Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Koowo Lyrics Adware


  • This topic is locked This topic is locked
19 replies to this topic

#1 ashopecollapses

ashopecollapses

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 08 November 2006 - 07:02 PM

Well my computer was recently infected wtih Trojan agent winlogon.hook and I was able to clean that out, I'm pretty sure after several hours of frusteration. But using System Analyzer from Webroot I've learned that my computer is still infected with this Koowo Lyrics Software that seems to be going around. My computer also seems to be a bit slower and it seems as if the windows xp load screen seems to lag a bit, I'm not sure if they are related but if anyone has any idea about that as well I'd appreciate it. Anyway, I have no idea how to remove it and this is my first time trying to get help in these forums so here's my hijackthis log hopefully the right one you all are looking for and hopefully someone can be of help. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 6:58:05 PM, on 11/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Tom Briggs\My Documents\Computer Stuff\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:26 AM

Posted 16 November 2006 - 12:24 PM

Perform an onlinescan with Panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a few minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report together a fresh HijackThis log

#3 ashopecollapses

ashopecollapses
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 18 November 2006 - 04:58 PM

Panda Activescan

Spyware:Cookie/Atwola
Not disinfected
C:\Documents and Settings\Tom Briggs\Cookies\tom briggs@atwola[1].txt

Potentially unwanted tool:Application/Processor
Not disinfected
C:\Documents and Settings\Tom Briggs\My Documents\Computer Stuff\Roguescanfix\Process.exe

Potentially unwanted tool:Application/Processor
Not disinfected
C:\Documents and Settings\Tom Briggs\My Documents\Computer Stuff\smitfraudfix\SmitfraudFix\Process.exe

Possible Virus.
Not disinfected
C:\Documents and Settings\Tom Briggs\My Documents\Computer Stuff\smitfraudfix\SmitfraudFix\swsc.exe

Potentially unwanted tool:Application/Processor
Not disinfected
C:\Documents and Settings\Tom Briggs\My Documents\Computer Stuff\SmitfraudFix.zip[SmitfraudFix/Process.exe]

Possible Virus.
Not disinfected
C:\Documents and Settings\Tom Briggs\My Documents\Computer Stuff\SmitfraudFix.zip[SmitfraudFix/swsc.exe]

Potentially unwanted tool:Application/Processor
Not disinfected
C:\Documents and Settings\Tom Briggs\My Documents\Computer Stuff\smitRem\Process.exe

Potentially unwanted tool:Application/Processor
Not disinfected
C:\Documents and Settings\Tom Briggs\My Documents\Computer Stuff\smitRem.exe[smitRem/Process.exe]

Spyware:Cookie/Searchportal
Not disinfected
C:\RECYCLER\NPROTECT\00000006.MOZ[searchportal.information.com/]

Spyware:Cookie/Searchportal
Not disinfected
C:\RECYCLER\NPROTECT\00000022.MOZ[searchportal.information.com/]

Adware:Adware/Adservice
Not disinfected
C:\WINDOWS\system32\drvgoh.dll

Potentially unwanted tool:Application/Processor
Not disinfected
C:\WINDOWS\system32\Process.exe

Possible Virus.
Not disinfected
C:\WINDOWS\system32\swsc.exe

Possible Virus.
Not disinfected
C:\WINDOWS\system32\Webupdate2.dll

----------------------------------------------------------------------------------------------------------

AND NOW FOR THE HIJACKTHIS LOG:
Logfile of HijackThis v1.99.1
Scan saved at 4:54:50 PM, on 11/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\DOCUME~1\TOMBRI~1\LOCALS~1\Temp\~e5.0001
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\EAGAME~1\NEEDFO~1\speed.exe
C:\DOCUME~1\TOMBRI~1\LOCALS~1\Temp\~e5.0001
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Tom Briggs\My Documents\Computer Stuff\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163433588375
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe


Thank you much!

