Slow Computer, and freezing

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Slow Computer, and freezing

Post by CMiz2184 on Thu 16 Sep 2010, 12:06 pm

Hello,
After startup my computer runs sluggish and freezes after about 15minutes....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:45 PM, on 9/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\AOL\1158458345\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\PROGRA~1\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158458345\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [Dell QuickSet] C:\PROGRA~1\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [MWLExe] C:\PROGRA~1\Mcafee\MWL\MWLGuiSt.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Uvudatagacuti] rundll32.exe "C:\WINDOWS\ezagupis.dll",Startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Vzowalirikijira] rundll32.exe "C:\WINDOWS\wcifx5.dll",Startup
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c985946d07dba9) (gupdate1c985946d07dba9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13201 bytes

CMiz2184

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2009-03-18
Operating System : XP

View user profile

Back to top Go down

Re: Slow Computer, and freezing

Post by DragonMaster Jay on Thu 16 Sep 2010, 4:22 pm

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow Computer, and freezing

Post by CMiz2184 on Tue 21 Sep 2010, 2:54 am

ComboFix 10-09-19.04 - Mizurak 09/20/2010 11:32:33.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.677 [GMT -4:00]
Running from: c:\documents and settings\Mizurak\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mizurak\g2mdlhlpx.exe
c:\documents and settings\Mizurak\Local Settings\Application Data\{824C8F75-9BB0-4057-88DA-5AB78118761B}
c:\documents and settings\Mizurak\Local Settings\Application Data\{824C8F75-9BB0-4057-88DA-5AB78118761B}\chrome.manifest
c:\documents and settings\Mizurak\Local Settings\Application Data\{824C8F75-9BB0-4057-88DA-5AB78118761B}\chrome\content\_cfg.js
c:\documents and settings\Mizurak\Local Settings\Application Data\{824C8F75-9BB0-4057-88DA-5AB78118761B}\chrome\content\overlay.xul
c:\documents and settings\Mizurak\Local Settings\Application Data\{824C8F75-9BB0-4057-88DA-5AB78118761B}\install.rdf
c:\documents and settings\Mizurak\Recent\Thumbs.db
c:\documents and settings\NetworkService\Application Data\antispy.exe
c:\windows\ajiharucu.dll
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\heart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\plates.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\tray.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalk.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalkup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancel.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancelup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\close.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\closeup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continueover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplay.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pause.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pauseover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submitup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagain.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\career.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\customer.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\endless.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\global.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\powerups.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\textedit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\title.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\playfirst_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\credits.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level_career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\dinerdash.exe
c:\windows\ezagupis.dll
c:\windows\wcifx5.dll

Infected copy of c:\windows\system32\drivers\omci.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))
.

2010-09-09 01:16 . 2010-09-09 01:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-09 00:11 . 2010-09-16 00:33 452104 ----a-w- c:\documents and settings\Mizurak\Application Data\Real\Update\setup3.12\setup.exe
2010-09-01 02:38 . 2010-07-09 14:26 475136 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\RMCCreationInfo.exe
2010-09-01 02:38 . 2010-07-02 14:25 1118208 ------w- c:\documents and settings\All Users\Application Data\Dell\RMC\Libxml2.dll
2010-09-01 02:38 . 2010-07-02 14:25 60416 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\ZLib1.dll
2010-09-01 02:37 . 2010-08-17 18:10 372736 ------w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 15:01 . 2007-11-19 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-16 00:43 . 2008-01-30 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-07-15 00:13 . 2010-07-14 21:22 2811 ----a-w- c:\windows\Wsusihire.dat
2010-07-14 21:22 . 2010-07-14 21:22 0 ----a-w- c:\windows\Jfexujolije.bin
2010-06-29 02:53 . 2006-09-13 01:30 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-29 02:25 . 2010-06-29 02:25 50354 -c--a-w- c:\documents and settings\Mizurak\Application Data\Facebook\uninstall.exe
2010-06-29 01:34 . 2010-04-21 01:56 439816 -c--a-w- c:\documents and settings\Mizurak\Application Data\Real\Update\setup3.10\setup.exe
2009-12-09 02:54 . 2008-02-05 22:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-01-29 16:52 . 2006-09-13 01:30 88 --sh--r- c:\windows\system32\A4CDBF4FD7.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 184376]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"HostManager"="c:\program files\Common Files\AOL\1158458345\ee\AOLSoftware.exe" [2007-10-08 41824]
"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"Dell QuickSet"="c:\progra~1\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-14 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-29 185896]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-22 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-1 24576]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-10-15 6287176]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1158458345\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1158458345\\ee\\aim6.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/8/2009 10:05 PM 24652]
S2 gupdate1c985946d07dba9;Google Update Service (gupdate1c985946d07dba9);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2009 8:14 PM 133104]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/1/2006 10:36 PM 30192]
.
Contents of the 'Scheduled Tasks' folder

2010-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42]

2010-09-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 00:46]

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 00:14]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 00:14]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride =
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\
FF - component: c:\documents and settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Mizurak\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWXM32.DLL
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKCU-Run-Vzowalirikijira - c:\windows\wcifx5.dll
HKLM-Run-MWLExe - c:\progra~1\Mcafee\MWL\MWLGuiSt.exe
HKLM-Run-Uvudatagacuti - c:\windows\ezagupis.dll
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-20 11:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\wanmpsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\TechSmith\Snagit 9\TSCHelp.exe
c:\program files\TechSmith\Snagit 9\SnagPriv.exe
c:\program files\TechSmith\Snagit 9\snagiteditor.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-09-20 11:53:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-20 15:53

Pre-Run: 85,616,566,272 bytes free
Post-Run: 85,847,588,864 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 281B3E128BC3BA23375168C0D872BBE5

CMiz2184

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2009-03-18
Operating System : XP

View user profile

Back to top Go down

Re: Slow Computer, and freezing

Post by DragonMaster Jay on Tue 21 Sep 2010, 8:03 pm

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    Code:
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5643
    uInternet Settings,ProxyOverride =

    MBR::
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow Computer, and freezing

Post by CMiz2184 on Wed 22 Sep 2010, 3:42 am

ComboFix 10-09-19.04 - Mizurak 09/21/2010 12:22:39.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.370 [GMT -4:00]
Running from: c:\documents and settings\Mizurak\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mizurak\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-08-21 to 2010-09-21 )))))))))))))))))))))))))))))))
.

