johnmuoio
2009-04-21, 19:15
I just upgraded to 1.6.2, no immunizer on XP Service Pack 3 and had to cancel my scan before it got started. It has been unloading registry hives for 30 minutes, at least. Any suggestions here? Hate to kill these sorts of processes, but there doesn't seem to be any CPU or I/O activity on the process whatsoever.
Below is a snapshot of process and thread activity at the time, from the bottom up are details about the spybot process. Maybe this will be of help in diagnosis.
In case you need to know, Spybot is the only application I ran, system has 1GB of memory, and there haven't been any virtual memory issues to date on the machine.
John
Process PID CPU Description Company Name
System Idle Process 0 82.09
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 860 Windows NT Session Manager Microsoft Corporation
csrss.exe 912 Client Server Runtime Process Microsoft Corporation
winlogon.exe 936 Windows NT Logon Application Microsoft Corporation
services.exe 980 1.49 Services and Controller app Microsoft Corporation
lsass.exe 992 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 3840 Windows Explorer Microsoft Corporation
SPMgr.exe 2500 SPM Module Sony Corporation
Apoint.exe 436 Alps Pointing-device Driver Alps Electric Co., Ltd.
mcvsshld.exe 1052 McAfee VirusScan ActiveShield Resource McAfee, Inc.
oasclnt.exe 2892 McAfee VirusScan OAS Client McAfee, Inc.
mcagent.exe 1864 McAfee SecurityCenter Agent McAfee, Inc
MpfTray.exe 3056 McAfee Personal Firewall Tray Monitor McAfee Security
mscifapp.exe 3112 McAfee Privacy Service McAfee, Inc.
MSKAgent.exe 3132 McAfee SpamKiller Agent Interface module McAfee Inc.
hpztsb09.exe 3244 HP
VAIOUpdt.exe 2672 VAIO Update Sony Corporation
rundll32.exe 2668 Run a DLL as an App Microsoft Corporation
apdproxy.exe 3356 Adobe Photoshop Album Starter Edition 3.2 component Adobe Systems Incorporated
AppleSyncNotifier.exe 3876 AppleSyncNotifier Apple Inc.
hkcmd.exe 3444 hkcmd Module Intel Corporation
HKServ.exe 2136 Sony Corporation
ipoint.exe 3500 IPoint.exe Microsoft Corporation
WDBtnMgr.exe 3656 WD Button Manager Western Digital Technologies, Inc.
iTunesHelper.exe 3716 iTunesHelper Module Apple Inc.
msmsgs.exe 3724 Windows Messenger Microsoft Corporation
ctfmon.exe 3756 CTF Loader Microsoft Corporation
BTTray.exe 3224 Bluetooth Tray Application Broadcom Corporation.
uBBMonitor.exe 3420 BBMonitor ArcSoft, Inc.
SpybotSD.exe 1868 Spybot - Search & Destroy Safer Networking Limited
procexp.exe 1640 14.93 Sysinternals Process Explorer Sysinternals
ApntEx.exe 3320 Alps Pointing-device Driver for Windows NT/2000/XP Alps Electric Co., Ltd.