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:26 AM

Posted 18 November 2006 - 05:55 PM

Download this program:

submit files packer

Highlight the files listed below in bold and right-click and selecting copy.


C:\WINDOWS\system32\drvgoh.dll
C:\WINDOWS\system32\Webupdate2.dll


Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field.

Then press the Continue button.

I will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.

Rename this file to yourmembername.cab (for example grinler.cab).

Then go to:
http://www.bleepingcomputer.com/submit-malware.php
and fill in the required fields and browse to this file on your desktop. Finally click on the Send File button.

#5 ashopecollapses

ashopecollapses
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 18 November 2006 - 06:36 PM

The files have been submitted.

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:26 AM

Posted 18 November 2006 - 10:20 PM

Please download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

#7 ashopecollapses

ashopecollapses
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 18 November 2006 - 11:33 PM

SmitFraudFix v2.122

Scan done at 23:29:50.60, Sat 11/18/2006
Run from C:\Documents and Settings\Tom Briggs\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\Tom Briggs


C:\Documents and Settings\Tom Briggs\Application Data


Start Menu


C:\DOCUME~1\TOMBRI~1\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


pe386-msguard-lzx32


Scanning wininet.dll infection


End

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:26 AM

Posted 19 November 2006 - 03:36 PM

Delete this file:

C:\WINDOWS\system32\drvgoh.dll

What exactly is spy sweeper saying is infected ?

#9 ashopecollapses

ashopecollapses
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 19 November 2006 - 09:01 PM

it kept saying im infected with some piece of ad ware called "koowo lyrics software." however, i did all the fixes you prescribed as well as a few technician friends of mine. my computer would check out clean in ad-aware, spybot, avg anti-spyware, superantispyware, and avg antivirus. but webroot system analyzer, a tool i use for work, keeps telling me im infected with this piece of adware. beyond that i was just kind of interested to see if there were any other apparent problems with my system because it loads windows slowly and lags for what appears to be no reason at all. any help you have on either of these situations is greatly appreciated. thanks.

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:26 AM

Posted 20 November 2006 - 10:29 AM

I am not sure why spysweeper is alerting yu to that. Do they give you any specific information as to any files or registry entries that are part of this infection?

As for the slowdown, you really do not have much in your log. Lets take a look at something:


* Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it and start GMER.exe
Click the rootkit-tab and click scan.

Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.

If you're having problems with running GMER.exe, try it in safe mode.
This tools works in safe mode.. other rootkitrevealers don't.

#11 ashopecollapses

ashopecollapses
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 20 November 2006 - 03:56 PM

No, unfortunately this is the only System Analyzer program is the only program that tells me I have this infection. Other than the occasional tracking cookie my system appears to be clean. All I can think of is that it its either a false positive from a program installed on my computer that acts similarly. I checked out Koowo's site and its a legitimate chinese kareoke plugin for winamp and windows media player. However, I didn't install it and cannot find an uninstaller for it either.