2010-09-21 01:10 . 2010-09-21 01:10 -------- d-----w- c:\program files\Franson
2010-09-21 00:55 . 2009-11-19 18:33 51200 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2010-09-21 00:55 . 2005-08-03 20:05 35892 ----a-w- c:\windows\system32\SER9PL.sys
2010-09-09 01:16 . 2010-09-09 01:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-21 16:02 . 2007-11-19 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-21 00:55 . 2006-09-02 02:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-16 00:43 . 2008-01-30 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-09-16 00:33 . 2010-09-09 00:11 452104 ----a-w- c:\documents and settings\Mizurak\Application Data\Real\Update\setup3.12\setup.exe
2010-08-17 18:10 . 2010-09-01 02:37 372736 ------w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe
2010-08-17 13:17 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2005-08-16 09:18 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 01:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 00:13 . 2010-07-14 21:22 2811 ----a-w- c:\windows\Wsusihire.dat
2010-07-14 21:22 . 2010-07-14 21:22 0 ----a-w- c:\windows\Jfexujolije.bin
2010-07-09 14:26 . 2010-09-01 02:38 475136 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\RMCCreationInfo.exe
2010-07-02 14:25 . 2010-09-01 02:38 1118208 ------w- c:\documents and settings\All Users\Application Data\Dell\RMC\Libxml2.dll
2010-07-02 14:25 . 2010-09-01 02:38 60416 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\ZLib1.dll
2010-06-30 12:31 . 2005-08-16 09:18 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-29 02:53 . 2006-09-13 01:30 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-29 02:25 . 2010-06-29 02:25 50354 -c--a-w- c:\documents and settings\Mizurak\Application Data\Facebook\uninstall.exe
2010-06-29 01:34 . 2010-04-21 01:56 439816 -c--a-w- c:\documents and settings\Mizurak\Application Data\Real\Update\setup3.10\setup.exe
2010-06-24 12:10 . 2005-08-16 09:18 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:10 . 2005-08-16 09:18 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-09 02:54 . 2008-02-05 22:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-01-29 16:52 . 2006-09-13 01:30 88 --sh--r- c:\windows\system32\A4CDBF4FD7.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 184376]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"HostManager"="c:\program files\Common Files\AOL\1158458345\ee\AOLSoftware.exe" [2007-10-08 41824]
"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"Dell QuickSet"="c:\progra~1\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-14 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-29 185896]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

c:\documents and settings\Mizurak\Start Menu\Programs\Startup\
GpsGate.lnk - c:\program files\Franson\GpsGate 2.0\GpsGateXP.exe [2008-9-12 540672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-22 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-1 24576]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-10-15 6287176]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1158458345\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1158458345\\ee\\aim6.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [4/3/2006 10:00 PM 14949]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/8/2009 10:05 PM 24652]
S2 gupdate1c985946d07dba9;Google Update Service (gupdate1c985946d07dba9);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2009 8:14 PM 133104]
S3 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\Franson\GpsGate 2.0\GpsGateService.exe [9/12/2008 1:58 AM 258048]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/1/2006 10:36 PM 30192]
.
Contents of the 'Scheduled Tasks' folder

2010-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42]

2010-09-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 00:46]

2010-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 00:14]

2010-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 00:14]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\
FF - component: c:\documents and settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Mizurak\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWXM32.DLL
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-21 12:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(848)
c:\program files\Common Files\AOL\ACS\WLHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\wanmpsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\TechSmith\Snagit 9\TSCHelp.exe
c:\program files\TechSmith\Snagit 9\SnagPriv.exe
c:\program files\TechSmith\Snagit 9\snagiteditor.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-09-21 12:39:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-21 16:39
ComboFix2.txt 2010-09-20 15:53

Pre-Run: 84,943,335,424 bytes free
Post-Run: 84,954,128,384 bytes free

- - End Of File - - 4392F8EB3679D180602D16E49FE1F2C0

CMiz2184

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2009-03-18
Operating System : XP

View user profile

Back to top Go down

Re: Slow Computer, and freezing

Post by DragonMaster Jay on Wed 22 Sep 2010, 6:49 am

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
    Link 1
    Link 2
    Link 3

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow Computer, and freezing

Post by CMiz2184 on Wed 22 Sep 2010, 9:04 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 148):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7AFD000 \WINDOWS\system32\KDCOM.DLL
0xF7A0D000 \WINDOWS\system32\BOOTVID.dll
0xF74CE000 ACPI.sys
0xF7AFF000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74BD000 pci.sys
0xF75FD000 isapnp.sys
0xF7A11000 compbatt.sys
0xF7A15000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7BC5000 pciide.sys
0xF787D000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF760D000 MountMgr.sys
0xF749E000 ftdisk.sys
0xF7478000 dmio.sys
0xF7885000 PartMgr.sys
0xF761D000 VolSnap.sys
0xF7460000 atapi.sys
0xF762D000 disk.sys
0xF763D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7440000 fltmgr.sys
0xF742E000 sr.sys
0xF7419000 drvmcdb.sys
0xF788D000 PxHelp20.sys
0xF7402000 KSecDD.sys
0xF7375000 Ntfs.sys
0xF7348000 NDIS.sys
0xF7B01000 speedfan.sys
0xF764D000 ohci1394.sys
0xF765D000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF732E000 Mup.sys
0xF7BC6000 giveio.sys
0xF767D000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF770D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7AF9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF730A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF69A1000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF698D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6965000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF67C3000 \SystemRoot\system32\DRIVERS\NETw3x32.sys
0xF79BD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF679F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79C5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF771D000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF678B000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF79CD000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF772D000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xF673F000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xF773D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF6710000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7B31000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF79D5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79DD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF774D000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7B35000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF775D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF776D000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF66ED000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7C89000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF777D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF72EA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF66D6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF778D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF779D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF79E5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF66C5000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77AD000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79ED000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79F5000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF79FD000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xF6695000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF77BD000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B37000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6637000 \SystemRoot\system32\DRIVERS\update.sys
0xF6C02000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7A05000 \SystemRoot\system32\DRIVERS\omci.sys
0xF77DD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA599000 \SystemRoot\system32\drivers\sthda.sys
0xAA575000 \SystemRoot\system32\drivers\portcls.sys
0xF77FD000 \SystemRoot\system32\drivers\drmk.sys
0xAA543000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xAA446000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xAA396000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF78BD000 \SystemRoot\System32\Drivers\Modem.SYS
0xF782D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AED000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7B65000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C43000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B67000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78ED000 \SystemRoot\system32\drivers\ssrtln.sys
0xF78F5000 \SystemRoot\System32\drivers\vga.sys
0xF7B69000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B6B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78FD000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7905000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7AF5000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA2E1000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA288000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA260000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA23A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF6C16000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xAA218000 \SystemRoot\System32\drivers\afd.sys
0xF784D000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA1ED000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA17D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF786D000 \SystemRoot\System32\Drivers\Fips.SYS
0xF6623000 \SystemRoot\System32\drivers\bizVSerialNT.sys
0xF661B000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF6B6F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF6B5F000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA9025000 \SystemRoot\System32\Drivers\Udfs.SYS
0xA900D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BA9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA2F8000 \SystemRoot\System32\drivers\Dxapi.sys
0xA91BA000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CD9000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF783D000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7C71000 \SystemRoot\system32\dla\tfsndres.sys
0xA8F57000 \SystemRoot\system32\dla\tfsnifs.sys
0xA8FD9000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7B0F000 \SystemRoot\system32\dla\tfsnpool.sys
0xF794D000 \SystemRoot\system32\dla\tfsnboio.sys
0xF6B2F000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7CF7000 \SystemRoot\system32\dla\tfsndrct.sys
0xA8F3E000 \SystemRoot\system32\dla\tfsnudf.sys
0xA8F25000 \SystemRoot\system32\dla\tfsnudfa.sys
0xA905E000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA8F85000 \SystemRoot\system32\DRIVERS\packet.sys
0xA8F79000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA8EED000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8C78000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B57000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xA8A7F000 \SystemRoot\System32\Drivers\HTTP.sys
0xA89D8000 \SystemRoot\system32\DRIVERS\srv.sys
0xA8B88000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA81F3000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8670000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7B15000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
0xA774A000 \SystemRoot\system32\drivers\kmixer.sys
0xA8CF9000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 75):
0 System Idle Process
4 System
824 C:\WINDOWS\system32\smss.exe
876 csrss.exe
900 C:\WINDOWS\system32\winlogon.exe
944 C:\WINDOWS\system32\services.exe
956 C:\WINDOWS\system32\lsass.exe
1144 C:\WINDOWS\system32\svchost.exe
1192 svchost.exe
1232 C:\WINDOWS\system32\svchost.exe
1292 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1408 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1436 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
1532 svchost.exe
1640 svchost.exe
1864 C:\WINDOWS\system32\spoolsv.exe
1936 svchost.exe
1964 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
1976 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
2008 C:\WINDOWS\ehome\ehrecvr.exe
2028 C:\WINDOWS\ehome\ehSched.exe
300 C:\Program Files\Java\jre6\bin\jqs.exe
408 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
504 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
616 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
676 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
724 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
872 svchost.exe
1096 C:\WINDOWS\system32\svchost.exe
1280 C:\Program Files\Viewpoint\Common\ViewpointService.exe
1476 C:\WINDOWS\wanmpsvc.exe
1768 mcrdsvc.exe
2628 C:\Program Files\Canon\CAL\CALMAIN.exe
2736 wmiprvse.exe
2944 C:\WINDOWS\system32\dllhost.exe
3104 alg.exe
284 C:\WINDOWS\explorer.exe
552 C:\WINDOWS\system32\wscntfy.exe
2344 C:\WINDOWS\ehome\ehtray.exe
2428 C:\WINDOWS\system32\hkcmd.exe
2468 C:\WINDOWS\system32\igfxsrvc.exe
2480 C:\WINDOWS\system32\igfxpers.exe
2528 C:\WINDOWS\stsystra.exe
2544 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2564 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
2580 C:\WINDOWS\system32\dla\tfswctrl.exe
2612 C:\WINDOWS\ehome\ehmsas.exe
1324 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2784 C:\Program Files\Common Files\AOL\1158458345\ee\aolsoftware.exe
2808 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE
2868 C:\PROGRA~1\Dell\QuickSet\quickset.exe
2644 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
3012 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
3164 C:\Program Files\Java\jre6\bin\jusched.exe
3196 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3216 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
3284 C:\Program Files\Microsoft Money\System\Money Express.exe
3372 C:\WINDOWS\system32\svchost.exe
3428 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3488 C:\Program Files\DellSupport\DSAgnt.exe
1588 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3832 C:\Program Files\Digital Line Detect\DLG.exe
3884 C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
3960 C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
672 C:\Program Files\Franson\GpsGate 2.0\GpsGateXP.exe
2240 C:\Program Files\TechSmith\Snagit 9\TscHelp.exe
3812 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
3600 C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
2460 C:\WINDOWS\system32\ctfmon.exe
372 C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe
2444 C:\Program Files\Java\jre6\bin\jucheck.exe
496 C:\Program Files\Mozilla Firefox\firefox.exe
3328 C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
1112 C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
592 C:\Documents and Settings\Mizurak\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541612J9SA00, Rev: SBDOC74P