Process: SpybotSD.exe Pid: 1868
Type Name
Desktop \Default
Directory \KnownDlls
Directory \Windows
Directory \BaseNamedObjects
Event
Event
Event
Event
Event
Event
Event
Event
Event \BaseNamedObjects\crypt32LogoffEvent
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event \BaseNamedObjects\userenv: User Profile setup event
Event
Event
Event
Event \BaseNamedObjects\snlUIWinAPIPopupExit
Event \BaseNamedObjects\snlUIWinAPIPopupShow
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
File \Device\KsecDD
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
File \Device\WMIDataDevice
File \Device\WMIDataDevice
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
File \Device\NamedPipe\EVENTLOG
File \Device\Tcp
File \Device\NamedPipe\Win32Pipes.0000074c.00000001
File \Device\NamedPipe\Win32Pipes.0000074c.00000001
File \Device\NamedPipe\Win32Pipes.0000074c.00000002
File \Device\NamedPipe\Win32Pipes.0000074c.00000002
File \Device\Ip
File \Device\Tcp
File \Device\Ip
File \Device\Ip
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
File C:\Documents and Settings\John Muoio\Local Settings\Temp\Perflib_Perfdata_74c.dat
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
File C:\Program Files\Spybot - Search & Destroy
IoCompletion
IoCompletion
IoCompletion
IoCompletion
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Key HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder
Key HKCU
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
Key HKCU\Software\Classes
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5
Key HKLM
Key HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters
Key HKCU\Software\Classes
Key HKCR
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKU
Key HKCR
Key HKU
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKCR\CLSID
Key HKCR
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKU
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKCR\CLSID
Key HKCU\Software\Classes
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Key HKCU\Software\Classes
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
Key HKLM\SOFTWARE\Policies
Key HKCU\Software\Policies
Key HKLM\SYSTEM\ControlSet001\Services\.NET CLR Data\Performance
Key HKLM\SYSTEM\ControlSet001\Services\.NET CLR Networking\Performance
Key HKLM\SYSTEM\ControlSet001\Services\.NET Data Provider for Oracle\Performance
Key HKLM\SYSTEM\ControlSet001\Services\.NET Data Provider for SqlServer\Performance
Key HKLM\SYSTEM\ControlSet001\Services\.NETFramework\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ASP.NET\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ASP.NET_1.1.4322\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ASP.NET_2.0.50727\Performance
Key HKLM\SYSTEM\ControlSet001\Services\aspnet_state\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ContentFilter\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ContentIndex\Performance
Key HKLM\SYSTEM\ControlSet001\Services\DataDirect Pervasive .NET Data Provider\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\Performance
Key HKLM\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\MSSQL$MICROSOFTSMLBIZ\Performance
Key HKLM\SYSTEM\ControlSet001\Services\Outlook\Performance
Key HKLM\SYSTEM\ControlSet001\Services\PerfDisk\Performance
Key HKLM\SYSTEM\ControlSet001\Services\PerfNet\Performance
Key HKLM\SYSTEM\ControlSet001\Services\PerfOS\Performance
Key HKLM\SYSTEM\ControlSet001\Services\PerfProc\Performance
Key HKLM\SYSTEM\ControlSet001\Services\PSched\Performance
Key HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\Performance
Key HKLM\SYSTEM\ControlSet001\Services\RSVP\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ServiceModelOperation 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ServiceModelService 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\SMSvcHost 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\Spooler\Performance
Key HKLM\SYSTEM\ControlSet001\Services\TapiSrv\Performance
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Performance
Key HKLM\SYSTEM\ControlSet001\Services\TermService\Performance
Key HKLM\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance
Key HKCU\Software
Key HKLM\SOFTWARE
Key HKCU\Software\Microsoft\Windows\ShellNoRoam
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Key HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
Key HKU
Key HKCU\Software\Classes
Key HKCU\Software\Classes
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
Key HKCU\Software\Classes
Key HKCU\Software\Classes
Key HKCU\Software\Classes
Key HKCU\Software\Classes
Key HKCU\Software\Classes
KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
Mutant \BaseNamedObjects\CTF.LBES.MutexDefaultS-1-5-21-1948308505-267416710-2975318682-1005
Mutant \BaseNamedObjects\CTF.Compart.MutexDefaultS-1-5-21-1948308505-267416710-2975318682-1005
Mutant \BaseNamedObjects\CTF.Asm.MutexDefaultS-1-5-21-1948308505-267416710-2975318682-1005
Mutant \BaseNamedObjects\CTF.Layouts.MutexDefaultS-1-5-21-1948308505-267416710-2975318682-1005
Mutant \BaseNamedObjects\CTF.TMD.MutexDefaultS-1-5-21-1948308505-267416710-2975318682-1005
