Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something is up Running Slow CPU hanging @ 100% for a longtime


  • This topic is locked This topic is locked
35 replies to this topic

#1 HDRider420

HDRider420

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:03:53 PM

Posted 25 February 2010 - 11:52 AM

Thanks to Myrti my daily beater is clean and running great but now this one my backup/server is acting up !!

I removed a trogan about a week ago and it been running slower & slower the cpu is hitting 100% and hanging there forever and bouncing back up there when nothing is being accessed by me.

Randomly I see a window popup in the task bar for something opening with a name like {8694724948494 something
in only appears for a flash never long enough to read the name or to click on the box to bring it up
No scans have been able to find any problems hopefully whoever helps me will spot somethng in these log files.

Windows XP Professional Service Pack 3 (build 2600)
Spyware Doctor with AntiVirus Version 7.0.0.92 ... Virus Definitions Version Up To Date



DDS (Ver_09-12-01.01) - NTFSx86
Run by Jay at 12:58:12.67 on Wed 02/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2015.1101 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\System32\svchost.exe -k LocalService

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/
uWindow Title = Windows Internet Explorer provided by Comcast
mWindow Title = Windows Internet Explorer provided by Comcast
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\jay\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Aim6]
uRun: [MtdAcqu] "c:\program files\creative\mediasource5\MtdAcqu.exe" /s
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709}
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166973865578
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167843984347
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
TCP: {8CEA5F60-80ED-4A6A-9AD6-820C47A22C18} = 68.87.73.242,68.87.71.226
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jay\applic~1\mozilla\firefox\profiles\t3kvi1y8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - component: c:\documents and settings\jay\application data\mozilla\firefox\profiles\t3kvi1y8.default\extensions\{d02b1e87-a8c6-433f-9b5c-2cec4a072736}\components\susfox3.dll
FF - plugin: c:\documents and settings\jay\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R? a2free;a-squared Free Service
R? Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service
R? CT20XUT;CT20XUT
R? CTEXFIFX;CTEXFIFX
R? CTHWIUT;CTHWIUT
R? gupdate;Google Update Service (gupdate)
R? IdcPHid;IdeaCom HID Touch Screen Driver (PS/2)
R? PAC207;Basic Webcam
R? SASENUM;SASENUM
R? Vsp;Vsp
R? ZD1211U(WirelessLAN);Wireless IEEE 802.11g Wireless LAN Driver (USB)(WirelessLAN)
S? Creative Audio Pack Licensing Service;Creative Audio Pack Licensing Service
S? CT20XUT.SYS;CT20XUT.SYS
S? CTEXFIFX.SYS;CTEXFIFX.SYS
S? CTHWIUT.SYS;CTHWIUT.SYS
S? PCTCore;PCTools KDS
S? pctgntdi;pctgntdi
S? pctplsg;pctplsg
S? sdAuxService;PC Tools Auxiliary Service
S? sdCoreService;PC Tools Security Service
S? SI3112r;Silicon Image SiI 3512 SATARaid Controller
S? TfFsMon;TfFsMon
S? TfNetMon;TfNetMon
S? TfSysMon;TfSysMon
S? ThreatFire;ThreatFire

=============== Created Last 30 ================

2010-02-24 02:23:30 0 d-----w- c:\program files\common files\xing shared
2010-02-23 22:48:40 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-02-23 22:29:39 0 d-----w- c:\program files\FileHippo.com
2010-02-19 23:24:20 104768 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-02-11 19:40:20 0 d-----w- c:\program files\ESET

==================== Find3M ====================

2010-02-24 02:22:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-02-24 02:22:13 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-15 11:54:40 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 17:46:49 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-04 17:46:43 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-01-01 17:20:34 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 22:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2003-03-31 12:00:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
2008-08-23 20:18:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat

============= FINISH: 13:27:40.50 ===============

~~~~~~~~~~~~~~~~~~~

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-25 02:27:33
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Jay\LOCALS~1\Temp\uxtdypob.sys


---- System - GMER 1.0.15 ----

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xF7424A1C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7869CDE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7869ED0]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xF7424C10]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xF7424CB6]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF742490C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7889D60]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xF7424E52]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xF7426B30]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

THANKS for your help


Attached Files



BC AdBot (Login to Remove)

 


#2 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 27 February 2010 - 09:09 PM

Hello HDRider420,

Not seeing any infection in these views. Let's check a bit more and see what we can locate.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download Gmer's mbr.exe from here and place it on your C drive (so the file is then C:\mbr.exe).

Go to Start - Run, type cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after each:

cd\
mbr.exe -t


Then type exit and press Enter to close the command window.

The report created in the command window will have been saved to C:\mbr.log. Locate that and post it here please.

--------------

Open Gmer again. This time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Edited by Jintan, 27 February 2010 - 09:10 PM.

Ad eundum quo no duck ante iit

#3 HDRider420

HDRider420
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:03:53 PM

Posted 27 February 2010 - 10:54 PM

Thanks Jintan


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-27 23:04:15
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Jay\LOCALS~1\Temp\uxtdypob.sys


---- Modules - GMER 1.0.15 ----

Module viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F798B000-F798D000 (8192 bytes)
Module videX32.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) F7717000-F771F000 (32768 bytes)
Module SI3112r.sys (Serial ATA RAID miniport driver/Silicon Image, Inc) F747A000-F749A000 (131072 bytes)
Module PCTCore.sys (PC Tools KDS Core Driver/PC Tools) F7860000-F7897000 (225280 bytes)
Module SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc) F789B000-F789F000 (16384 bytes)
Module TfSysMon.sys (ThreatFire System Monitor/PC Tools) F741F000-F7430000 (69632 bytes)
Module TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools) F740E000-F741F000 (69632 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F771F000-F7724000 (20480 bytes)
Module viaagp1.sys (VIA NT AGP Filter/VIA Technologies, Inc.) F7727000-F772E000 (28672 bytes)
Module \SystemRoot\system32\DRIVERS\s3gnbm.sys (S3 ProSavage(DDR) & Twister Miniport Driver/S3 Graphics, Inc.) BAEE7000-BAF10000 (167936 bytes)
Module \SystemRoot\system32\drivers\ctaud2k.sys (Creative WDM Audio Device Driver/Creative Technology Ltd) BAE54000-BAED3000 (520192 bytes)
Module \SystemRoot\system32\drivers\ctoss2k.sys (Creative OS Services Driver (WDM)/Creative Technology Ltd.) BADD8000-BAE0D000 (217088 bytes)
Module \SystemRoot\system32\drivers\ctprxy2k.sys (Creative Proxy Device Driver (WDM)/Creative Technology Ltd) F7767000-F776F000 (32768 bytes)
Module \SystemRoot\System32\Drivers\AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.) BACFC000-BAD14000 (98304 bytes)
Module \SystemRoot\System32\Drivers\ElbyCDFL.sys (ElbyCDIO Filter Driver/SlySoft, Inc.) F776F000-F7776000 (28672 bytes)
Module \SystemRoot\System32\Drivers\UBHelper.SYS F7937000-F793B000 (16384 bytes)
Module \SystemRoot\system32\DRIVERS\NTIDrvr.sys (NTI CD-ROM Filter Driver/NewTech Infosystems, Inc.) F799B000-F799D000 (8192 bytes)
Module \SystemRoot\system32\drivers\vinyl97.sys (Vinyl AC'97 Codec Combo WDM Driver/VIA Technologies, Inc.) BACA6000-BACD8000 (204800 bytes)
Module \SystemRoot\system32\DRIVERS\fetnd5bv.sys (NDIS 5.0 miniport driver/VIA Technologies, Inc. ) F76C7000-F76D2000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\L8042mou.Sys (Logitech PS/2 Mouse Filter Driver./Logitech, Inc.) F76F7000-F7705000 (57344 bytes)
Module \SystemRoot\system32\DRIVERS\LMouKE.Sys (Logitech Filter Driver for Mouse Class./Logitech, Inc.) BAC58000-BAC6A000 (73728 bytes)
Module \SystemRoot\system32\DRIVERS\L8042Kbd.sys (Logitech PS2 Keyboard Filter Driver./Logitech, Inc.) BAFF8000-BAFFC000 (16384 bytes)
Module \SystemRoot\system32\DRIVERS\vncmirror.sys (VNC Mirror Miniport/RealVNC Ltd.) F77CF000-F77D6000 (28672 bytes)
Module \SystemRoot\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F77FF000-F7804000 (20480 bytes)
Module \SystemRoot\system32\drivers\ha20x2k.sys (Creative 20X HAL (WDM)/Creative Technology Ltd) B4717000-B483A000 (1191936 bytes)
Module \SystemRoot\system32\drivers\emupia2k.sys (E-mu Plug-in Architecture Driver (WDM)/Creative Technology Ltd) B46E7000-B4717000 (196608 bytes)
Module \SystemRoot\system32\drivers\ctsfm2k.sys (SoundFont® Manager (WDM)/Creative Technology Ltd) B46BE000-B46E7000 (167936 bytes)
Module \SystemRoot\system32\drivers\ctac32k.sys (Creative AC3 SW Decoder Device Driver (WDM)/Creative Technology Ltd) B4622000-B46BE000 (638976 bytes)
Module \SystemRoot\System32\drivers\CTHWIUT.SYS (Creative Utility Effects/Creative Technology Ltd.) B460D000-B4622000 (86016 bytes)
Module \SystemRoot\System32\drivers\CT20XUT.SYS (Creative 20X Utility Effects/Creative Technology Ltd.) B45E1000-B460D000 (180224 bytes)
Module \SystemRoot\System32\drivers\CTEXFIFX.SYS (Creative XFi Effects/Creative Technology Ltd.) B449A000-B45E1000 (1339392 bytes)
Module \??\C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools) B43AF000-B43E6000 (225280 bytes)
Module \SystemRoot\System32\Drivers\ElbyCDIO.sys (ElbyCD Windows NT/2000/XP I/O driver/Elaborate Bytes AG) F77D7000-F77DC000 (20480 bytes)
Module \SystemRoot\System32\Drivers\BANTExt.sys F7AC0000-F7AC1000 (4096 bytes)
Module \SystemRoot\System32\s3gnb.dll (S3 ProSavage(DDR) & Twister Display Driver/S3 Graphics, Inc.) BF9D6000-BFA37000 (397312 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes)
Module \??\C:\DOCUME~1\Jay\LOCALS~1\Temp\mbr.sys B43A7000-B43AD000 (24576 bytes)
Module \??\C:\DOCUME~1\Jay\LOCALS~1\Temp\uxtdypob.sys (GMER) AE585000-AE59C000 (94208 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 136
Library c:\windows\system32\hpzipm12.dll (PmlDrv Module/Hewlett-Packard) 0x00670000
Library C:\WINDOWS\System32\HPZisn12.dll (SNMP Network Interface (Windows)/Hewlett-Packard) 0x00690000
Library C:\WINDOWS\System32\HPZipt12.dll (SNMP Network Interface (Windows)/Hewlett-Packard) 0x006B0000
Library C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Layered Service Provider/PC Tools Research Pty Ltd.) 0x10000000

