86A01308
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE 86A01290
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_READ 86A01218
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE 86A011A0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION 86A01128
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION 869F8020
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA 869F8FA8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA 869F8F30
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS 869F8EB8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION 869F8E40
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION 869F8DC8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL 869F8D50
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL 869F8CD8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL 869F8C60
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL 869F8BE8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN 869F8B70
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL 869F8AF8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP 869F8A80
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT 869F8A08
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY 869F8990
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY 869F8918
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER 869F88A0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL
gard9070
2007-06-06, 19:40
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE 869F87B0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA 869F8738
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA 869F86C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP 869F8648
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CREATE 86DCD1D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CLOSE 86DCD1D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 86DCD1D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DCD1D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_POWER 86DCD1D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 86DCD1D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_PNP 86DCD1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 869E8990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 869E8990
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 86FCE1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 86FCE1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 86FCE1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 86FCE1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 86FCE1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 86FCE1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 86FCE1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 86FCE1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 86FCE1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 86FCE1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP
gard9070
2007-06-06, 19:44
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_CREATE 86D85990
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_CLOSE 86D85990
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_DEVICE_CONTROL 86D85990
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D85990
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_POWER 86D85990
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_SYSTEM_CONTROL 86D85990
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_PNP 86D85990
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 86D85990
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_CLOSE 86D85990
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 86D85990
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D85990
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_POWER 86D85990
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 86D85990
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_PNP 86D85990
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 869E1990
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 869E1990
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 869E1990
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 869E1990
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 869E1990
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 869E1990
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 869E1990
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 869E1990
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 869E1990
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 869E1990
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 869E1990
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 869E1990
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 869E1990
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 869E1990
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 869E1990
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 869E1990
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 869E1990
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 869E1990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8679B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8679B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8679B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8679B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8679B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8679B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8679B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 8679B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8679B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8679B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8679B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8679B990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8679B990
---- Files - GMER 1.0.12 ----
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\skatebleeddie@hotmail.com\SharingMetadata\meimeiamaya@hotmail.com\DFSR\Staging\CS{F0E56E7E-977D-FC29-C259-019351DB33E5}\01\10-{F0E56E7E-977D-FC29-C259-019351DB33E5}-v1-{734782BB-2D4C-447B-8C07-FA5613754924}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
---- EOF - GMER 1.0.12 ----
Ok looks pretty good now. How is the computer running?
gard9070
2007-06-07, 01:00
still very slow...it took me literally 5 minutes to turn on my computer from hibernate
gard9070
2007-06-07, 09:32
also my computer lags TONS, it definitely didn't use to. It takes me about 30-40 seconds to open a program when before it took maybe 1 or 2...this is driving me crazy, but I can't clear my hard drive. I have way to much music, movies and important school and work information on it.
Hmm we may run one more scanner just in case...
You should print these instructions or save these to a text file. Follow these instructions carefully.
Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Run a scan with Dr.Web CureIt Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable
After the scan, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot the computer in Normal Mode,
Post the Cure-it report and a fresh HijackThis log
gard9070
2007-06-08, 04:48
Dr. Web Results:
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1;Probably BACKDOOR.Trojan;;
GTDownAO_106.ocx;C:\Program Files\Common Files\AolCoach\en_en;Adware.Gdown;;
NNWDAB638.EXE;C:\Program Files\themexp\Themexp.org File;Adware.NewDotNet;;
minime.exe;C:\Program Files\TorrentQ;Trojan.Swizzor;Deleted.;
A0043175.exe;C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP181;Adware.NewDotNet;;
A0051829.exe;C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP192;Trojan.Swizzor;Deleted.;
_______________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 10:45:15 PM, on 6/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\VPro610.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\HijackThis\HijackThis.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7527
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7527
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7527
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7527
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7527
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.kettering.edu:3128
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE" /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [X-Cleaner Freeware] "C:\PROGRA~1\X-CLEA~1\XCleaner_free.exe" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: VProperty.lnk = C:\WINDOWS\VPro610.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gard9070.spaces.live.com//PhotoUpload/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
gard9070
2007-06-08, 04:49
it still runs very slow...im not sure what else to do...i do get the little red shield when i start up my computer on my toolbar (my mom said it was a virus she had).
Hmm a red shield...
That might be windows security center warning but let's see...
Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.exe) (by S!Ri)
Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)
NOTE: Do not run any other options from SmitfraudFix until I tell you to do so!
gard9070
2007-06-09, 01:39
SmitFraudFix v2.193
Scan done at 19:38:27.26, Fri 06/08/2007
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\VPro610.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom 802.11g Network Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A455A23E-8E55-4E91-8052-7A33E4B85157}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A455A23E-8E55-4E91-8052-7A33E4B85157}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A455A23E-8E55-4E91-8052-7A33E4B85157}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Nothing bad there...
Is the computer still slow? Might not be malware related. please check this list -> Slow computer?? (http://www.castlecops.com/postitle175256-0-0-.html)
Let me know if it helped :bigthumb:
gard9070
2007-06-10, 19:12
no it didn't really help me much...my computer is still pretty slow...and the sound still screws up.
Hmm...
Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
gard9070
2007-06-10, 21:41
Deckard's System Scanner v20070603.47
Run by Owner on 2007-06-10 at 15:24:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
41: 2007-06-10 19:24:46 UTC - RP193 - Deckard's System Scanner Restore Point
40: 2007-06-07 07:58:13 UTC - RP192 - System Checkpoint
39: 2007-06-02 08:07:27 UTC - RP191 - System Checkpoint
38: 2007-05-30 22:37:00 UTC - RP190 - System Checkpoint
37: 2007-05-29 17:18:29 UTC - RP189 - System Checkpoint
-- First Restore Point --
1: 2007-03-10 05:00:04 UTC - RP153 - Removed VLounge
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:32:31 PM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\VPro610.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\HIJACK~1\Owner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7527
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7527
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7527
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7527
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX7527
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.kettering.edu:3128
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE" /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [X-Cleaner Freeware] "C:\PROGRA~1\X-CLEA~1\XCleaner_free.exe" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: VProperty.lnk = C:\WINDOWS\VPro610.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gard9070.spaces.live.com//PhotoUpload/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
-- File Associations -----------------------------------------------------------
.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro TDI Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys
S1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe (file missing)
S3 AMDMSRIO - c:\docume~1\admini~1\locals~1\temp\safe to delete 3_0_4_8\amdmsrio.sys (file missing)
S3 btwhid - c:\windows\system32\drivers\btwhid.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1700>
S3 Cap7134 (SinoVideo PCI 2309 Cap7134 Capture) - c:\windows\system32\drivers\cap7134.sys <Not Verified; Philips Semiconductors; Philips cap7134>
S3 EMCFILT (Alcor Micro Corp for Emachine- 9361) - c:\windows\system32\drivers\emcfilt.sys <Not Verified; Alcor Micro Corp.; emcfilt>
S3 PhTVTune (SinoVideo WDM TVTuner) - c:\windows\system32\drivers\silicon.sys <Not Verified; Philips Semiconductors; Philips TVTuner WDM Driver>
S3 SNPSTD3 (USB PC Camera (SNPSTD3)) - c:\windows\system32\drivers\snpstd3.sys <Not Verified; ; PC Camera driver>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Tmntsrv (Trend NT Realtime Service) - "c:\program files\trend micro\antivirus\tmntsrv.exe" <Not Verified; Trend Micro Incorporated.; Trend Pc-cillin 11>
R2 tmproxy (Trend Micro Proxy Service) - c:\program files\trend micro\antivirus\tmproxy.exe <Not Verified; Trend Micro Incorporated.; Trend Pc-cillin 11>
S4 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" (file missing)
S4 Unigraphics License Server (uglmd) - "c:\program files\ugs\license servers\ugnxflexlm\lmgrd.exe" <Not Verified; Macrovision Corporation; >
-- Scheduled Tasks -------------------------------------------------------------
2007-06-03 20:52:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-07-12 19:15:56 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 2.job
-- Files created between 2007-05-10 and 2007-06-10 -----------------------------
2007-06-08 19:38:31 2918 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-08 19:38:12 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-06-08 19:38:12 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-08 19:38:11 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-06-07 15:12:54 0 d-------- C:\Documents and Settings\Owner\DoctorWeb
2007-06-04 17:00:06 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-03 12:46:00 0 d-------- C:\HijackThis
2007-05-28 19:30:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
-- Find3M Report ---------------------------------------------------------------