Mutant \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-1948308505-267416710-2975318682-1005MUTEX.DefaultS-1-5-21-1948308505-267416710-2975318682-1005
Mutant \BaseNamedObjects\ShimCacheMutex
Mutant \BaseNamedObjects\DBWinMutex
Mutant
Mutant
Mutant
Mutant
Mutant
Mutant \BaseNamedObjects\madToolsMsgHandlerMutex$e28$2db1ee4
Mutant \BaseNamedObjects\madToolsMsgHandlerMutex$e28$43e20a4
Mutant \BaseNamedObjects\6DC58E2E-20C2-4AF6-8A8D-34488EE5AE53
Mutant \BaseNamedObjects\MSCTF.GCompartListMUTEX.DefaultS-1-5-21-1948308505-267416710-2975318682-1005
Mutant \BaseNamedObjects\MSCTF.Shared.MUTEX.ICO
Mutant \BaseNamedObjects\MSCTF.Shared.MUTEX.ENO
Mutant \BaseNamedObjects\ZonesCounterMutex
Mutant
Mutant \BaseNamedObjects\.NET CLR Data_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\.NET CLR Networking_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\.NET Data Provider for Oracle_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\.NET Data Provider for SqlServer_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\.NETFramework_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\ASP.NET_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\ASP.NET_1.1.4322_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\ASP.NET_2.0.50727_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\aspnet_state_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\ContentFilter_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\ContentIndex_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\DataDirect Pervasive .NET Data Provider_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\ISAPISearch_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\MSDTC Bridge 3.0.0.0_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\MSSQL$MICROSOFTSMLBIZ_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\Outlook_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\PerfDisk_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\PerfNet_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\PerfOS_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\PerfProc_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\PSched_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\RemoteAccess_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\RSVP_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\ServiceModelEndpoint 3.0.0.0_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\ServiceModelOperation 3.0.0.0_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\ServiceModelService 3.0.0.0_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\SMSvcHost 3.0.0.0_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\Spooler_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\TapiSrv_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\Tcpip_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\TermService_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\WmiApRpl_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\ZoneAttributeCacheCounterMutex
Mutant \BaseNamedObjects\ZoneAttributeCacheCounterMutex
Mutant \BaseNamedObjects\ZonesCacheCounterMutex
Mutant \BaseNamedObjects\ZonesLockedCacheCounterMutex
Mutant \BaseNamedObjects\_SHuassist.mtx
Mutant
Mutant
Port
Port
Port
Port
Port
Process SpybotSD.exe(1868)
Section \BaseNamedObjects\madExceptThreadNameBuf$74c
Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-1948308505-267416710-2975318682-1005
Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-1948308505-267416710-2975318682-1005SFM.DefaultS-1-5-21-1948308505-267416710-2975318682-1005
Section \BaseNamedObjects\ShimSharedMemory
Section \BaseNamedObjects\madExceptSettingsBuf$74c
Section \BaseNamedObjects\MSCTF.GCompartListSFM.DefaultS-1-5-21-1948308505-267416710-2975318682-1005
Section \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.ICO..PKJBDB
Section \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.ICO.B.PKJBDB
Section \BaseNamedObjects\MSCTF.Shared.SFM.ICO
Section \BaseNamedObjects\MSCTF.Shared.SFM.ENO
Section \BaseNamedObjects\Perflib_Perfdata_74c
Section \BaseNamedObjects\UrlZonesSM_John Muoio
Semaphore
Semaphore
Semaphore
Semaphore
Semaphore
Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Semaphore
Semaphore
Semaphore \BaseNamedObjects\shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D}
Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Semaphore \BaseNamedObjects\shell.{7CB834F0-527B-11D2-9D1F-0000F805CA57}
Semaphore
Semaphore
Semaphore
Semaphore
Semaphore
Semaphore
Semaphore
Semaphore
Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Semaphore
Semaphore
Semaphore
Thread SpybotSD.exe(1868): 3624
Thread SpybotSD.exe(1868): 3384
Thread SpybotSD.exe(1868): 3624
Thread SpybotSD.exe(1868): 2480
Thread SpybotSD.exe(1868): 176
Thread SpybotSD.exe(1868): 3624
Thread SpybotSD.exe(1868): 4004
Thread SpybotSD.exe(1868): 4004
Thread SpybotSD.exe(1868): 4048
Thread SpybotSD.exe(1868): 4048
Thread SpybotSD.exe(1868): 3364
Thread SpybotSD.exe(1868): 176
Timer
WindowStation \Windows\WindowStations\WinSta0
WindowStation \Windows\WindowStations\WinSta0
WmiGuid
WmiGuid
WmiGuid
WmiGuid
Below is a snapshot of process and thread activity at the time, from the bottom up are details about the spybot process. Maybe this will be of help in diagnosis.