Process C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe (Retrospect Express HD/EMC Dantz) 192
Library C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe (Retrospect Express HD/EMC Dantz) 0x00400000
Library C:\PROGRA~1\RETROS~1\RETROS~1.1\bdrockui.dll (Retrospect Express HD/EMC Dantz) 0x62000000
Library C:\PROGRA~1\RETROS~1\RETROS~1.1\bdrock20.dll (Retrospect Express HD/EMC Dantz) 0x60000000

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 460
Library C:\WINDOWS\system32\hpwwiax2.dll (Hewlett-Packard WIA minidriver./Hewlett-Packard) 0x10000000

Process C:\Program Files\RealVNC\VNC4\WinVNC4.exe (VNC Server Personal Edition for Win32/RealVNC Ltd.) 612
Library C:\Program Files\RealVNC\VNC4\WinVNC4.exe (VNC Server Personal Edition for Win32/RealVNC Ltd.) 0x00400000
Library C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Layered Service Provider/PC Tools Research Pty Ltd.) 0x10000000

Process C:\WINDOWS\system32\winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 668
Library C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware WinLogon Processor/SUPERAntiSpyware.com) 0x10000000
Library c:\program files\common files\logitech\bluetooth\LBTWlgn.dll (Logitech Bluetooth Service/Logitech, Inc.) 0x01F00000
Library c:\program files\common files\logitech\bluetooth\LBTServ.dll (Logitech Bluetooth API/Logitech, Inc.) 0x01220000

Process C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (HP CUE Alert Popup Window Objects/Hewlett-Packard Co.) 728
Library C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (HP CUE Alert Popup Window Objects/Hewlett-Packard Co.) 0x00400000
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x10000000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000

Process C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 732
Library C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Layered Service Provider/PC Tools Research Pty Ltd.) 0x10000000

Process C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (WinPatrol System Monitor/BillP Studios) 920
Library C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (WinPatrol System Monitor/BillP Studios) 0x00400000
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x10000000
Library C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll 0x60900000
Library C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (ShellExecuteHook/SuperAdBlocker.com) 0x00C80000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 984
Library C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Layered Service Provider/PC Tools Research Pty Ltd.) 0x10000000

Process C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech KHAL Main Process/Logitech, Inc.) 1036
Library C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech KHAL Main Process/Logitech, Inc.) 0x00400000
Library C:\Program Files\Common Files\Logishrd\KHAL2\KHALAPI.DLL (Logitech KHAL Client Interface/Logitech, Inc.) 0x10000000
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x00F80000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000
Library C:\Program Files\Common Files\Logitech\bluetooth\LBTServ.dll (Logitech Bluetooth API/Logitech, Inc.) 0x01040000
Library C:\Program Files\Common Files\Logishrd\KHAL2\KHALITCH.DLL (Logitech KHAL Keyboard Interface/Logitech, Inc.) 0x01090000
Library C:\Program Files\Common Files\Logishrd\KHAL2\KHALMW.DLL (Logitech KHAL Mouse Interface/Logitech, Inc.) 0x010F0000
Library C:\Program Files\Common Files\Logishrd\KHAL2\KHALHPP.DLL (Logitech KHAL HID++ Interface/Logitech, Inc.) 0x01150000
Library C:\Program Files\Common Files\Logishrd\KHAL2\KHALMOU.DLL (Logitech KHAL Mouse Filter Interface/Logitech, Inc.) 0x01250000
Library C:\Program Files\Common Files\Logishrd\KHAL2\KHALHID.DLL (Logitech KHAL HID Filter Interface/Logitech, Inc.) 0x012B0000
Library C:\Program Files\Common Files\Logishrd\KHAL2\KHALUSB.DLL (Logitech KHAL USB Filter Interface/Logitech, Inc.) 0x01310000

Process C:\PROGRAM FILES\LOGITECH\SETPOINT\SETPOINT.EXE (Logitech SetPoint Event Manager (UNICODE)/Logitech, Inc.) 1052
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\SETPOINT.EXE (Logitech SetPoint Event Manager (UNICODE)/Logitech, Inc.) 0x00400000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000
Library C:\WINDOWS\system32\KemXML.dll (Logitech XML Support (UNICODE)/Logitech, Inc.) 0x10900000
Library C:\WINDOWS\system32\kemutb.dll (Logitech Ultimate Toolbox (UNICODE)/Logitech, Inc.) 0x10800000
Library C:\WINDOWS\system32\KemUtil.dll (Logitech Utility (UNICODE)/Logitech, Inc.) 0x10700000
Library C:\WINDOWS\system32\KemWnd.dll (Logitech Windows Utilities Support (UNICODE)/Logitech, Inc.) 0x10B00000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\SetPointCOM.dll (Logitech Utility (UNICODE)/Logitech, Inc.) 0x12A00000
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x10000000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\Macros\MacroCore.dll (Logitech SetPoint User Interface (UNICODE)/Logitech, Inc.) 0x10600000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\IMHook.dll (Logitech Instant Messenger Hook (UNICODE)/Logitech, Inc.) 0x12300000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\WebBrowserSupport.dll (Logitech Web Browser Support (UNICODE)/Logitech, Inc.) 0x1F900000
Library C:\Program Files\Common Files\Logishrd\KHAL2\KhalApi.dll (Logitech KHAL Client Interface/Logitech, Inc.) 0x00FA0000
Library C:\Program Files\Common Files\Logitech\bluetooth\LBTServ.dll (Logitech Bluetooth API/Logitech, Inc.) 0x01250000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\kgame.dll (Logitech Gaming Support (UNICODE)/Logitech, Inc.) 0x10E00000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\GameHook.dll (Logitech Gaming Hook (UNICODE)/Logitech, Inc.) 0x10D00000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1104
Library C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Layered Service Provider/PC Tools Research Pty Ltd.) 0x10000000

Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (Internet Explorer/Microsoft Corporation) 1152
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x10000000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02240000
Library C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL (Draw Pen Tip/Microsoft Corporation) 0x02B20000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1160
Library C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Layered Service Provider/PC Tools Research Pty Ltd.) 0x10000000

Process C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks Scheduler/RealNetworks, Inc.) 1316
Library C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks Scheduler/RealNetworks, Inc.) 0x00400000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1336
Library C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Layered Service Provider/PC Tools Research Pty Ltd.) 0x10000000

Process C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP) 1404
Library C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP) 0x00400000