Size Device Name MBR Status
--------------------------------------------
110 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 86489E3B39BA71CCD7428B67894DE6732DFFF0C8


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

CMiz2184

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2009-03-18
Operating System : XP

View user profile

Back to top Go down

Re: Slow Computer, and freezing

Post by DragonMaster Jay on Thu 23 Sep 2010, 8:05 am

Fix using MBRCheck.exe

Run MBRCheck.exe again by double-clicking on it.
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Enter 'Y' and then press Enter.
  • When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  • Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes followed by a list of operating systems as shown below:
    Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel
    Please select the MBR code to write to this drive:
  • Please select your version of Windows from the list and enter the corresponding number and then press Enter.
  • When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
  • Left-click on the title bar (where program name and path is written).
  • From the menu chose Edit -> Select All.
  • Press the Enter key to copy selected text.
  • Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  • If your computer does not restart on its own, please restart it manually.

Important Note: The Master Boot Record contains the Partition Table for the hard disk and a a little executable code for the boot start. While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the MBR, which may cause the computer to not boot up or it may corrupt a partition.

The following are signs of a damaged MBR:
  • Invalid Partition Table
  • Missing Operating System
  • Error loading operating system


If it is the worst case scenario, and your computer cannot boot, please take note of the following:

Please have your Windows CD available, which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then, if any problems occur, the links below explain how to use and repair the MBR:
  • How to use the Recovery Console
  • How to fix MBR in Windows XP and Vista


If you do not have a Windows CD available, please let me know. You will need access to a computer that can burn CDs.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow Computer, and freezing

Post by CMiz2184 on Thu 23 Sep 2010, 8:51 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)

Size Device Name MBR Status
--------------------------------------------
110 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 86489E3B39BA71CCD7428B67894DE6732DFFF0C8


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: y

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: 2

Enter the physical disk number to fix (0-99, -1 to cancel): 0
Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
Press ENTER to exit...

CMiz2184

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2009-03-18
Operating System : XP

View user profile

Back to top Go down

Re: Slow Computer, and freezing

Post by DragonMaster Jay on Thu 23 Sep 2010, 8:59 am

Now, post a new MBRCheck log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow Computer, and freezing