In case you need to know, Spybot is the only application I ran, system has 1GB of memory, and there haven't been any virtual memory issues to date on the machine.
John
Process PID CPU Description Company Name
System Idle Process 0 82.09
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 860 Windows NT Session Manager Microsoft Corporation
csrss.exe 912 Client Server Runtime Process Microsoft Corporation
winlogon.exe 936 Windows NT Logon Application Microsoft Corporation
services.exe 980 1.49 Services and Controller app Microsoft Corporation
lsass.exe 992 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 3840 Windows Explorer Microsoft Corporation
SPMgr.exe 2500 SPM Module Sony Corporation
Apoint.exe 436 Alps Pointing-device Driver Alps Electric Co., Ltd.
mcvsshld.exe 1052 McAfee VirusScan ActiveShield Resource McAfee, Inc.
oasclnt.exe 2892 McAfee VirusScan OAS Client McAfee, Inc.
mcagent.exe 1864 McAfee SecurityCenter Agent McAfee, Inc
MpfTray.exe 3056 McAfee Personal Firewall Tray Monitor McAfee Security
mscifapp.exe 3112 McAfee Privacy Service McAfee, Inc.
MSKAgent.exe 3132 McAfee SpamKiller Agent Interface module McAfee Inc.
hpztsb09.exe 3244 HP
VAIOUpdt.exe 2672 VAIO Update Sony Corporation
rundll32.exe 2668 Run a DLL as an App Microsoft Corporation
apdproxy.exe 3356 Adobe Photoshop Album Starter Edition 3.2 component Adobe Systems Incorporated
AppleSyncNotifier.exe 3876 AppleSyncNotifier Apple Inc.
hkcmd.exe 3444 hkcmd Module Intel Corporation
HKServ.exe 2136 Sony Corporation
ipoint.exe 3500 IPoint.exe Microsoft Corporation
WDBtnMgr.exe 3656 WD Button Manager Western Digital Technologies, Inc.
iTunesHelper.exe 3716 iTunesHelper Module Apple Inc.
msmsgs.exe 3724 Windows Messenger Microsoft Corporation
ctfmon.exe 3756 CTF Loader Microsoft Corporation
BTTray.exe 3224 Bluetooth Tray Application Broadcom Corporation.
uBBMonitor.exe 3420 BBMonitor ArcSoft, Inc.
SpybotSD.exe 1868 Spybot - Search & Destroy Safer Networking Limited
procexp.exe 1640 14.93 Sysinternals Process Explorer Sysinternals
ApntEx.exe 3320 Alps Pointing-device Driver for Windows NT/2000/XP Alps Electric Co., Ltd.