2007-06-08 19:52:45 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2007-06-07 17:10:48 0 d-------- C:\Program Files\TorrentQ
2007-06-06 23:44:43 0 d-------- C:\Documents and Settings\Owner\Application Data\IMVU
2007-06-03 23:30:20 0 d-------- C:\Program Files\IMVU
2007-05-16 02:12:18 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2007-05-09 22:39:18 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-05-09 14:48:22 0 d-------- C:\Program Files\Lavasoft
2007-05-09 14:47:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-08 22:23:36 0 d-------- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2007-05-08 18:57:04 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-05-07 01:03:30 0 d-------- C:\Program Files\ChrisTV Online
2007-05-07 00:56:23 0 d-------- C:\Program Files\Winamp
2007-04-24 18:17:09 0 d-------- C:\Documents and Settings\Owner\Application Data\MusicIP
2007-04-22 22:29:34 0 d-------- C:\Program Files\Microsoft Games
2007-04-22 21:48:59 0 d-------- C:\Program Files\UGS
2007-04-18 22:18:02 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore
2007-04-18 22:17:20 0 d-------- C:\Program Files\AIM6
2007-04-18 22:15:41 0 d-------- C:\Program Files\Common Files\AOL
2007-04-18 22:15:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2007-04-17 19:32:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-16 18:28:21 0 d-------- C:\Program Files\Microsoft.NET
2007-04-12 14:42:43 0 d-------- C:\Program Files\Viewpoint
2007-04-01 18:57:18 2528 --a------ C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
2007-03-31 21:56:43 117094 --a------ C:\WINDOWS\hpoins11.dat
gard9070
2007-06-10, 21:43
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\Program Files\Yahoo!\Common\yiesrvc.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} c:\windows\system32\BAE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"SynTPLpr"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\""
"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"MSKDetectorExe"="\"C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe\" /uninstall"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Antivirus\\pccguide.exe\""
"PCClient.exe"="\"C:\\Program Files\\Trend Micro\\Antivirus\\PCClient.exe\""
"TM Outbreak Agent"="\"C:\\Program Files\\Trend Micro\\Antivirus\\TMOAgent.exe\" /run"
"EPSON Stylus C42 Series"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC1.EXE\" /P23 \"EPSON Stylus C42 Series\" /O6 \"USB001\" /M \"Stylus C42\""
"snpstd3"="C:\\WINDOWS\\vsnpstd3.exe"
"UserFaultCheck"="C:\\WINDOWS\\system32\\dumprep 0 -u"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"X-Cleaner Freeware"="\"C:\\PROGRA~1\\X-CLEA~1\\XCleaner_free.exe\" -turbo -autostart -NOREBOOT"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="NA"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Bluetooth.lnk"
"backup"="C:\\WINDOWS\\pss\\Bluetooth.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Belkin\\BLUETO~1\\BTTray.exe "
"item"="Bluetooth"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Photosmart Premier Fast Start.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Photosmart Premier Fast Start.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
"item"="HP Photosmart Premier Fast Start"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\OpenOffice.org 2.0.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 2.0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim6"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="atiptaxx.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wcescomm"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="%WINDIR%\\SMINST\\RECGUARD.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Remind_XP"
"hkey"="HKLM"
"command"="%WINDIR%\\Creator\\Remind_XP.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKist]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="shwicon2k"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Digital Media Reader\\shwicon2k.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Winamp\\winampa.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SchSvr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InterVideo\\SchSvr\\SchSvr.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Unigraphics License Server (uglmd)"=dword:00000002
"StyleXPService"=dword:00000002
"STI Simulator"=dword:00000002
"PrismXL"=dword:00000002
"Pml Driver HPZ12"=dword:00000002
"ose"=dword:00000003
"iPod Service"=dword:00000003
"btwdins"=dword:00000002
"ATI Smart"=dword:00000002
"Ati HotKey Poller"=dword:00000002
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H]
Shell\AutoRun\command H:\LaunchU3.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a779a0e-86fe-11db-b8ed-0014a55ccdd7}]
Shell\AutoRun\command F:\Installer.exe
-- End of Deckard's System Scanner: finished at 2007-06-10 at 15:33:31 ---------
gard9070
2007-06-10, 21:43
Deckard's System Scanner v20070603.47
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Mobile AMD Athlon(tm) 64 Processor 4000+
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 1022.11 MiB / 393.6 MiB
Pagefile Memory (total/avail): 2457.13 MiB / 1927.76 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1974.85 MiB
C: is Fixed (NTFS) - 107.73 GiB total, 10.49 GiB free.