Post by CMiz2184 on Thu 23 Sep 2010, 9:02 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 148):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7AFD000 \WINDOWS\system32\KDCOM.DLL
0xF7A0D000 \WINDOWS\system32\BOOTVID.dll
0xF74CE000 ACPI.sys
0xF7AFF000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74BD000 pci.sys
0xF75FD000 isapnp.sys
0xF7A11000 compbatt.sys
0xF7A15000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7BC5000 pciide.sys
0xF787D000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF760D000 MountMgr.sys
0xF749E000 ftdisk.sys
0xF7478000 dmio.sys
0xF7885000 PartMgr.sys
0xF761D000 VolSnap.sys
0xF7460000 atapi.sys
0xF762D000 disk.sys
0xF763D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7440000 fltmgr.sys
0xF742E000 sr.sys
0xF7419000 drvmcdb.sys
0xF788D000 PxHelp20.sys
0xF7402000 KSecDD.sys
0xF7375000 Ntfs.sys
0xF7348000 NDIS.sys
0xF7B01000 speedfan.sys
0xF764D000 ohci1394.sys
0xF765D000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF732E000 Mup.sys
0xF7BC6000 giveio.sys
0xF767D000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF76DD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7302000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF72FE000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6A50000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF6A3C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6A14000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6872000 \SystemRoot\system32\DRIVERS\NETw3x32.sys
0xF79D5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF684E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79DD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF770D000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF683A000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF79E5000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF771D000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xF67EE000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xF772D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF67BF000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7B3B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF79ED000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79F5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF773D000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7B3D000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF774D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF775D000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF679C000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7C7B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF776D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF72EA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6785000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF777D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF778D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF79FD000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6774000 \SystemRoot\system32\DRIVERS\psched.sys
0xF779D000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7A05000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF789D000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF78BD000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xF6744000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF77AD000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B3F000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF66E6000 \SystemRoot\system32\DRIVERS\update.sys
0xF6DA9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF78C5000 \SystemRoot\system32\DRIVERS\omci.sys
0xF77BD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA665000 \SystemRoot\system32\drivers\sthda.sys
0xAA641000 \SystemRoot\system32\drivers\portcls.sys
0xF77DD000 \SystemRoot\system32\drivers\drmk.sys
0xAA60F000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xAA3FB000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xAA34B000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF78DD000 \SystemRoot\System32\Drivers\Modem.SYS
0xF780D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AE9000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7B69000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C3E000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B6B000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7905000 \SystemRoot\system32\drivers\ssrtln.sys
0xF7915000 \SystemRoot\System32\drivers\vga.sys
0xF7B6F000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B71000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF791D000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7925000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7AED000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA2B0000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA257000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA215000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA1EF000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF730A000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xAA1CD000 \SystemRoot\System32\drivers\afd.sys
0xF781D000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA1A2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA132000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF783D000 \SystemRoot\System32\Drivers\Fips.SYS
0xF66D6000 \SystemRoot\System32\drivers\bizVSerialNT.sys
0xF66CE000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF784D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF785D000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA8FF2000 \SystemRoot\System32\Drivers\Udfs.SYS
0xA8FDA000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BB9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA11A000 \SystemRoot\System32\drivers\Dxapi.sys
0xA9157000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CAE000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA90AF000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7CE0000 \SystemRoot\system32\dla\tfsndres.sys
0xA8F24000 \SystemRoot\system32\dla\tfsnifs.sys
0xA8FAE000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7B1F000 \SystemRoot\system32\dla\tfsnpool.sys
0xA9043000 \SystemRoot\system32\dla\tfsnboio.sys
0xA909F000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7CE6000 \SystemRoot\system32\dla\tfsndrct.sys
0xA8F0B000 \SystemRoot\system32\dla\tfsnudf.sys
0xA8EF2000 \SystemRoot\system32\dla\tfsnudfa.sys
0xA902B000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA8F4A000 \SystemRoot\system32\DRIVERS\packet.sys
0xA8F46000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA8EAE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8C45000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B79000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xA8A4C000 \SystemRoot\System32\Drivers\HTTP.sys
0xA89A5000 \SystemRoot\system32\DRIVERS\srv.sys
0xA8AB1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA81C0000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8365000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8E8A000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xF7B99000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
0xA70D5000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 73):
0 System Idle Process
4 System
828 C:\WINDOWS\system32\smss.exe
876 csrss.exe
900 C:\WINDOWS\system32\winlogon.exe
944 C:\WINDOWS\system32\services.exe
960 C:\WINDOWS\system32\lsass.exe
1140 C:\WINDOWS\system32\svchost.exe
1188 svchost.exe
1228 C:\WINDOWS\system32\svchost.exe
1288 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1420 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1440 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
1540 svchost.exe
1640 svchost.exe
1824 C:\WINDOWS\system32\spoolsv.exe
1928 svchost.exe
1956 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
1968 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
2000 C:\WINDOWS\ehome\ehrecvr.exe
2020 C:\WINDOWS\ehome\ehSched.exe
332 C:\Program Files\Java\jre6\bin\jqs.exe
364 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
512 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
572 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
668 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
744 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
772 svchost.exe
804 C:\WINDOWS\system32\svchost.exe
1092 C:\Program Files\Viewpoint\Common\ViewpointService.exe
1280 C:\WINDOWS\wanmpsvc.exe
1684 mcrdsvc.exe
2384 C:\Program Files\Canon\CAL\CALMAIN.exe
2472 wmiprvse.exe
2908 C:\WINDOWS\system32\dllhost.exe
3468 alg.exe
3960 C:\WINDOWS\system32\wscntfy.exe
3968 C:\WINDOWS\explorer.exe
1600 C:\WINDOWS\ehome\ehtray.exe
1724 C:\WINDOWS\system32\hkcmd.exe
2176 C:\WINDOWS\system32\igfxpers.exe
2184 C:\WINDOWS\stsystra.exe
2276 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2284 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
2292 C:\WINDOWS\system32\dla\tfswctrl.exe
2060 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1980 C:\WINDOWS\system32\igfxsrvc.exe
2460 C:\Program Files\Common Files\AOL\1158458345\ee\aolsoftware.exe
2484 C:\WINDOWS\ehome\ehmsas.exe
2500 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE
2508 C:\PROGRA~1\Dell\QuickSet\quickset.exe
2672 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
2728 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
2796 C:\Program Files\Java\jre6\bin\jusched.exe
2896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2952 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
1560 C:\Program Files\Microsoft Money\System\Money Express.exe
3088 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3228 C:\Program Files\DellSupport\DSAgnt.exe
3408 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3484 C:\WINDOWS\system32\ctfmon.exe
3628 C:\WINDOWS\system32\svchost.exe
3676 C:\Program Files\Digital Line Detect\DLG.exe
852 C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
2604 C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
568 C:\Program Files\Franson\GpsGate 2.0\GpsGateXP.exe
2768 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
3040 C:\Program Files\TechSmith\Snagit 9\TscHelp.exe
2996 C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
2780 C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe
1392 C:\Program Files\Java\jre6\bin\jucheck.exe
2684 C:\Program Files\Mozilla Firefox\firefox.exe
1216 C:\Documents and Settings\Mizurak\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541612J9SA00, Rev: SBDOC74P

Size Device Name MBR Status
--------------------------------------------
110 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 86489E3B39BA71CCD7428B67894DE6732DFFF0C8


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

CMiz2184

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2009-03-18
Operating System : XP

View user profile

Back to top Go down

Re: Slow Computer, and freezing

Post by DragonMaster Jay on Thu 23 Sep 2010, 9:10 am

Please re-run ComboFix and post a log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow Computer, and freezing

Post by CMiz2184 on Thu 23 Sep 2010, 9:23 am

ComboFix 10-09-19.04 - Mizurak 09/22/2010 18:13:10.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.298 [GMT -4:00]
Running from: c:\documents and settings\Mizurak\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-08-22 to 2010-09-22 )))))))))))))))))))))))))))))))
.

2010-09-21 01:10 . 2010-09-21 01:10 -------- d-----w- c:\program files\Franson
2010-09-21 00:55 . 2009-11-19 18:33 51200 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2010-09-21 00:55 . 2005-08-03 20:05 35892 ----a-w- c:\windows\system32\SER9PL.sys
2010-09-09 01:16 . 2010-09-09 01:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-09 00:11 . 2010-09-16 00:33 452104 ----a-w- c:\documents and settings\Mizurak\Application Data\Real\Update\setup3.12\setup.exe
2010-09-01 02:38 . 2010-07-09 14:26 475136 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\RMCCreationInfo.exe
2010-09-01 02:38 . 2010-07-02 14:25 1118208 ------w- c:\documents and settings\All Users\Application Data\Dell\RMC\Libxml2.dll
2010-09-01 02:38 . 2010-07-02 14:25 60416 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\ZLib1.dll
2010-09-01 02:37 . 2010-08-17 18:10 372736 ------w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 20:50 . 2007-11-19 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-21 00:55 . 2006-09-02 02:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-16 00:43 . 2008-01-30 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-08-17 13:17 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2005-08-16 09:18 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 01:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 00:13 . 2010-07-14 21:22 2811 ----a-w- c:\windows\Wsusihire.dat
2010-07-14 21:22 . 2010-07-14 21:22 0 ----a-w- c:\windows\Jfexujolije.bin
2010-06-30 12:31 . 2005-08-16 09:18 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-29 02:53 . 2006-09-13 01:30 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-29 02:25 . 2010-06-29 02:25 50354 -c--a-w- c:\documents and settings\Mizurak\Application Data\Facebook\uninstall.exe
2010-06-29 01:34 . 2010-04-21 01:56 439816 -c--a-w- c:\documents and settings\Mizurak\Application Data\Real\Update\setup3.10\setup.exe
2009-12-09 02:54 . 2008-02-05 22:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-01-29 16:52 . 2006-09-13 01:30 88 --sh--r- c:\windows\system32\A4CDBF4FD7.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 184376]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"HostManager"="c:\program files\Common Files\AOL\1158458345\ee\AOLSoftware.exe" [2007-10-08 41824]
"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"Dell QuickSet"="c:\progra~1\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-14 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-29 185896]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

c:\documents and settings\Mizurak\Start Menu\Programs\Startup\
GpsGate.lnk - c:\program files\Franson\GpsGate 2.0\GpsGateXP.exe [2008-9-12 540672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-22 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-1 24576]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-10-15 6287176]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1158458345\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1158458345\\ee\\aim6.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [4/3/2006 10:00 PM 14949]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/8/2009 10:05 PM 24652]
S2 gupdate1c985946d07dba9;Google Update Service (gupdate1c985946d07dba9);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2009 8:14 PM 133104]
S3 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\Franson\GpsGate 2.0\GpsGateService.exe [9/12/2008 1:58 AM 258048]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/1/2006 10:36 PM 30192]
.
Contents of the 'Scheduled Tasks' folder