Process: SpybotSD.exe Pid: 1868
Type Name
Desktop \Default
Directory \KnownDlls
Directory \Windows
Directory \BaseNamedObjects
Event
Event
Event
Event
Event
Event
Event
Event
Event \BaseNamedObjects\crypt32LogoffEvent
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event \BaseNamedObjects\userenv: User Profile setup event
Event
Event
Event
Event \BaseNamedObjects\snlUIWinAPIPopupExit
Event \BaseNamedObjects\snlUIWinAPIPopupShow
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
File \Device\KsecDD
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
File \Device\WMIDataDevice
File \Device\WMIDataDevice
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
File \Device\NamedPipe\EVENTLOG
File \Device\Tcp
File \Device\NamedPipe\Win32Pipes.0000074c.00000001
File \Device\NamedPipe\Win32Pipes.0000074c.00000001
File \Device\NamedPipe\Win32Pipes.0000074c.00000002
File \Device\NamedPipe\Win32Pipes.0000074c.00000002
File \Device\Ip
File \Device\Tcp
File \Device\Ip
File \Device\Ip
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
File C:\Documents and Settings\John Muoio\Local Settings\Temp\Perflib_Perfdata_74c.dat
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
File C:\Program Files\Spybot - Search & Destroy
IoCompletion
IoCompletion
IoCompletion
IoCompletion
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Key HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder
Key HKCU
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
Key HKCU\Software\Classes
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5
Key HKLM
Key HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters
Key HKCU\Software\Classes
Key HKCR
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKU
Key HKCR
Key HKU
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKCR\CLSID
Key HKCR
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKU
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKCR\CLSID
Key HKCU\Software\Classes
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Key HKCU\Software\Classes
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
Key HKLM\SOFTWARE\Policies
Key HKCU\Software\Policies
Key HKLM\SYSTEM\ControlSet001\Services\.NET CLR Data\Performance
Key HKLM\SYSTEM\ControlSet001\Services\.NET CLR Networking\Performance
Key HKLM\SYSTEM\ControlSet001\Services\.NET Data Provider for Oracle\Performance
Key HKLM\SYSTEM\ControlSet001\Services\.NET Data Provider for SqlServer\Performance
Key HKLM\SYSTEM\ControlSet001\Services\.NETFramework\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ASP.NET\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ASP.NET_1.1.4322\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ASP.NET_2.0.50727\Performance
Key HKLM\SYSTEM\ControlSet001\Services\aspnet_state\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ContentFilter\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ContentIndex\Performance
Key HKLM\SYSTEM\ControlSet001\Services\DataDirect Pervasive .NET Data Provider\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\Performance
Key HKLM\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\MSSQL$MICROSOFTSMLBIZ\Performance
Key HKLM\SYSTEM\ControlSet001\Services\Outlook\Performance
Key HKLM\SYSTEM\ControlSet001\Services\PerfDisk\Performance
Key HKLM\SYSTEM\ControlSet001\Services\PerfNet\Performance
Key HKLM\SYSTEM\ControlSet001\Services\PerfOS\Performance
Key HKLM\SYSTEM\ControlSet001\Services\PerfProc\Performance
Key HKLM\SYSTEM\ControlSet001\Services\PSched\Performance
Key HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\Performance
Key HKLM\SYSTEM\ControlSet001\Services\RSVP\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ServiceModelOperation 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ServiceModelService 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\SMSvcHost 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\Spooler\Performance
Key HKLM\SYSTEM\ControlSet001\Services\TapiSrv\Performance
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Performance
Key HKLM\SYSTEM\ControlSet001\Services\TermService\Performance
Key HKLM\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance
Key HKCU\Software
Key HKLM\SOFTWARE
Key HKCU\Software\Microsoft\Windows\ShellNoRoam
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Key HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
Key HKU
Key HKCU\Software\Classes
Key HKCU\Software\Classes
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
Key HKCU\Software\Classes
Key HKCU\Software\Classes
Key HKCU\Software\Classes
Key HKCU\Software\Classes
Key HKCU\Software\Classes
KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
Mutant \BaseNamedObjects\CTF.LBES.MutexDefaultS-1-5-21-1948308505-267416710-2975318682-1005
Mutant \BaseNamedObjects\CTF.Compart.MutexDefaultS-1-5-21-1948308505-267416710-2975318682-1005
Mutant \BaseNamedObjects\CTF.Asm.MutexDefaultS-1-5-21-1948308505-267416710-2975318682-1005
Mutant \BaseNamedObjects\CTF.Layouts.MutexDefaultS-1-5-21-1948308505-267416710-2975318682-1005
Mutant \BaseNamedObjects\CTF.TMD.MutexDefaultS-1-5-21-1948308505-267416710-2975318682-1005