D: is Fixed (FAT32) - 4.04 GiB total, 1.37 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: Spy Sweeper with AntiVirus v5.3.1.2344 (Webroot Software Inc)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1152744493\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1152744493\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Valve\\Steam\\steamapps\\deathripper82088\\counter-strike source\\hl2.exe"="C:\\Valve\\Steam\\steamapps\\deathripper82088\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"="C:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe:*:Enabled:Fireworks MX"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Documents and Settings\\Owner\\My Documents\\Unreal Tournament\\System\\UnrealTournament.exe"="C:\\Documents and Settings\\Owner\\My Documents\\Unreal Tournament\\System\\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\\Documents and Settings\\Owner\\My Documents\\Internet Downloads\\putty.exe"="C:\\Documents and Settings\\Owner\\My Documents\\Internet Downloads\\putty.exe:*:Enabled:putty"
"C:\\Documents and Settings\\Owner\\My Documents\\Internet Downloads\\WoW-Intro-enUS-downloader.exe"="C:\\Documents and Settings\\Owner\\My Documents\\Internet Downloads\\WoW-Intro-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Owner\\My Documents\\Internet Downloads\\wowclient-downloader.exe"="C:\\Documents and Settings\\Owner\\My Documents\\Internet Downloads\\wowclient-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\myTunes Redux\\mDNSResponder.exe"="C:\\Program Files\\myTunes Redux\\mDNSResponder.exe:*:Enabled:mDNSResponder"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Nevo\\NevoMedia Server\\NevoMediaServer.exe"="C:\\Program Files\\Nevo\\NevoMedia Server\\NevoMediaServer.exe:*:Enabled:NevoMedia Server 2.0"
"C:\\Program Files\\Nevo\\NevoMedia Player\\NevoMediaPlayer.exe"="C:\\Program Files\\Nevo\\NevoMedia Player\\NevoMediaPlayer.exe:*:Enabled:NevoMedia Player 2.0"
"C:\\Documents and Settings\\Owner\\My Documents\\Downloads\\utorrent.exe"="C:\\Documents and Settings\\Owner\\My Documents\\Downloads\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\UGS\\NX 3.0\\UGII\\ugraf.exe"="C:\\Program Files\\UGS\\NX 3.0\\UGII\\ugraf.exe:*:Enabled:NX Component"
"C:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"="C:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BRIANSLAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\BRIANSLAPTOP
MIGO_DRIVE=I
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\SSH Communications Security\SSH Secure Shell
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2402
ProgramFiles=C:\Program Files
PROMPT=$P$G
P_SCHEMA=C:\Program Files\Solid Edge V17\etc\UGSchemas
QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
UGII_BASE_DIR=C:\Program Files\UGS\NX 3.0\
UGII_CAST=C:\PROGRA~1\UGS\NX3~1.0\ugcast\castonly.bat
UGII_CAST_HOME=C:\Program Files\UGS\NX 3.0\ugcast\html\start.html
UGII_FLEX_BUNDLE=ACD
UGII_LANG=english
UGII_LICENSE_FILE=27000@megalaxy.kettering.edu
UGII_ROOT_DIR=C:\Program Files\UGS\NX 3.0\UGII\
USERDOMAIN=BRIANSLAPTOP
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
gard9070
2007-06-10, 21:44
-- User Profiles ---------------------------------------------------------------
Owner (admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6504C153-A24C-4C10-A5B6-FE5CEF9141D9}\Setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Age of Mythology --> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
Age of Mythology - The Titans Expansion --> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTXP.EXE" /runtemp /addremove
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ArcSoft WebCam Companion 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41D01A7-2A32-415B-9DFC-7A83820956CF}\setup.exe" -l0x9
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver (Omega 3.8.252) --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.4 --> "C:\Program Files\Audacity\unins000.exe"
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
Belkin Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
BitTorrent 5.0.3 --> "C:\Program Files\BitTorrent\uninstall.exe"
Browser Address Error Redirector --> regsvr32 /u /s "c:\windows\system32\BAE.dll"
CLIE MS SCSI Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB6D0A87-77BA-4083-85D1-D07604B3FAD7}\setup.exe" UNINSTALL
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -IARI2045A.INF
Counter-Strike: Condition Zero --> C:\Valve\CONDIT~1\UNWISE.EXE C:\Valve\CONDIT~1\INSTALL.LOG
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A607AC66-0C76-4519-9751-E12A93BF8EB2}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Solution --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Dynex Webcam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\Setup.exe" -l0x9