2010-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42]

2010-09-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 00:46]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 00:14]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 00:14]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\
FF - component: c:\documents and settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Mizurak\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWXM32.DLL
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2388)
c:\progra~1\MICROS~2\OFFICE11\MCPS.DLL
c:\progra~1\Dell\QuickSet\dadkeyb.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2010-09-22 18:22:55
ComboFix-quarantined-files.txt 2010-09-22 22:22
ComboFix2.txt 2010-09-21 16:39
ComboFix3.txt 2010-09-20 15:53

Pre-Run: 85,861,998,592 bytes free
Post-Run: 85,909,901,312 bytes free

- - End Of File - - E2D4605AAD546EF28C5B20AF4A9C38B7

CMiz2184

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2009-03-18
Operating System : XP

View user profile

Back to top Go down

Re: Slow Computer, and freezing

Post by DragonMaster Jay on Fri 24 Sep 2010, 8:06 am

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    Code:
    killall::
    File::
    c:\windows\Wsusihire.dat
    c:\windows\Jfexujolije.bin
    reboot::
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow Computer, and freezing

Post by CMiz2184 on Sat 25 Sep 2010, 5:48 am

ComboFix 10-09-19.04 - Mizurak 09/24/2010 14:26:50.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.452 [GMT -4:00]
Running from: c:\documents and settings\Mizurak\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mizurak\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
.

2010-09-21 01:10 . 2010-09-21 01:10 -------- d-----w- c:\program files\Franson
2010-09-21 00:55 . 2009-11-19 18:33 51200 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2010-09-21 00:55 . 2005-08-03 20:05 35892 ----a-w- c:\windows\system32\SER9PL.sys
2010-09-09 01:16 . 2010-09-09 01:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-09 00:11 . 2010-09-16 00:33 452104 ----a-w- c:\documents and settings\Mizurak\Application Data\Real\Update\setup3.12\setup.exe
2010-09-01 02:38 . 2010-07-09 14:26 475136 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\RMCCreationInfo.exe
2010-09-01 02:38 . 2010-07-02 14:25 1118208 ------w- c:\documents and settings\All Users\Application Data\Dell\RMC\Libxml2.dll
2010-09-01 02:38 . 2010-07-02 14:25 60416 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\ZLib1.dll
2010-09-01 02:37 . 2010-08-17 18:10 372736 ------w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 18:20 . 2007-11-19 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-21 00:55 . 2006-09-02 02:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-16 00:43 . 2008-01-30 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-08-17 13:17 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2005-08-16 09:18 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 01:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 00:13 . 2010-07-14 21:22 2811 ----a-w- c:\windows\Wsusihire.dat
2010-07-14 21:22 . 2010-07-14 21:22 0 ----a-w- c:\windows\Jfexujolije.bin
2010-06-30 12:31 . 2005-08-16 09:18 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-29 02:53 . 2006-09-13 01:30 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-29 02:25 . 2010-06-29 02:25 50354 -c--a-w- c:\documents and settings\Mizurak\Application Data\Facebook\uninstall.exe
2010-06-29 01:34 . 2010-04-21 01:56 439816 -c--a-w- c:\documents and settings\Mizurak\Application Data\Real\Update\setup3.10\setup.exe
2009-12-09 02:54 . 2008-02-05 22:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-01-29 16:52 . 2006-09-13 01:30 88 --sh--r- c:\windows\system32\A4CDBF4FD7.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 184376]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"HostManager"="c:\program files\Common Files\AOL\1158458345\ee\AOLSoftware.exe" [2007-10-08 41824]
"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"Dell QuickSet"="c:\progra~1\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-14 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-29 185896]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-22 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-1 24576]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-10-15 6287176]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1158458345\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1158458345\\ee\\aim6.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [4/3/2006 10:00 PM 14949]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/8/2009 10:05 PM 24652]
S2 gupdate1c985946d07dba9;Google Update Service (gupdate1c985946d07dba9);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2009 8:14 PM 133104]
S3 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\Franson\GpsGate 2.0\GpsGateService.exe [9/12/2008 1:58 AM 258048]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/1/2006 10:36 PM 30192]
.
Contents of the 'Scheduled Tasks' folder

2010-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42]

2010-09-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 00:46]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 00:14]

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 00:14]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\
FF - component: c:\documents and settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Mizurak\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWXM32.DLL
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-24 14:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3936)
c:\program files\Common Files\AOL\ACS\WLHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\wanmpsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\TechSmith\Snagit 9\TSCHelp.exe
c:\program files\TechSmith\Snagit 9\SnagPriv.exe
c:\program files\TechSmith\Snagit 9\snagiteditor.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\windows\system32\wscript.exe
.
**************************************************************************
.
Completion time: 2010-09-24 14:45:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-24 18:45
ComboFix2.txt 2010-09-22 22:22
ComboFix3.txt 2010-09-21 16:39
ComboFix4.txt 2010-09-20 15:53

Pre-Run: 85,832,925,184 bytes free
Post-Run: 85,823,692,800 bytes free

- - End Of File - - 79BB2042DEA196668450FB9F36CD6715

CMiz2184

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2009-03-18
Operating System : XP

View user profile

Back to top Go down

Re: Slow Computer, and freezing

Post by DragonMaster Jay on Sat 25 Sep 2010, 1:20 pm

That did not work. :p

=====

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Download the CFScript from the attachment below. Save it to your Desktop.
  • Drag the downloaded CFScript.txt in to ComboFix


  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow Computer, and freezing

Post by CMiz2184 on Tue 28 Sep 2010, 11:56 am

ComboFix 10-09-27.03 - Mizurak 09/27/2010 20:39:09.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.495 [GMT -4:00]
Running from: c:\documents and settings\Mizurak\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mizurak\Desktop\CFScript.txt

FILE ::
"c:\windows\Jfexujolije.bin"
"c:\windows\Wsusihire.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Jfexujolije.bin
c:\windows\Wsusihire.dat

.
((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-28 )))))))))))))))))))))))))))))))
.