Mutant \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-1948308505-267416710-2975318682-1005MUTEX.DefaultS-1-5-21-1948308505-267416710-2975318682-1005
Mutant \BaseNamedObjects\ShimCacheMutex
Mutant \BaseNamedObjects\DBWinMutex
Mutant
Mutant
Mutant
Mutant
Mutant
Mutant \BaseNamedObjects\madToolsMsgHandlerMutex$e28$2db1ee4
Mutant \BaseNamedObjects\madToolsMsgHandlerMutex$e28$43e20a4
Mutant \BaseNamedObjects\6DC58E2E-20C2-4AF6-8A8D-34488EE5AE53
Mutant \BaseNamedObjects\MSCTF.GCompartListMUTEX.DefaultS-1-5-21-1948308505-267416710-2975318682-1005
Mutant \BaseNamedObjects\MSCTF.Shared.MUTEX.ICO
Mutant \BaseNamedObjects\MSCTF.Shared.MUTEX.ENO
Mutant \BaseNamedObjects\ZonesCounterMutex
Mutant
Mutant \BaseNamedObjects\.NET CLR Data_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\.NET CLR Networking_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\.NET Data Provider for Oracle_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\.NET Data Provider for SqlServer_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\.NETFramework_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\ASP.NET_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\ASP.NET_1.1.4322_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\ASP.NET_2.0.50727_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\aspnet_state_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\ContentFilter_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\ContentIndex_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\DataDirect Pervasive .NET Data Provider_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\ISAPISearch_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\MSDTC Bridge 3.0.0.0_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\MSSQL$MICROSOFTSMLBIZ_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\Outlook_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\PerfDisk_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\PerfNet_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\PerfOS_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\PerfProc_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\PSched_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\RemoteAccess_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\RSVP_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\ServiceModelEndpoint 3.0.0.0_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\ServiceModelOperation 3.0.0.0_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\ServiceModelService 3.0.0.0_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\SMSvcHost 3.0.0.0_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\Spooler_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\TapiSrv_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\Tcpip_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\TermService_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\WmiApRpl_Perf_Library_Lock_PID_74c
Mutant \BaseNamedObjects\ZoneAttributeCacheCounterMutex
Mutant \BaseNamedObjects\ZoneAttributeCacheCounterMutex
Mutant \BaseNamedObjects\ZonesCacheCounterMutex
Mutant \BaseNamedObjects\ZonesLockedCacheCounterMutex
Mutant \BaseNamedObjects\_SHuassist.mtx
Mutant
Mutant
Port
Port
Port
Port
Port
Process SpybotSD.exe(1868)
Section \BaseNamedObjects\madExceptThreadNameBuf$74c
Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-1948308505-267416710-2975318682-1005
Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-1948308505-267416710-2975318682-1005SFM.DefaultS-1-5-21-1948308505-267416710-2975318682-1005
Section \BaseNamedObjects\ShimSharedMemory
Section \BaseNamedObjects\madExceptSettingsBuf$74c
Section \BaseNamedObjects\MSCTF.GCompartListSFM.DefaultS-1-5-21-1948308505-267416710-2975318682-1005
Section \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.ICO..PKJBDB
Section \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.ICO.B.PKJBDB
Section \BaseNamedObjects\MSCTF.Shared.SFM.ICO
Section \BaseNamedObjects\MSCTF.Shared.SFM.ENO
Section \BaseNamedObjects\Perflib_Perfdata_74c
Section \BaseNamedObjects\UrlZonesSM_John Muoio
Semaphore
Semaphore
Semaphore
Semaphore
Semaphore
Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Semaphore
Semaphore
Semaphore \BaseNamedObjects\shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D}
Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Semaphore \BaseNamedObjects\shell.{7CB834F0-527B-11D2-9D1F-0000F805CA57}
Semaphore
Semaphore
Semaphore
Semaphore
Semaphore
Semaphore
Semaphore
Semaphore
Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Semaphore
Semaphore
Semaphore
Thread SpybotSD.exe(1868): 3624
Thread SpybotSD.exe(1868): 3384
Thread SpybotSD.exe(1868): 3624
Thread SpybotSD.exe(1868): 2480
Thread SpybotSD.exe(1868): 176
Thread SpybotSD.exe(1868): 3624
Thread SpybotSD.exe(1868): 4004
Thread SpybotSD.exe(1868): 4004
Thread SpybotSD.exe(1868): 4048
Thread SpybotSD.exe(1868): 4048
Thread SpybotSD.exe(1868): 3364
Thread SpybotSD.exe(1868): 176
Timer
WindowStation \Windows\WindowStations\WinSta0
WindowStation \Windows\WindowStations\WinSta0
WmiGuid
WmiGuid
WmiGuid
WmiGuid