Library C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZR3204.DLL (Driver UI dll/HP) 0x10000000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x00AC0000

Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1428
Library C:\WINDOWS\system32\mdimon.dll (Microsoft® Document Imaging/Microsoft Corporation) 0x00980000
Library C:\WINDOWS\system32\hpz3l58a.dll (LanguageMonitor/Hewlett-Packard Company) 0x00CC0000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp58a.dll (Hewlett-Packard Corporation) 0x00DB0000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll (Microsoft® Document Imaging/Microsoft Corporation) 0x00E10000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x3F420000

Process C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Audio Service/Creative Technology Ltd) 1480
Library C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Audio Service/Creative Technology Ltd) 0x00400000

Process C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe 1580
Library C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe 0x00400000
Library C:\Program Files\Adobe\Photoshop Elements 4.0\platform.dll (Adobe Platform/Adobe Systems, Inc.) 0x10000000

Process C:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe (System Level Service Utility/Creative Labs) 1608
Library C:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe (System Level Service Utility/Creative Labs) 0x00400000

Process C:\WINDOWS\system32\CTsvcCDA.exe (Creative Service for CDROM Access/Creative Technology Ltd) 1640
Library C:\WINDOWS\system32\CTsvcCDA.exe (Creative Service for CDROM Access/Creative Technology Ltd) 0x00400000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1748
Library c:\program files\hp\digital imaging\bin\hpqddsvc.dll (HP CUE DeviceDiscovery Service/Hewlett-Packard Co.) 0x10000000
Library c:\program files\hp\digital imaging\bin\hpqddcmn.dll (HP CUE DeviceDiscovery Common Library/Hewlett-Packard Co.) 0x3AF00000
Library c:\program files\hp\digital imaging\bin\hpqcxs08.dll (HP CUE Context Manager Objects/Hewlett-Packard Co.) 0x14A00000
Library C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll (HP CUE/AiO Context Information Objects/Hewlett-Packard Co.) 0x14200000
Library C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll (HP OfficeJet COM Common Objects/Hewlett-Packard Co.) 0x144C0000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1764
Library c:\program files\hp\digital imaging\bin\hpslpsvc32.dll (HP Network Devices Support/Hewlett-Packard Co.) 0x10000000
Library C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Layered Service Provider/PC Tools Research Pty Ltd.) 0x017E0000

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1812
Library C:\WINDOWS\System32\strmfilt.dll (Stream Filter Library/Microsoft Corporation) 0x6F290000

Process C:\WINDOWS\system32\CTHELPER.EXE (CtHelper Application/Creative Technology Ltd) 1828
Library C:\WINDOWS\system32\CTHELPER.EXE (CtHelper Application/Creative Technology Ltd) 0x01000000
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x10000000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000

Process C:\Program Files\Java\jre6\bin\jqs.exe (Java™ Quick Starter Service/Sun Microsystems, Inc.) 1852
Library C:\Program Files\Java\jre6\bin\jqs.exe (Java™ Quick Starter Service/Sun Microsystems, Inc.) 0x00400000
Library C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Layered Service Provider/PC Tools Research Pty Ltd.) 0x10000000

Process C:\WINDOWS\system32\ctfmon.exe (CTF Loader/Microsoft Corporation) 2008
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 2024
Library c:\windows\system32\hpzinw12.dll (Dot4Net Module/Hewlett-Packard) 0x00670000
Library C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Layered Service Provider/PC Tools Research Pty Ltd.) 0x10000000

Process C:\WINDOWS\SYSTEM32\HPHMON03.EXE (HPHa3mon/Hewlett-Packard) 2044
Library C:\WINDOWS\SYSTEM32\HPHMON03.EXE (HPHa3mon/Hewlett-Packard) 0x00400000
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x10000000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000

Process C:\Program Files\Windows Media Player\WMPNetwk.exe (Windows Media Player Network Sharing Service/Microsoft Corporation) 2052
Library C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Layered Service Provider/PC Tools Research Pty Ltd.) 0x10000000

Process C:\PROGRAM FILES\CREATIVE\MEDIASOURCE5\MtdAcqu.exe (Metadata monitor/Creative Technology Ltd) 2076
Library C:\PROGRAM FILES\CREATIVE\MEDIASOURCE5\MtdAcqu.exe (Metadata monitor/Creative Technology Ltd) 0x00400000
Library C:\PROGRAM FILES\CREATIVE\MEDIASOURCE5\CTIntrfu.dll (CTIntrfc/Creative Technology Ltd) 0x10000000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\WINDOWS\System32\msjetoledb40.dll 0x1B570000
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x066D0000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000

Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (Internet Explorer/Microsoft Corporation) 2200
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x10000000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Toolbar/Google Inc.) 0x01D90000
Library C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_78F32466E61F1EEC.dll (Google Toolbar/Google Inc.) 0x01FF0000
Library C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Toolbar for Internet Explorer/Google Inc.) 0x02610000
Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe PDF Helper for Internet Explorer/Adobe Systems Incorporated) 0x039D0000
Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe PDF Helper for Internet Explorer/Adobe Systems Incorporated) 0x03AA0000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x633D0000
Library C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (GoogleToolbarNotifier/Google Inc.) 0x03E80000
Library C:\Program Files\Java\jre6\bin\jp2ssv.dll (Java™ Platform SE binary/Sun Microsystems, Inc.) 0x6D440000
Library C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Java™ Quick Starter binary/Sun Microsystems, Inc.) 0x6DAF0000
Library C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Layered Service Provider/PC Tools Research Pty Ltd.) 0x03B40000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000
Library C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Update\1.2.183.17\goopdate.dll (Google Update/Google Inc.) 0x18000000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x04060000
Library C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL (Draw Pen Tip/Microsoft Corporation) 0x05A30000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000

Process C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE (Hewlett-Packard Product Assistant/Hewlett-Packard Co.) 2332
Library C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE (Hewlett-Packard Product Assistant/Hewlett-Packard Co.) 0x00400000
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x10000000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000