2010-09-21 01:10 . 2010-09-21 01:10 -------- d-----w- c:\program files\Franson
2010-09-21 00:55 . 2009-11-19 18:33 51200 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2010-09-21 00:55 . 2005-08-03 20:05 35892 ----a-w- c:\windows\system32\SER9PL.sys
2010-09-09 01:16 . 2010-09-09 01:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 00:08 . 2007-11-19 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-24 19:02 . 2006-09-02 02:36 -------- d-----w- c:\program files\Google
2010-09-21 00:55 . 2006-09-02 02:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-16 00:43 . 2008-01-30 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-09-16 00:33 . 2010-09-09 00:11 452104 ----a-w- c:\documents and settings\Mizurak\Application Data\Real\Update\setup3.12\setup.exe
2010-08-17 18:10 . 2010-09-01 02:37 372736 ------w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe
2010-08-17 13:17 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2005-08-16 09:18 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 01:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-09 14:26 . 2010-09-01 02:38 475136 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\RMCCreationInfo.exe
2010-07-02 14:25 . 2010-09-01 02:38 1118208 ------w- c:\documents and settings\All Users\Application Data\Dell\RMC\Libxml2.dll
2010-07-02 14:25 . 2010-09-01 02:38 60416 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\ZLib1.dll
2010-06-30 12:31 . 2005-08-16 09:18 149504 ----a-w- c:\windows\system32\schannel.dll
2009-12-09 02:54 . 2008-02-05 22:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-01-29 16:52 . 2006-09-13 01:30 88 --sh--r- c:\windows\system32\A4CDBF4FD7.sys
2010-06-29 02:53 . 2006-09-13 01:30 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 184376]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"HostManager"="c:\program files\Common Files\AOL\1158458345\ee\AOLSoftware.exe" [2007-10-08 41824]
"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"Dell QuickSet"="c:\progra~1\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-14 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-29 185896]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-22 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-1 24576]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-10-15 6287176]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1158458345\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1158458345\\ee\\aim6.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [4/3/2006 10:00 PM 14949]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/8/2009 10:05 PM 24652]
S2 gupdate1c985946d07dba9;Google Update Service (gupdate1c985946d07dba9);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2009 8:14 PM 133104]
S3 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\Franson\GpsGate 2.0\GpsGateService.exe [9/12/2008 1:58 AM 258048]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/1/2006 10:36 PM 30192]
.
Contents of the 'Scheduled Tasks' folder

2010-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42]

2010-09-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 00:46]

2010-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 00:14]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 00:14]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\
FF - component: c:\documents and settings\Mizurak\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Mizurak\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWXM32.DLL
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-27 20:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2988)
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Microsoft Money\System\urlmapps.dll
c:\progra~1\Dell\QuickSet\dadkeyb.dll
c:\windows\system32\hccutils.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\wanmpsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\TechSmith\Snagit 9\TSCHelp.exe
c:\program files\TechSmith\Snagit 9\SnagPriv.exe
c:\program files\TechSmith\Snagit 9\snagiteditor.exe
c:\program files\Microsoft Money\System\urlmap.exe
.
**************************************************************************
.
Completion time: 2010-09-27 20:55:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-28 00:55
ComboFix2.txt 2010-09-24 18:45
ComboFix3.txt 2010-09-22 22:22
ComboFix4.txt 2010-09-21 16:39
ComboFix5.txt 2010-09-28 00:34

Pre-Run: 85,649,575,936 bytes free
Post-Run: 85,734,084,608 bytes free

- - End Of File - - 87CC52773B298E055E85E851685DEE9E

CMiz2184

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2009-03-18
Operating System : XP

View user profile

Back to top Go down

Re: Slow Computer, and freezing

Post by DragonMaster Jay on Wed 29 Sep 2010, 12:15 pm

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow Computer, and freezing

Post by CMiz2184 on Thu 30 Sep 2010, 9:52 am

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f92dec85c9dcd649b006204a7fd6c178
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-29 10:34:20
# local_time=2010-09-29 06:34:20 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 47528683 47528683 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=123703
# found=13
# cleaned=13
# scan_time=4900
C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Mizurak\Local Settings\Application Data\elhkdijqi\fyxkivmtssd.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Mizurak\Local Settings\Application Data\{824C8F75-9BB0-4057-88DA-5AB78118761B}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent.NVQFFQI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\antispy.exe.vir a variant of Win32/TrojanDownloader.FakeAlert.BDE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\ezagupis.dll.vir a variant of Win32/Cimag.CK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\wcifx5.dll.vir Win32/Cimag.CN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\omci.sys.vir Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP401\A0208570.sys Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP401\A0208652.exe a variant of Win32/TrojanDownloader.FakeAlert.BDE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP401\A0208654.dll a variant of Win32/Cimag.CK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP401\A0208655.dll Win32/Cimag.CN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP411\A0214513.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP411\A0214514.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok

CMiz2184

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2009-03-18
Operating System : XP

View user profile

Back to top Go down

Re: Slow Computer, and freezing

Post by DragonMaster Jay on Fri 01 Oct 2010, 1:28 pm

Why does it keep coming back?

Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

  • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  • Once inside the interface, do not fix anything. Click on the Report tab.
  • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow Computer, and freezing