Here are the GMER results:
GMER 1.0.12.11889 - http://www.gmer.net
Rootkit scan 2006-11-20 15:47:50
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT a347bus.sys ZwClose
SSDT a347bus.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT a347bus.sys ZwOpenFile
SSDT a347bus.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT a347bus.sys ZwSetSystemPowerState
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86F757D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 8682C3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 86A9E008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86A9E008
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 866542F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 86A9E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86A9E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 86AA6258
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 86AA6258
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_CREATE 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_CREATE_NAMED_PIPE 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_CLOSE 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_READ 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_WRITE 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_QUERY_INFORMATION 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_SET_INFORMATION 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_QUERY_EA 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_SET_EA 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_FLUSH_BUFFERS 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_SET_VOLUME_INFORMATION 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_DIRECTORY_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_FILE_SYSTEM_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_DEVICE_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_SHUTDOWN 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_LOCK_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_CLEANUP 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_CREATE_MAILSLOT 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_QUERY_SECURITY 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_SET_SECURITY 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_POWER 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_SYSTEM_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_DEVICE_CHANGE 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_QUERY_QUOTA 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_SET_QUOTA 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_PNP 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_CREATE 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_CREATE_NAMED_PIPE 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_CLOSE 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_READ 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_WRITE 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_QUERY_INFORMATION 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_SET_INFORMATION 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_QUERY_EA 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_SET_EA 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_FLUSH_BUFFERS 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_QUERY_VOLUME_INFORMATION 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_SET_VOLUME_INFORMATION 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_DIRECTORY_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_FILE_SYSTEM_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_DEVICE_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_INTERNAL_DEVICE_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_SHUTDOWN 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_LOCK_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_CLEANUP 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_CREATE_MAILSLOT 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_QUERY_SECURITY 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_SET_SECURITY 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_POWER 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_SYSTEM_CONTROL 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_DEVICE_CHANGE 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_QUERY_QUOTA 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_SET_QUOTA 86AA6258
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_PNP 86AA6258
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 86A9E008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 86A9E008
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 85C41518
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 866B32F0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 866B32F0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 868D51D0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 867111D0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_NAMED_PIPE 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLOSE 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_READ 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_WRITE 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_INFORMATION 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_INFORMATION 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_EA 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_EA 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FLUSH_BUFFERS 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_VOLUME_INFORMATION 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DIRECTORY_CONTROL 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FILE_SYSTEM_CONTROL 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CONTROL 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SHUTDOWN 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_LOCK_CONTROL 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLEANUP 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_MAILSLOT 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_SECURITY 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_SECURITY 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_POWER 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SYSTEM_CONTROL 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CHANGE 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_QUOTA 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_QUOTA 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_READ 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_WRITE 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_EA 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CLEANUP 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_POWER 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA 8696EA98
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_PNP 8696EA98
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 8682C3C8
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 865D47A0
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 865D47A0
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 865D47A0
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 865D47A0
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 865D47A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 844F15E8

---- Modules - GMER 1.0.12 ----

Module _________ F750A000

---- Files - GMER 1.0.12 ----

ADS C:\AVG7QT.DAT:SummaryInformation
ADS C:\AVG7QT.DAT:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Program Files\ATI Technologies\ATI.ACE\skins\CATALYST_Quicksilver\CATALYST_Quicksilver.uis_Scrollbar:Smaller.WB4

---- EOF - GMER 1.0.12 ----

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:26 AM

Posted 21 November 2006 - 03:29 PM

Nothing at all wrong there either. Not sure what else to have you try here. Nothing is reporting anything bad.

#13 ashopecollapses

ashopecollapses
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 21 November 2006 - 09:43 PM

all i could think of is that since im at school i leave my computer on a lot and it doesnt like that. or because my SATA card is not integrated on the motherboard. I was thinking I'd try the SFC command, but I've defragged. I use Crap Cleaner to get rid of the excess stuff on the computer. I have AVG Anti-virus and AVG Antispyware running in the background but nothing else too intense. I'm not too sure what else to try. Any suggestions though would be helpful. Thanks.

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:26 AM

Posted 21 November 2006 - 09:51 PM

have you tried disabling avg antispyware and keeping superantispyware, vice versa and see if either of them is causing the slow down?

#15 ashopecollapses

ashopecollapses
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 22 November 2006 - 12:51 AM

i actually only install super antispyware when i need it. its the personal version and its free so it has all of these annoying banners and such you cant disable cuz its free. however, i have tried operation disabling the anti-virus and the anti-spyware both together and by themselves and seen little change. im not quite sure what to make of it. my system is pretty good: AMD Athlon XP 2600+ (2.16ghz), 1GB PC3200 RAM, 160GB Maxtor SATA hard disk, NVidia NForce2 chipset, ATi Radeon 9700 AGP Graphics card. The computer seems especially laggy/lossy while playing Need for Speed Most Wanted and during the initial Windows XP load screen, other than that it works all right.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users