Process C:\PROGRAM FILES\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE (Java™ Update Scheduler/Sun Microsystems, Inc.) 2388
Library C:\PROGRAM FILES\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE (Java™ Update Scheduler/Sun Microsystems, Inc.) 0x00400000
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x10000000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000

Process C:\Documents and Settings\Jay\Application Data\mjusbsp\magicJack.exe (magicJack USB Softphone/magicJack L.P.) 2400
Library C:\Documents and Settings\Jay\Application Data\mjusbsp\magicJack.exe (magicJack USB Softphone/magicJack L.P.) 0x00400000
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x10000000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000
Library C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Layered Service Provider/PC Tools Research Pty Ltd.) 0x027E0000
Library C:\Documents and Settings\Jay\Application Data\mjusbsp\SJHandsetMagicJack.dll (SJHandsetMagicJack DLL/SJ Labs) 0x02720000
Library C:\Documents and Settings\Jay\Application Data\mjusbsp\TjIpSys.dll (TjIpSys DLL/TigerJet Network Inc.) 0x02B20000
Library C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL (Draw Pen Tip/Microsoft Corporation) 0x05C30000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000

Process C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNSCFG.EXE (Windows Media Player Network Sharing Service Configuration Application/Microsoft Corporation) 2504
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x10000000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000

Process C:\WINDOWS\SYSTEM32\CTXFISPI.EXE (SPI (Creative X-Fi Module)/Creative Technology Ltd) 2560
Library C:\WINDOWS\SYSTEM32\CTXFISPI.EXE (SPI (Creative X-Fi Module)/Creative Technology Ltd) 0x01000000
Library C:\WINDOWS\SYSTEM32\ctosuser.dll (Creative OS Services Module/Creative Technology Ltd) 0x02000000
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x10000000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\WINDOWS\system32\cttele32.dll (Creative Common PS Module/Creative Technology Ltd) 0x00A30000
Library C:\WINDOWS\SYSTEM32\CTDPROXY.DLL (Creative Audio Driver Proxy/Creative Technology Ltd) 0x00F40000
Library C:\WINDOWS\SYSTEM32\PIAPROXY.DLL (E-mu Plug-in Architecture Device Driver Proxy/Creative Technology Ltd) 0x00F60000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000

Process C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE (HP Digital Imaging Monitor/Hewlett-Packard Co.) 2592
Library C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE (HP Digital Imaging Monitor/Hewlett-Packard Co.) 0x00400000
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x10000000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll (HP U/I COM Objects/Hewlett-Packard Co.) 0x14000000
Library C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.rsc (CUE TrayApp Combined resource DLL/Hewlett-Packard Co.) 0x15000000
Library C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll (HP Digital Imaging Monitor Objects (CUE)/Hewlett-Packard Co.) 0x15800000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000
Library C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll (HP All-in-One TrayAppPlugin/Hewlett-Packard Co.) 0x16600000
Library C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc (AiO TrayAppPlugIn Combined resource DLL/Hewlett-Packard Co.) 0x16750000
Library C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll (HP OfficeJet COM Common Objects/Hewlett-Packard Co.) 0x144C0000
Library C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll (HP OfficeJet COM Device IO Objects (CUE)/Hewlett-Packard Co.) 0x01160000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000
Library C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll (HP Digital Imaging Monitor PlugIn (AiO)/Hewlett-Packard Co.) 0x015F0000
Library C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll (HP RedBox Interface Tray App PlugIn/Hewlett-Packard Co.) 0x01620000
Library C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll (HP Mars Interface Tray App PlugIn/Hewlett-Packard Co.) 0x01680000
Library C:\WINDOWS\system32\hpzipr12.dll (PML Run-time library/Hewlett-Packard) 0x016E0000
Library C:\Program Files\HP\Digital Imaging\bin\hpqddusr.dll (HP CUE DeviceDiscovery User/Hewlett-Packard Co.) 0x01370000
Library C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\hpqddcmn.dll (HP CUE DeviceDiscovery Common Library/Hewlett-Packard Co.) 0x3AF00000
Library C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll (Hewlett-Packard Market Research/Hewlett-Packard Co.) 0x013A0000
Library C:\WINDOWS\system32\hpzidr12.dll (IEEE-1284.4-1999 Run-time library (kernel)/Hewlett-Packard) 0x023B0000

Process C:\WINDOWS\system32\CTXFIHLP.EXE (CTXfiHlp MFC Application/Creative Technology Ltd) 2620
Library C:\WINDOWS\system32\CTXFIHLP.EXE (CTXfiHlp MFC Application/Creative Technology Ltd) 0x01000000
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x10000000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\WINDOWS\system32\cttele32.dll (Creative Common PS Module/Creative Technology Ltd) 0x00920000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000
Library C:\WINDOWS\system32\ctxfispk.dll (Ctxfispk.dll/Creative Technology Ltd) 0x00E00000
Library C:\WINDOWS\system32\ctxfibtn.dll (CTXFIBTN DLL/Creative Technology Ltd) 0x00FF0000
Library C:\WINDOWS\CTXFIRES.DLL 0x01050000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000

Process C:\PROGRAM FILES\MAXTOR\ONETOUCH\UTILS\ONETOUCH.EXE (Maxtor OneTouch Detection/Maxtor Corporation) 2680
Library C:\PROGRAM FILES\MAXTOR\ONETOUCH\UTILS\ONETOUCH.EXE (Maxtor OneTouch Detection/Maxtor Corporation) 0x00400000
Library C:\PROGRAM FILES\MAXTOR\ONETOUCH\UTILS\DRVIFNT.dll (DRVIFXX DLL/Maxtor Corporation) 0x10000000
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x00A00000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000

Process C:\PROGRAM FILES\MSI\LIVE UPDATE 3\LMONITOR.EXE 2696
Library C:\PROGRAM FILES\MSI\LIVE UPDATE 3\LMONITOR.EXE 0x00400000
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x10000000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\PROGRAM FILES\MSI\LIVE UPDATE 3\Lang\res409.dll 0x00DA0000
Library C:\PROGRAM FILES\MSI\LIVE UPDATE 3\nvgpio.dll (NVIDIANVidia GPIO Dll/NVIDIA Corporation) 0x00DF0000
Library C:\WINDOWS\System32\devenum.dll 0x75F40000
Library C:\WINDOWS\system32\msdmo.dll 0x736B0000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000

Process C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) 2720
Library C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Layered Service Provider/PC Tools Research Pty Ltd.) 0x10000000

Process C:\Documents and Settings\Jay\Desktop\gmer\gmer.exe 2888
Library C:\Documents and Settings\Jay\Desktop\gmer\gmer.exe 0x00400000
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x10000000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000

Process C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 3812
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x10000000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000
Library C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Sun Microsystems, Inc.) 0x5EE60000
Library C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll (STLport/STLport Consulting, Inc.) 0x5E470000
Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x02B80000
Library C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 0x02910000
Library C:\Program Files\a-squared Free\a2freecontmenu.dll (a-squared Free shell extension/Emsi Software GmbH) 0x03160000
Library C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware Context Menu Extension/SUPERAntiSpyware.com) 0x03230000
Library C:\Program Files\WinRAR\rarext.dll 0x03240000
Library C:\PROGRA~1\MSI\SECURE~1\SecDoc.dll (SecureDoc/msi) 0x033B0000
Library C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll (Cover Designer/Nero AG) 0x03BF0000

Process C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (HP CUE Status Root/Hewlett-Packard Co.) 4024
Library C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (HP CUE Status Root/Hewlett-Packard Co.) 0x00400000
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x10000000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000
Library C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll (HP OfficeJet COM Common Objects/Hewlett-Packard Co.) 0x144C0000
Library C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll (HP CUE Writing System Information Objects/Hewlett-Packard Co.) 0x01140000
Library C:\WINDOWS\system32\hpzipr12.dll (PML Run-time library/Hewlett-Packard) 0x010E0000
Library C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll (HP CUE Status Imp/Hewlett-Packard Co.) 0x17000000
Library C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll (HP CUE PMLEventMonitorPlugin/Hewlett-Packard Co.) 0x17200000
Library C:\Program Files\HP\Digital Imaging\bin\hpqstp08.rsc (CUE StatusIOPML Combined resource DLL/Hewlett-Packard Co.) 0x01120000
Library C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll (HP OfficeJet COM Device IO Objects (CUE)/Hewlett-Packard Co.) 0x013C0000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000
Library C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc (Combined resource DLL/Hewlett-Packard Co.) 0x017D0000

Process C:\PROGRAM FILES\WINDOWS DESKTOP SEARCH\WINDOWSSEARCH.EXE (Windows Search System Tray/Microsoft Corporation) 4028
Library C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL (WinPatrol Helper DLL/BillP Studios) 0x10000000
Library C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x634B0000
Library C:\WINDOWS\System32\msidntld.dll (Microsoft Identity Manager/Microsoft Corporation) 0x60890000
Library C:\PROGRAM FILES\LOGITECH\SETPOINT\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.) 0x10100000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000

---- Services - GMER 1.0.15 ----

Service C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH) [MANUAL] a2free
Service C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [AUTO] AdobeActiveFileMonitor4.0
Service C:\WINDOWS\System32\Drivers\AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.) [MANUAL] AnyDVD
Service C:\WINDOWS\System32\Drivers\BANTExt.sys [SYSTEM] BANTExt
Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (System Level Service Utility/Creative Labs) [MANUAL] Creative Audio Engine Licensing Service
Service C:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe (System Level Service Utility/Creative Labs) [AUTO] Creative Audio Pack Licensing Service
Service C:\WINDOWS\system32\CTsvcCDA.exe (Creative Service for CDROM Access/Creative Technology Ltd) [AUTO] Creative Service for CDROM Access
Service C:\WINDOWS\system32\drivers\CT20XUT.SYS (Creative 20X Utility Effects/Creative Technology Ltd.) [MANUAL] CT20XUT
Service C:\WINDOWS\System32\drivers\CT20XUT.SYS (Creative 20X Utility Effects/Creative Technology Ltd.) [MANUAL] CT20XUT.SYS
Service C:\WINDOWS\system32\drivers\ctac32k.sys (Creative AC3 SW Decoder Device Driver (WDM)/Creative Technology Ltd) [MANUAL] ctac32k
Service C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative WDM Audio Device Driver/Creative Technology Ltd) [MANUAL] ctaud2k
Service C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Audio Service/Creative Technology Ltd) [AUTO] CTAudSvcService
Service C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative DVD-Audio Device Driver (WDM)/Creative Technology Ltd) [MANUAL] ctdvda2k
Service C:\WINDOWS\system32\drivers\CTEXFIFX.SYS (Creative XFi Effects/Creative Technology Ltd.) [MANUAL] CTEXFIFX
Service C:\WINDOWS\System32\drivers\CTEXFIFX.SYS (Creative XFi Effects/Creative Technology Ltd.) [MANUAL] CTEXFIFX.SYS
Service C:\WINDOWS\system32\drivers\CTHWIUT.SYS (Creative Utility Effects/Creative Technology Ltd.) [MANUAL] CTHWIUT
Service C:\WINDOWS\System32\drivers\CTHWIUT.SYS (Creative Utility Effects/Creative Technology Ltd.) [MANUAL] CTHWIUT.SYS
Service C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Proxy Device Driver (WDM)/Creative Technology Ltd) [MANUAL] ctprxy2k
Service C:\WINDOWS\system32\drivers\ctsfm2k.sys (SoundFont® Manager (WDM)/Creative Technology Ltd) [MANUAL] ctsfm2k
Service C:\WINDOWS\system32\DRIVERS\hphid409.sys (IEEE-1284.4-1999 Driver (Windows 2000)/HP) [MANUAL] Dot4 HPH09
Service C:\WINDOWS\system32\DRIVERS\hphipr09.sys (IEEE-1284.4-1999 Print Class Driver/HP) [MANUAL] Dot4Print HPH09
Service C:\WINDOWS\System32\Drivers\hphs2k09.sys (Printer Card Mass Storage Driver/Hewlett-Packard) [MANUAL] Dot4Storage HPH09
Service C:\WINDOWS\System32\Drivers\ElbyCDFL.sys (ElbyCDIO Filter Driver/SlySoft, Inc.) [MANUAL] ElbyCDFL
Service C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (ElbyCD Windows NT/2000/XP I/O driver/Elaborate Bytes AG) [SYSTEM] ElbyCDIO
Service C:\WINDOWS\system32\drivers\emupia2k.sys (E-mu Plug-in Architecture Driver (WDM)/Creative Technology Ltd) [MANUAL] emupia
Service C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys (NDIS 5.0 miniport driver/VIA Technologies, Inc. ) [MANUAL] FET5X86V
Service C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys (NDIS 5.0 miniport driver/VIA Technologies, Inc. ) [MANUAL] FETND5BV
Service C:\WINDOWS\System32\DRIVERS\fetnd5.sys (NDIS 5.0 miniport driver/VIA Technologies, Inc. ) [MANUAL] FETNDIS
Service C:\WINDOWS\system32\DRIVERS\fetnd5b.sys (NDIS 5.0 miniport driver/VIA Technologies, Inc. ) [MANUAL] FETNDISB
Service D:\INSTALL\GMSIPCI.SYS [MANUAL] GMSIPCI
Service C:\Program Files\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc.) [AUTO] gupdate
Service C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google) [AUTO] gusvc
Service C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative 20X HAL (WDM)/Creative Technology Ltd) [MANUAL] ha20x2k
Service C:\WINDOWS\system32\DRIVERS\idcphid.sys (IdeaCom Touch Controller driver/IdeaCom Technology Inc.) [MANUAL] IdcPHid
Service C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
Service C:\Program Files\Java\jre6\bin\jqs.exe (Java™ Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
Service C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys (Logitech PS2 Keyboard Filter Driver./Logitech, Inc.) [MANUAL] L8042Kbd
Service C:\WINDOWS\system32\DRIVERS\L8042mou.Sys (Logitech PS/2 Mouse Filter Driver./Logitech, Inc.) [MANUAL] L8042mou
Service C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech Bluetooth Service/Logitech, Inc.) [MANUAL] LBTServ
Service C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys (Logitech HID Filter Driver./Logitech, Inc.) [MANUAL] LHidFilt
Service LHidKe
Service C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys (Logitech Mouse Filter Driver./Logitech, Inc.) [MANUAL] LMouFilt
Service C:\WINDOWS\system32\DRIVERS\LMouKE.Sys (Logitech Filter Driver for Mouse Class./Logitech, Inc.) [MANUAL] LMouKE
Service C:\WINDOWS\System32\Drivers\LUsbFilt.Sys (Logitech USB Filter Driver./Logitech, Inc.) [MANUAL] LUsbFilt
Service C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe [AUTO] MaxBackServiceInt
Service MSDTC Bridge 3.0.0.0
Service C:\WINDOWS\system32\DRIVERS\mxopswd.sys (OneTouch Security Driver/Maxtor Corp.) [MANUAL] MXOPSWD
Service C:\Program [AUTO] Nero BackItUp Scheduler 4.0
Service C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys (NTI CD-ROM Filter Driver/NewTech Infosystems, Inc.) [MANUAL] NTIDrvr
Service C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe (SyncServices/ ) [MANUAL] NTService1
Service nv4
Service C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative OS Services Driver (WDM)/Creative Technology Ltd.) [MANUAL] ossrv
Service Outlook
Service C:\WINDOWS\system32\DRIVERS\pfc027.sys [MANUAL] PAC207
Service C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) [BOOT] PCTCore
Service C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools) [SYSTEM] pctgntdi
Service C:\WINDOWS\system32\drivers\pctplsg.sys (PC Tools SG Plugin Driver/PC Tools) [MANUAL] pctplsg
Service C:\WINDOWS\system32\HPHipm09.exe (PML Driver/HP) [MANUAL] Pml Driver
Service C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe (Retrospect Express HD/EMC Dantz) [AUTO] RetroExpLauncher
Service C:\WINDOWS\system32\DRIVERS\s3gnbm.sys (S3 ProSavage(DDR) & Twister Miniport Driver/S3 Graphics, Inc.) [MANUAL] S3Psddr
Service C:\WINDOWS\System32\DRIVERS\s3gnbm.sys (S3 ProSavage(DDR) & Twister Miniport Driver/S3 Graphics, Inc.) [MANUAL] S3SavageNB
Service C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SASENUM.SYS/ SUPERAdBlocker.com and SUPERAntiSpyware.com) [MANUAL] SASENUM
Service C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools Auxiliary Service/PC Tools) [MANUAL] sdAuxService
Service C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools) [MANUAL] sdCoreService
Service C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service C:\WINDOWS\system32\DRIVERS\SI3112r.sys (Serial ATA RAID miniport driver/Silicon Image, Inc) [BOOT] SI3112r
Service C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc) [BOOT] SiFilter
Service SMSvcHost 3.0.0.0
Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip
Service C:\WINDOWS\system32\drivers\TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools) [BOOT] TfFsMon
Service C:\WINDOWS\system32\drivers\TfNetMon.sys (ThreatFire Network Monitor/PC Tools) [MANUAL] TfNetMon
Service C:\WINDOWS\system32\drivers\TfSysMon.sys (ThreatFire System Monitor/PC Tools) [BOOT] TfSysMon
Service C:\Program [MANUAL] ThreatFire
Service [SYSTEM] UBHelper
Service VIA Codec Default
Service C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA NT AGP Filter/VIA Technologies, Inc.) [BOOT] viaagp1
Service C:\WINDOWS\System32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] ViaIde
Service C:\WINDOWS\system32\drivers\vinyl97.sys (Vinyl AC'97 Codec Combo WDM Driver/VIA Technologies, Inc.) [MANUAL] VIAudio
Service C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) [BOOT] videX32
Service C:\WINDOWS\system32\DRIVERS\vncmirror.sys (VNC Mirror Miniport/RealVNC Ltd.) [MANUAL] vncmirror
Service C:\WINDOWS\system32\drivers\Vsp.sys [MANUAL] Vsp
Service Windows Workflow Foundation 3.0.0.0
Service C:\Program Files\RealVNC\VNC4\WinVNC4.exe (VNC Server Personal Edition for Win32/RealVNC Ltd.) [AUTO] WinVNC4
Service WSearchIdxPi
Service xfilt
Service C:\WINDOWS\system32\DRIVERS\zd1211u.sys (Wireless 802.11g USB LAN Driver/WirelessLAN Technology Corporation) [MANUAL] ZD1211U(WirelessLAN)
Service C:\WINDOWS\system32\ZDPNDIS5.SYS (PCAUSA NDIS 5.0 Protocol Driver/Printing Communications Assoc., Inc. (PCAUSA)) [MANUAL] ZDPNDIS5

---- EOF - GMER 1.0.15 ----


#4 HDRider420

HDRider420
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:03:53 PM

Posted 27 February 2010 - 11:07 PM

I did not uncheck file version info n the last scan I did on this one
But it won't let me post it said it was to long so I'm attaching it

Thanks again

Attached Files



#5 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 27 February 2010 - 11:47 PM

Hadn't been expecting a 500 + Kb log from that. But be sure to go by the posted steps only (such as that choice to uncheck the File version info option). Still no indication of malware activity here. What infection was there you removed - file names, malware type etc.? If it was also picked up in some scan done, perhaps you can post a log from that as well.
Ad eundum quo no duck ante iit

#6 HDRider420

HDRider420
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:03:53 PM

Posted 28 February 2010 - 12:11 AM

There were 2 trogans I can't remember the names
I think MB that found them but I don't have any logs from it.

I might just be having OS problems
I wanted to restart my anti virus and needed to reboot to do that
when I logged back in I got a message that the system had just recovered from a serious error
it didn't say what & I've never gotten that before



#7 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 28 February 2010 - 12:31 AM

See if that created a dump file we can use.

Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


Navigate (right click My Computer, left click Explore) to the following folder:

c:\windows\minidump

And if one is there, locate in it any recent minidump(date-somenumber).dmp files created, where "date-somenumber" matches dates of any recent crashes there. If they exist, then just zip a copy of it, and send it to jintan @ malwarecrypt.com as an attachment. Please place "Submitted Files -HDRider420/bc/dmp" as the email Subject.
Ad eundum quo no duck ante iit

#8 HDRider420

HDRider420
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:03:53 PM

Posted 28 February 2010 - 01:03 AM

I did the steps needed to view hidden files

Found 1 .dmp file @ c:\windows\minidump

I sent it to you from my yahoo account

If you reply back in the email will you post here so I got a notice in my comcast account... Thanks

Also just wondering what program do you use to read a .dmp file

Thanks Again

#9 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 28 February 2010 - 08:54 PM

For debugging crash dumps I use MS's WinDbg. Which I am having trouble with today, getting the correct "symbols" loaded, so not able to completely analyze any dump files. In just looking through the file's strings:

bacfc000 bad13d80 AnyDVD AnyDVD.sys Fri Feb 19 18:24:18 2010 (4B7F1DA2)

f77e7000 f77eb900 ElbyCDIO ElbyCDIO.sys Fri Jan 01 12:20:32 2010 (4B3E2EE0)

I tend to see that in dump files where scans suggest the issue is not malware related. Possibly a conflict with the many older drivers/programs there the dump log also shows? Also sensed involvement by Spyware Doctor, but only hunches on my part.
Ad eundum quo no duck ante iit

#10 HDRider420

HDRider420
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:03:53 PM

Posted 28 February 2010 - 09:09 PM

QUOTE(Jintan @ Feb 27 2010, 11:47 PM) View Post
Hadn't been expecting a 500 + Kb log from that. But be sure to go by the posted steps only (such as that choice to uncheck the File version info option). Still no indication of malware activity here. What infection was there you removed - file names, malware type etc.? If it was also picked up in some scan done, perhaps you can post a log from that as well.

is there some type of maintence I should be doing to reduce the file list
like deleting logs every so often ??

And yes I was looking last night at the loaded programs and thought I needed to update
a lot of them but I didn't want to make any changes while we are looking for problems
without asking you..do you want me to update old programs now.


#11 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 01 March 2010 - 11:39 PM

Less an update of older things that checking for change by uninstalling that AnyDVD software - reboot - check if you still have issues. Also not sure removal of any files would be needed, unless you are getting low on disk space, but instead looking through your installed programs and uninstalling any that are not used, or perhaps duplicate the job others do.
Ad eundum quo no duck ante iit

#12 HDRider420

HDRider420
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:03:53 PM

Posted 02 March 2010 - 11:23 AM

I removed AnyDVD rebooted went though boot ok but everything is still slow cpu still hangs at 100%

So then I went ahead and removed a handful of old programs and updated all the other ones still have same problems

I'm thinking I should reformat the C: drive and do a fresh install unless you have another suggestion


#13 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 02 March 2010 - 09:13 PM

Before considering a major change like that, you may want to uninstall security softwares - these are often involved in problems due to things like corruption, or conflicts between different ones. The logs show you have Dantz's Retrospect Express and Nero's BackItUp loading there in some fashion. These infrequent balloons on the taskbar suggests maybe some scheduled event. May want to check in those software's settings to see if they are pre-scheduled in some way, as well as check Scheduled Tasks in the Control Panel.

Download and run Process Explorer from here. Click on View and check "Show processes from all users", "show fractional CPU" and "Show unnamed handles".

In the upper panel of that display, see if you can ID the culprit that is slowing things down.
Ad eundum quo no duck ante iit

#14 HDRider420

HDRider420
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:03:53 PM

Posted 03 March 2010 - 11:45 PM

I was surprised to hear that Dantz's Retrospect Express and Nero's BackItUp were loading!
I did check them and there were no back-ups scheduled
I never use them so I removed Dantz's Retrospect Express and since Nero's BackItUp is bundled in a Nero package I used msconfig to stop it from loading.

I went back and looked over my list of installed programs and removed some more old ones that I don't use since this is now a backup/server

Then I use filehippo's update checker to find all the outdated software and upgraded everything it found.

After I rebooted for some reason my old HP printer started trying to load giving me windows errors that it could not start drivers along with errors for old programs that had been updated but windows was still looking for the older versions. I had used WinPatrol to disable the HP printer drivers a long time ago, why they started trying to load again IDK. So I went back to msconfig & WinPatrol to stop windows from looking for everything that was giving me error message or anything that I had removed. After reboot that fix all the error messages.

That Process Explorer is one heck of a fine program !!

The first thing I noticed was that most things that were bumping the cpu hard were things in windows
except for Java Quick Start.

So I went into the Java setting and disabled the quick start.
Than it looked like the Spooler Subsystem was next thing really spiking high.
So I went back to add/remove listed and removed all HP software including the old & new printer and related software.
That stopped the Spooler Subsystem from spiking along with Generic Host Process for Win32 Services and the Services and Controller App.

I'm not sure if I will reinstall the new HP Pro L7780 ALL in One down the road or not.

Right now when I open a program including IE the cpu hits 100% but it does drop off after things settle down.
When it's sitting idle now the cpu goes anywhere from 5 to 14 % which seems ok to me.
Worlds away from hitting 100% and hanging there for 15 to 20 mins and spiking there while sitting idle.

Sorry for taking so long to get back to you but I'm sure you know this was a long process updating and stopping stuff from loading.
I think it's has good as it's going to get. If you have any more suggestions or thoughts just let me know.

THANKS AGAIN for all your help
Jay

Edited by HDRider420, 04 March 2010 - 10:14 AM.


#15 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 06 March 2010 - 07:56 PM

My complete apologies for fading on you here. I hadn't been assisting here in a while, and am not up to speed on keeping up with things. In a discussion with a teammate elsewhere the idea was that instead of my WinDbg setup being incorrect, yours and one other threads dump files contained the same problem file. Worth checking here since it is a possibility.

Click here and download jpshortstuff's SystemLook to your desktop, then click that file to open the scan display. In the open textbox, copy and paste the following (inside the Code box below):

CODE
:filefind
ntoskrnl.exe


Then click Look. Once the scan completes Notepad will open - copy/paste those contents back here please. That will also be saved as a log where you have the scan file, named SystemLook.txt.
Ad eundum quo no duck ante iit




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users