Post by CMiz2184 on Wed 06 Oct 2010, 2:08 pm

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>SSDT State
==============================================
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x86DC4830 [4] System
0x85DE1668 [140] C:\Program Files\Common Files\Teleca Shared\logger.exe (Popwire AB, PCC Logging Service server application)
0x86C414D0 [208] C:\Documents and Settings\Mizurak\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\TSe1peXvc5Gh.exe (UG North, RKULE, SR2 Normandy)
0x86ABF968 [348] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java(TM) Quick Starter Service)
0x85EE2C00 [456] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation, Machine Debug Manager)
0x85F2F520 [576] C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation, SQL Server Windows NT)
0x86ACBDA0 [612] C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc., Internal Network Card Power Management Service)
0x85F3E3C0 [656] C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation, Intel(R) PROSet/Wireless Registry Service)
0x86ACA340 [692] C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation, Intel 802.1x Server)
0x85B75558 [696] C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe (Teleca AB, HTCVBTServer Module)
0x86AF59B8 [824] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x86B464A0 [848] C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc., SupportSoft Agent Service)
0x86C60610 [876] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x86A9CBB8 [900] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x86BB8AB8 [944] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x86191518 [956] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x85FAF608 [1104] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85E73020 [1148] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85E83970 [1196] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85F40518 [1236] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85E5EDA0 [1264] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86B6ACD0 [1300] C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation, Intel(R) PROSet/Wireless Event Log)
0x85E61438 [1316] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd., System settings protector)
0x85F17510 [1428] C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation , Wireless Management Service)
0x85F4EDA0 [1448] C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation, WLANKEEPER)
0x85F2E7A8 [1520] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation, Media Center Tray Applet)
0x86AB38C0 [1528] C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation, ViewMgr)
0x86C52898 [1564] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85F85958 [1580] C:\WINDOWS\wanmpsvc.exe (America Online, Inc., Wan Miniport (ATW) Service)
0x85E147A0 [1596] C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software, Digital Line Detection)
0x85F10020 [1648] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85EF0878 [1700] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation, InstallShield Update Service Scheduler)
0x86B88020 [1720] C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation, MCRD Device Service)
0x86B329C0 [1832] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x86AC0608 [1932] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85F5AA70 [1964] C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (AOL LLC, AOL Connectivity Service)
0x86B2B348 [1976] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc., Apple Mobile Device Service)
0x85EF4970 [2000] C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation, Media Center Receiver Service)
0x85FD8020 [2028] C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation, Media Center Scheduler Service)
0x85F554F0 [2112] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation, hkcmd Module)
0x85EB8640 [2176] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions, Drive Letter Access Component)
0x85E71868 [2180] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp., CyberLink PowerCinema Resident Program)
0x85E77A30 [2220] C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe (Teleca, Client Initiated Syncrhonization Starter)
0x85F33778 [2228] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation, persistence Module)
0x85F83A28 [2268] C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc., Canon Camera Access Library 8)
0x86C4A768 [2292] C:\WINDOWS\stsystra.exe (SigmaTel, Inc., Sigmatel Audio system tray application)
0x85F1F870 [2324] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc., Synaptics TouchPad Enhancements)
0x85EF38F0 [2352] C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation, igfxsrvc Module)
0x86AD5878 [2396] C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation, WMI)
0x85E1D340 [2536] C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe (Teleca Sweden AB, CAPI_Worker Module)
0x85DEE5B8 [2544] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x85C9AB28 [2852] C:\WINDOWS\ehome\ehmsas.exe (Microsoft Corporation, Media Center Media Status Aggregator Service)
0x85F024F0 [2920] C:\WINDOWS\system32\dllhost.exe (Microsoft Corporation, COM Surrogate)
0x85BB8A20 [3060] C:\Program Files\Common Files\AOL\1158458345\ee\aolsoftware.exe (AOL LLC, AOL)
0x85E00A20 [3100] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB, Application Launcher)
0x85C8EA20 [3172] C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE (SEIKO EPSON CORPORATION, EPSON Status Monitor 3)
0x85C8EDA0 [3216] C:\PROGRA~1\Dell\QuickSet\quickset.exe (Dell Inc, QuickSet)
0x8619C770 [3224] C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe (TODO: , TODO: )
0x85C9D3E8 [3248] C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation, ZeroCfgSvc MFC Application)
0x85BF8DA0 [3264] C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation, Intel Framework MFC Application)
0x85E27768 [3284] C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation, SQL Server Service Manager)
0x85BBCAE8 [3344] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc., Java(TM) Platform SE binary)
0x85BB87A0 [3368] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc., RealNetworks Scheduler)
0x85E85A58 [3376] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x85F30340 [3444] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85BF82B0 [3488] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc., Dell Support Center Updates)
0x85E2A020 [3524] C:\Program Files\Common Files\Teleca Shared\Generic.exe (Teleca AB, Generic Device Management Executable.)
0x85F53DA0 [3584] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x85C81860 [3624] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation, Microsoft Money Express)
0x85CC86A0 [3652] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd., Dell Support)
0x85F7FBE0 [3752] C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0x85E1E020 [3928] C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe (Teleca Sweden AB, Capability Manager)
0x859435E0 [4712] C:\Program Files\Microsoft Money\System\urlmap.exe (Microsoft Corporation, Money URL Map)
0x85B5B4B8 [4992] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x85BE14F0 [5708] C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe (TechSmith Corporation, Snagit Editor)
0x85899AA0 [5852] C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc., Java(TM) Update Checker)
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF62BB000 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys 1712128 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0xF6499000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1368064 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xAA599000 C:\WINDOWS\system32\drivers\sthda.sys 1114112 bytes (SigmaTel, Inc., NDRC)
0xAA446000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 1036288 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xAA396000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 720896 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF7375000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAA17D000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6107000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAA288000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA8A7C000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF6237000 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 311296 bytes (REDC, RICOH XD SM Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA8B23000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xAA543000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 204800 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xF618D000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF6208000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xF74CE000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA8D1C000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7348000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA729B000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAA1ED000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF645D000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAA23A000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7478000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAA262000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAA575000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6297000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF61E5000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA218000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7440000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF749E000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF732E000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA9082000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xA9069000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7460000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA9151000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7402000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF61CE000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA909B000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7419000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xA83AF000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6283000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xF6485000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA2E1000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF742E000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF74BD000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF61BD000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA9169000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xF770D000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF767D000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF764D000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF782D000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF779D000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF771D000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA842C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF77CD000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF765D000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF763D000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76ED000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF772D000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF76DD000 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 53248 bytes (REDC, RICOH MS Driver)
0xF761D000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76CD000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 49152 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0xF774D000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF77FD000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF76FD000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF760D000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF773D000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xA9EDB000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF75FD000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF777D000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF776D000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF762D000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF76BD000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF775D000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF77DD000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA72E6000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xA9ECB000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xF781D000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF79ED000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF78D5000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF798D000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF787D000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7995000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 28672 bytes (REDC, RICOH MMC Driver)
0xF79E5000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF79A5000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF799D000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF789D000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF7985000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF78C5000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF79C5000 C:\WINDOWS\system32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
0xA91AA000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF78CD000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF79CD000 C:\WINDOWS\system32\DRIVERS\omci.sys 20480 bytes (Dell Inc, OMCI Device Driver)
0xF7885000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF79B5000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF788D000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF79BD000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF79AD000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF796D000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF617D000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver)
0xA8664000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF7A15000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF6185000 C:\WINDOWS\System32\drivers\bizVSerialNT.sys 16384 bytes (franson.biz, franson.biz virtual serial port driver.)
0xF730A000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF7AAD000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA8F85000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xA90BD000 C:\WINDOWS\system32\DRIVERS\packet.sys 16384 bytes (SingleClick Systems, SCS NDIS 5.0 Auto IP Protocol Driver)
0xA90B9000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 16384 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xA9115000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7A0D000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7A11000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAA2FC000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7AD9000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xA8AFF000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF72F6000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7ADD000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7AF9000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF7AF1000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7B57000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B15000 C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 8192 bytes (Gteko Ltd., Process Trigger Driver)
0xF7B61000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0xF7B8B000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B55000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7AFD000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B59000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B5B000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B01000 speedfan.sys 8192 bytes
0xF7B31000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF7B33000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7BBD000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7B2F000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7AFF000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7D45000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C4F000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7BC6000 giveio.sys 4096 bytes
0xF7CD5000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BC5000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7C6E000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7C6D000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
==============================================
>Stealth
==============================================
0x03C00000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0x85BF82B0 ] PID: 3488, 28672 bytes
0x02F70000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0x85BF82B0 ] PID: 3488, 45056 bytes
0x02DF0000 Hidden Image-->sprtmessage.dll [ EPROCESS 0x85BF82B0 ] PID: 3488, 77824 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\063195E6d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\0CC6E0E4d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\10477976d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\1661A8FCd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\1A49D19Bd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\1AB4EB45d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\1D5FCF3Bd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\1E76C821d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\22298969d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\227ED66Ed01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\23DAB7FAd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\2422B4A4d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\26925F1Ad01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\26CDE180d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\28F0BCA5d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\2D59B7CAd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\2D753A02d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\2F5FBBFAd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\2FFB6F60d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\327EB85Ad01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\32A77CB1d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\32C3F1F6d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\35B2DDEDd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\3901299Fd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\3AD61AB6d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\3E55BD45d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\3F3EB8AAd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\3F64BC8Ad01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\400D6DDEd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\414D9B61d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\470AA2F8d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\47288B83d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\49B70FCFd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\4BF95FC8d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\4E52F6AAd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\4EE2F068d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\5046AF09d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\505AA670d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\571559C9d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\577E1AF2d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\58486E7Ed01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\5A72393Dd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\5B632CFBd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\5BD361B7d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\5BEBE896d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\5C6C4AA6d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\66D1810Dd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\69356C15d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\6C341C77d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\6C7F0DD3d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\6D728718d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\6DCE6B84d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\7015796Ed01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\706B126Fd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\715ADE04d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\72757E83d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\7525EEB0d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\76A01A4Fd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\7774182Dd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\77E8AA9Fd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\7A753BF5d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\7BD09E50d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\7E429BAEd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\7E455717d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\817069D1d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\83AC68CCd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\84A85869d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\8512B6BEd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\876D3064d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\8A468268d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\8B315521d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\8BD25B13d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\8C4672FDd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\8D451AEBd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\8E09CF8Bd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\8F2CB8CAd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\90148D76d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\9133A7D4d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\921BBBDAd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\9416EEA9d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\95F07FF4d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\9663860Cd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\97ADFEA9d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\981279C9d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\986CB9AAd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\9B6FBCAAd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\9C5FBC4Ad01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\9E11EE52d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\9F08B95Ad01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\A007D3EDd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\A1440DA3d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\A3A5CBACd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\A415CFF9d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\A6AF3EFDd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\A6B79E8Dd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\A7F0F5D3d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\A8453167d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\A901D90Ed01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\A90248DBd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\A979BB4Ad01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\AA0ABB5Ad01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\AD2423FEd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\AD35CE9Dd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\B143A16Bd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\B1D58597d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\B44C358Fd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\B51DCB34d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\B8541659d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\BDD0787Fd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\BDEF05AAd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\BE56C27Ad01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\BF410BB8d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\C418AC41d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\C64FE508d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\C6D7E368d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\C8466C67d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\C8EE0C16d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\C93884FEd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\C9E46B7Ad01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\CD0375EFd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\CD320B9Cd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\CD400ED0d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\D0451E9Fd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\D3DEB6AAd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\D5764C00d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\D6465EA3d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\D81039AAd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\D8431EAFd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\D9A99B9Bd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\DAF0EFE0d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\DB2C3DE9d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\DC347E0Bd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\DC7DB6BAd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\DD39DDDDd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\DE3569EEd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\E072CFB1d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\E0A53ADBd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\E14373AFd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\E2A4898Fd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\E2CBB69Ad01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\E30CBAAAd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\E33258EEd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\E7495BD7d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\EA07CAEBd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\EC724160d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\EE2590AFd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\EF109C25d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\EFC250E5d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\EFF796B0d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\F21FB9DAd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\F31D7133d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\F67719D0d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\F7025A48d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\F797D700d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\F7D274C6d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\F8120CC4d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\F87DB8EAd01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\F917042Ad01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\F9330017d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\FB6A0830d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\FD6426C8d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\FDA9F251d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\FE7BABC2d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\FEE71310d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\FEF3F939d01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\FF3DB89Ad01
!-->[Hidden] C:\Documents and Settings\Mizurak\Local Settings\Application Data\Mozilla\Firefox\Profiles\64fww6ll.default\Cache\FF5FBA4Ad01
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]
[1964]AOLacsd.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [tbdiag.dll]
[1964]AOLacsd.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [tbdiag.dll]
[1964]AOLacsd.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [tbdiag.dll]
[1964]AOLacsd.exe-->advapi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77DD115C-->00000000 [tbdiag.dll]
[1964]AOLacsd.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [tbdiag.dll]
[1964]AOLacsd.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [tbdiag.dll]
[1964]AOLacsd.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [tbdiag.dll]
[1964]AOLacsd.exe-->gdi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77F1102C-->00000000 [tbdiag.dll]
[1964]AOLacsd.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [tbdiag.dll]
[1964]AOLacsd.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [tbdiag.dll]
[1964]AOLacsd.exe-->mswsock.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x71A510BC-->00000000 [tbdiag.dll]
[1964]AOLacsd.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [tbdiag.dll]
[1964]AOLacsd.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [tbdiag.dll]
[1964]AOLacsd.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [tbdiag.dll]
[1964]AOLacsd.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [tbdiag.dll]
[1964]AOLacsd.exe-->shell32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x7C9C13DC-->00000000 [tbdiag.dll]
[1964]AOLacsd.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [tbdiag.dll]
[1964]AOLacsd.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [tbdiag.dll]
[1964]AOLacsd.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [tbdiag.dll]
[1964]AOLacsd.exe-->user32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x7E411304-->00000000 [tbdiag.dll]
[1964]AOLacsd.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [tbdiag.dll]
[1964]AOLacsd.exe-->ws2_32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x71AB10DC-->00000000 [tbdiag.dll]
[3060]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [tbdiag.dll]
[3060]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [tbdiag.dll]
[3060]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [tbdiag.dll]
[3060]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77DD115C-->00000000 [tbdiag.dll]
[3060]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [tbdiag.dll]
[3060]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [tbdiag.dll]
[3060]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [tbdiag.dll]
[3060]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77F1102C-->00000000 [tbdiag.dll]
[3060]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [tbdiag.dll]
[3060]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [tbdiag.dll]
[3060]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [tbdiag.dll]
[3060]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [tbdiag.dll]
[3060]aolsoftware.exe-->shell32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x7C9C13DC-->00000000 [tbdiag.dll]
[3060]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [tbdiag.dll]
[3060]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [tbdiag.dll]
[3060]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [tbdiag.dll]
[3060]aolsoftware.exe-->user32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x7E411304-->00000000 [tbdiag.dll]
[3584]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3584]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3584]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[3584]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3584]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3584]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x771B1248-->00000000 [shimeng.dll]
[3584]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[3624]Money Express.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3624]Money Express.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3624]Money Express.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3624]Money Express.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3624]Money Express.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