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
GTK+ 2.8.18-1 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\unins000.exe"
h5400 BT Driver Update Build 58 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFE67139-5FD3-4F4A-9630-E006362D9C50}\Setup.exe"
h5400_h5500 WLAN Driver 133_Eng --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E4420721-C2C4-49BA-ADFB-AE25F36B2E38}\Setup.exe"
HijackThis 1.99.1 --> C:\Documents and Settings\Owner\Desktop\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IMVU Avatar Chat Software --> C:\Program Files\IMVU\Uninstall.exe
InterVideo WinDVR 3 --> "C:\Program Files\InstallShield Installation Information\{6BF4613C-0A46-43AA-8FA8-0CB9F2C1A548}\setup.exe" REMOVEALL
iPAQ WLAN Firmware Update --> MsiExec.exe /I{4B466016-9535-4643-ACEB-26BB4CB693DD}
iPod Video Converter 3 --> C:\Program Files\Xilisoft\iPod Video Converter 3\Uninstall.exe
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Calculator Plus --> MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mold Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8146E958-319D-4A20-949E-4D589C708D17}\Setup.exe" -uninst
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (1.5.0.11) --> C:\PROGRA~1\MOZILL~1\uninstall\uninstall.exe /ua "1.5.0.11 (en-US)"
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MS Export --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15EE1439-3B90-4DA6-A4FD-3BF23E830C25}\setup.exe" UNINSTALL
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
myTunes Redux 1.0 --> "C:\Program Files\myTunes Redux\unins000.exe"
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
NX 3 --> MsiExec.exe /I{9D180A76-C05F-4064-94B1-069E6EEEA5EF}
NX 3 CAST --> MsiExec.exe /I{178739AE-5C84-49C5-968C-DFFE7C0B2F83}
NX 3 FLEXlm --> MsiExec.exe /X{440701AA-4602-409C-8CC3-5BB9D2F11A91}
NX 3.0 Documentation --> MsiExec.exe /I{7563C9ED-2A3A-4B61-A337-636C88B59B75}
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OpenOffice.org 2.0 --> MsiExec.exe /I{686BB230-DE5B-44F4-8DB0-4F9BEE7310F7}
Pocket PC Connection Wizard --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft ActiveSync\cmdtwiz.isu"
Power2Go 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Progressive Die Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83ADC38E-79D5-4A5D-94E1-6DBAC591B4E7}\Setup.exe" -uninst
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Radeon Omega Drivers v3.8.252 Setup Files and Tools --> "C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe" "/U:C:\Program Files\Radeon Omega Drivers\v3.8.252\Omega Uninstall.xml"
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Scheduler 2 --> "C:\Program Files\Scheduler\uninstall.exe"
Skype 3.1 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SmartFTP Client 2.0 --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_2045161F\HXFSETUP.EXE -U -Iari2045k.inf
Solid Edge V17 --> MsiExec.exe /I{3036EFC0-226E-455E-A757-E12518E6443B}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sound Effects --> "C:\PROGRA~1\Freeze.com\Sound Effects\UNINSTAL.EXE"
SPC 610NC Laptop Camera --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{E66653A2-2B5C-4909-B71E-218164336960} /l1033
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SSH Secure Shell --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
Steam --> C:\Valve\Steam\UNWISE.EXE C:\Valve\Steam\INSTALL.LOG
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TorrentQ version 2.1.0.0 --> "C:\Program Files\TorrentQ\unins000.exe"
Trend Micro Antivirus --> MsiExec.exe /X{3ACF3AF1-8DBC-4EFB-AF03-37E212DDA83C}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Video Converter 3 --> C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Live Messenger --> MsiExec.exe /I{7A837109-E671-470D-B489-F1EBE471D220}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Working Model --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WorkingModel\Uninst.isu"
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
X-Cleaner Freeware --> C:\PROGRA~1\X-Cleaner\UNWISE.EXE C:\PROGRA~1\X-Cleaner\INSTALL.LOG
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-- End of Deckard's System Scanner: finished at 2007-06-10 at 15:33:31 ---------
Hmm nothing bad there.
The thing that we could try is to disable the realtime protections from your 3 antispyware programs (these can slow the computer)
So disable the realtime protections from SpySweeper, X-Cleaner Freeware and disable also SpybotSD TeaTimer
Restart the computer and see if it runs any faster :bigthumb:
This topic has been moved to archives to prevent others with similar issues posting to it.
If you need the thread re-opened, please send me a private message (pm) and provide a link.
Applies only to the original poster, anyone else with similar problems please start your own topic.
Thank you Mr_JAk3.