CMiz2184

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2009-03-18
Operating System : XP

View user profile

Back to top Go down

Re: Slow Computer, and freezing

Post by DragonMaster Jay on Wed 06 Oct 2010, 7:32 pm

Please download Malwarebytes Anti-Malware from Download.CNET.com.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow Computer, and freezing

Post by CMiz2184 on Thu 07 Oct 2010, 8:50 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/6/2010 5:49:07 PM
mbam-log-2010-10-06 (17-49-07).txt

Scan type: Quick scan
Objects scanned: 132704
Time elapsed: 8 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

CMiz2184

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2009-03-18
Operating System : XP

View user profile

Back to top Go down

Re: Slow Computer, and freezing

Post by DragonMaster Jay on Thu 07 Oct 2010, 4:39 pm

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow Computer, and freezing

Post by CMiz2184 on Fri 08 Oct 2010, 8:03 am

C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Mizurak\Local Settings\Application Data\elhkdijqi\fyxkivmtssd.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Mizurak\Local Settings\Application Data\{824C8F75-9BB0-4057-88DA-5AB78118761B}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent.NVQFFQI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\antispy.exe.vir a variant of Win32/TrojanDownloader.FakeAlert.BDE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\ezagupis.dll.vir a variant of Win32/Cimag.CK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\wcifx5.dll.vir Win32/Cimag.CN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\omci.sys.vir Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP401\A0208570.sys Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP401\A0208652.exe a variant of Win32/TrojanDownloader.FakeAlert.BDE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP401\A0208654.dll a variant of Win32/Cimag.CK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP401\A0208655.dll Win32/Cimag.CN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP411\A0214513.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP411\A0214514.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f92dec85c9dcd649b006204a7fd6c178
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-07 09:00:27
# local_time=2010-10-07 05:00:27 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 48215337 48215337 0 0
# compatibility_mode=8192 67108863 100 0 600751 600751 0 0
# scanned=124071
# found=0
# cleaned=0
# scan_time=3812

CMiz2184

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2009-03-18
Operating System : XP

View user profile

Back to top Go down

Re: Slow Computer, and freezing

Post by Sponsored content Today at 2:34 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum