WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

What Is Eating All My Memory?

Started by cockeysvillekid , May 28 2007 02:25 PM

This topic is locked

8 replies to this topic

#1 cockeysvillekid

New Member

New Member
6 posts

Posted 28 May 2007 - 02:25 PM

I have minor problems. My PC is slow, hanging, constant MS prompts to send reports because it has "encountered a problem". It is now almost as slow as my win98 machine with a pent 3. Also, AdAware SE has been hanging and wont complete the scan. I have uninstalled and reinstalled it 3 times to see if that would help. Nope. Symantic is my anti and all scans are fine.
I have read a dozen or so posts and tried a few things. BUT, I am a newbie and I dont really wanna screw stuff up any more than it already is. Since I bought this PC I have done the service reboot a number of times for the slowness and I don't wanna do it anymore. I am including my DxDiag, Startup List, and my HijackThis LOG just so you have all info needed.

------------------
System Information
------------------
Time of this report: 5/28/2007, 15:41:14
Machine name: FIRST
Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 2 (2600.xpsp_sp2_gdr.070227-2254)
Language: English (Regional Setting: English)
System Manufacturer: HP Pavilion 061
System Model: EG134AA-ABA a1230n
BIOS: Phoenix - Award BIOS v6.00PG
Processor: AMD Athlon™ 64 Processor 3700+, MMX, 3DNow, ~2.2GHz
Memory: 1022MB RAM
Page File: 391MB used, 1971MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.2180 32bit Unicode

------------
DxDiag Notes
------------
DirectX Files Tab: No problems found.
Display Tab 1: No problems found.
Sound Tab 1: No problems found.
Music Tab: No problems found.
Input Tab: No problems found.
Network Tab: No problems found.

--------------------
DirectX Debug Levels
--------------------
Direct3D: 0/4 (n/a)
DirectDraw: 0/4 (retail)
DirectInput: 0/5 (n/a)
DirectMusic: 0/5 (n/a)
DirectPlay: 0/9 (retail)
DirectSound: 0/5 (retail)
DirectShow: 0/6 (retail)

---------------
Display Devices
---------------
Card name: NVIDIA GeForce 6600 GT
Manufacturer: NVIDIA
Chip type: GeForce 6600 GT
DAC type: Integrated RAMDAC
Device Key: Enum\PCI\VEN_10DE&DEV_0140&SUBSYS_C3683842&REV_A2
Display Memory: 128.0 MB
Current Mode: 1280 x 1024 (32 bit) (60Hz)
Monitor: Plug and Play Monitor
Monitor Max Res: 1600,1200
Driver Name: nv4_disp.dll
Driver Version: 6.14.0010.8198 (English)
DDI Version: 9 (or higher)
Driver Attributes: Final Retail
Driver Date/Size: 12/10/2005 04:06:00, 3955456 bytes
WHQL Logo'd: Yes
WHQL Date Stamp: n/a
VDD: n/a
Mini VDD: nv4_mini.sys
Mini VDD Date: 12/10/2005 04:06:00, 3536768 bytes
Device Identifier: {D7B71E3E-4200-11CF-F47B-62E303C2CB35}
Vendor ID: 0x10DE
Device ID: 0x0140
SubSys ID: 0xC3683842
Revision ID: 0x00A2
Revision ID: 0x00A2
Video Accel: ModeMPEG2_A ModeMPEG2_B ModeMPEG2_C ModeMPEG2_D ModeWMV9_B ModeWMV9_A
Deinterlace Caps: {212DC724-3235-44A4-BD29-E1652BBCC71C}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
{212DC724-3235-44A4-BD29-E1652BBCC71C}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
{212DC724-3235-44A4-BD29-E1652BBCC71C}: Format(In/Out)=(YV12,0x32315659) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YV12,0x32315659) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
{212DC724-3235-44A4-BD29-E1652BBCC71C}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
Registry: OK
DDraw Status: Enabled
D3D Status: Enabled
AGP Status: Enabled
DDraw Test Result: Not run
D3D7 Test Result: Not run
D3D8 Test Result: Not run
D3D9 Test Result: Not run

-------------
Sound Devices
-------------
Description: Realtek AC97 Audio
Default Sound Playback: Yes
Default Voice Playback: Yes
Hardware ID: PCI\VEN_1002&DEV_4370&SUBSYS_2A27103C&REV_02
Manufacturer ID: 1
Product ID: 100
Type: WDM
Driver Name: ALCXWDM.SYS
Driver Version: 5.10.0000.5840 (English)
Driver Attributes: Final Retail
WHQL Logo'd: Yes
Date and Size: 4/20/2005 14:00:56, 2317696 bytes
Other Files:
Driver Provider: Realtek Semiconductor Corp.
HW Accel Level: Full
Cap Flags: 0xF5F
Min/Max Sample Rate: 100, 192000
Static/Strm HW Mix Bufs: 26, 25
Static/Strm HW 3D Bufs: 26, 25
HW Memory: 0
Voice Management: No
EAX™ 2.0 Listen/Src: Yes, Yes
I3DL2™ Listen/Src: Yes, Yes
Sensaura™ ZoomFX™: No
Registry: OK
Sound Test Result: Not run

---------------------
Sound Capture Devices
---------------------
Description: Realtek AC97 Audio
Default Sound Capture: Yes
Default Voice Capture: Yes
Driver Name: ALCXWDM.SYS
Driver Version: 5.10.0000.5840 (English)
Driver Attributes: Final Retail
Date and Size: 4/20/2005 14:00:56, 2317696 bytes
Cap Flags: 0x41
Format Flags: 0xFFF

-----------
DirectMusic
-----------
DLS Path: C:\WINDOWS\SYSTEM32\drivers\GM.DLS
DLS Version: 1.00.0016.0002
Acceleration: n/a
Ports: Microsoft Synthesizer, Software (Not Kernel Mode), Output, DLS, Internal, Default Port
Realtek AC97 Audio, Software (Kernel Mode), Output, DLS, Internal
Microsoft MIDI Mapper [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
Microsoft GS Wavetable SW Synth [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
Registry: OK
Test Result: Not run

-------------------
DirectInput Devices
-------------------
Device Name: Mouse
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Device Name: Keyboard
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Poll w/ Interrupt: No
Registry: OK

-----------
USB Devices
-----------
+ USB Root Hub
| Vendor/Product ID: 0x1002, 0x4374
| Matching Device ID: usb\root_hub
| Service: usbhub
| Driver: usbhub.sys, 8/10/2004 15:00:00, 57600 bytes
| Driver: usbd.sys, 8/10/2004 15:00:00, 4736 bytes

----------------
Gameport Devices
----------------

------------
PS/2 Devices
------------
+ HP PS2 Keyboard (2K - 3)
| Matching Device ID: acpi\pnp0303
| Upper Filters: PS2
| Service: i8042prt
| Driver: i8042prt.sys, 8/4/2004 00:14:38, 52736 bytes
| Driver: kbdclass.sys, 8/3/2004 23:58:34, 24576 bytes
| Driver: PS2.sys, 6/4/2001 10:00:00, 14112 bytes
| Driver: ps2.bat, 10/25/2004 18:17:56, 90112 bytes
|
+ Terminal Server Keyboard Driver
| Matching Device ID: root\rdp_kbd
| Upper Filters: kbdclass
| Service: TermDD
| Driver: termdd.sys, 8/4/2004 19:01:08, 40840 bytes
| Driver: kbdclass.sys, 8/3/2004 23:58:34, 24576 bytes
|
+ HID-compliant mouse
| Vendor/Product ID: 0x1241, 0x1166
| Matching Device ID: hid_device_system_mouse
| Service: mouhid
| Driver: mouclass.sys, 8/10/2004 22:00:00, 23040 bytes
| Driver: mouhid.sys, 8/17/2001 17:48:00, 12160 bytes
|
+ Terminal Server Mouse Driver
| Matching Device ID: root\rdp_mou
| Upper Filters: mouclass
| Service: TermDD
| Driver: termdd.sys, 8/4/2004 19:01:08, 40840 bytes
| Driver: mouclass.sys, 8/10/2004 22:00:00, 23040 bytes

----------------------------
DirectPlay Service Providers
----------------------------
DirectPlay8 Modem Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.2180)
DirectPlay8 Serial Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.2180)
DirectPlay8 IPX Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.2180)
DirectPlay8 TCP/IP Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.2180)
Internet TCP/IP Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.2180)
IPX Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.2180)
Modem Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.2180)
Serial Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.2180)

DirectPlay Voice Wizard Tests: Full Duplex: Not run, Half Duplex: Not run, Mic: Not run
DirectPlay Test Result: Not run
Registry: OK

-------------------
DirectPlay Adapters
-------------------
DirectPlay8 Modem Service Provider: PCI Data Fax SoftModem with SmartCP
DirectPlay8 Serial Service Provider: COM3
DirectPlay8 TCP/IP Service Provider: Local Area Connection - IPv4 -

-----------------------
DirectPlay Voice Codecs
-----------------------
Voxware VR12 1.4kbit/s
Voxware SC06 6.4kbit/s
Voxware SC03 3.2kbit/s
MS-PCM 64 kbit/s
MS-ADPCM 32.8 kbit/s
Microsoft GSM 6.10 13 kbit/s
TrueSpeech™ 8.6 kbit/s

-------------------------
DirectPlay Lobbyable Apps
-------------------------

------------------------
Disk & DVD/CD-ROM Drives
------------------------
Drive: C:
Free Space: 160.5 GB
Total Space: 182.6 GB
File System: NTFS
Model: ST3200822AS

Drive: D:
Free Space: 0.9 GB
Total Space: 8.2 GB
File System: FAT32
Model: ST3200822AS

Drive: E:
Model: HP DVD Writer 740b
Driver: c:\windows\system32\drivers\cdrom.sys, 5.01.2600.2180 (English), 8/10/2004 15:00:00, 49536 bytes

Drive: F:
Model: ASUS CD-S480/A5
Driver: c:\windows\system32\drivers\cdrom.sys, 5.01.2600.2180 (English), 8/10/2004 15:00:00, 49536 bytes

--------------
System Devices
--------------
Name: PCI Data Fax SoftModem with SmartCP
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200C14F1&REV_00\4&1C88B56&0&48A4
Driver: C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys, 7.20.0000.0000 (English), 12/15/2004 18:18:28, 703232 bytes
Driver: C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys, 7.20.0000.0000 (English), 12/15/2004 18:18:32, 220928 bytes
Driver: C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys, 7.20.0000.0000 (English), 12/15/2004 18:18:26, 1038208 bytes
Driver: C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys, 1.00.0002.0006 (English), 3/17/2004 14:04:14, 13059 bytes
Driver: C:\WINDOWS\SYSTEM32\DRIVERS\HSFProf.cty, 12/15/2004 17:52:40, 129045 bytes
Driver: C:\WINDOWS\system32\mdmxsdk.dll, 1.00.0002.0006 (English), 3/17/2004 14:00:32, 86016 bytes
Driver: C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSetup.exe, 3.04.0001.0000 (English), 3/8/2005 14:05:24, 569344 bytes
Driver: C:\WINDOWS\system32\hsfci012.dll, 1.00.0000.0012 (English), 10/28/2004 18:29:08, 39018 bytes

Name: VIA OHCI Compliant IEEE 1394 Host Controller
Device ID: PCI\VEN_1106&DEV_3044&SUBSYS_2A26103C&REV_80\4&1C88B56&0&28A4
Driver: C:\WINDOWS\system32\DRIVERS\ohci1394.sys, 5.01.2600.2180 (English), 8/10/2004 15:00:00, 61056 bytes
Driver: C:\WINDOWS\system32\DRIVERS\1394bus.sys, 5.01.2600.2180 (English), 8/10/2004 15:00:00, 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\nic1394.sys, 5.01.2600.2180 (English), 8/10/2004 22:00:00, 61824 bytes
Driver: C:\WINDOWS\system32\DRIVERS\arp1394.sys, 5.01.2600.2180 (English), 8/10/2004 22:00:00, 60800 bytes
Driver: C:\WINDOWS\system32\DRIVERS\enum1394.sys, 5.01.2600.0000 (English), 8/17/2001 23:46:40, 6400 bytes

Name: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A26103C&REV_10\4&1C88B56&0&18A4
Driver: C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys, 5.621.0304.2005 (English), 3/4/2005 14:10:26, 74496 bytes

Name: NVIDIA GeForce 6600 GT
Device ID: PCI\VEN_10DE&DEV_0140&SUBSYS_C3683842&REV_A2\4&123D6358&0&0010
Driver: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys, 6.14.0010.8198 (English), 12/10/2005 04:06:00, 3536768 bytes
Driver: C:\WINDOWS\system32\nv4_disp.dll, 6.14.0010.8198 (English), 12/10/2005 04:06:00, 3955456 bytes
Driver: C:\WINDOWS\system32\nvsvc32.exe, 6.14.0010.8198 (English), 12/10/2005 04:06:00, 131139 bytes
Driver: C:\WINDOWS\system32\nvhwvid.dll, 6.14.0010.8198 (), 12/10/2005 04:06:00, 573440 bytes
Driver: C:\WINDOWS\system32\nvapi.dll, 6.14.0010.8198 (), 12/10/2005 04:06:00, 110592 bytes
Driver: C:\WINDOWS\system32\nvoglnt.dll, 6.14.0010.8198 (English), 12/10/2005 04:06:00, 5402624 bytes
Driver: C:\WINDOWS\system32\nvcpl.dll, 6.14.0010.8198 (English), 12/10/2005 04:06:00, 7311360 bytes
Driver: C:\WINDOWS\system32\nvmctray.dll, 6.14.0010.8198 (English), 12/10/2005 04:06:00, 86016 bytes
Driver: C:\WINDOWS\system32\nvwddi.dll, 6.14.0010.8198 (English), 12/10/2005 04:06:00, 81920 bytes
Driver: C:\WINDOWS\system32\nvnt4cpl.dll, 6.14.0010.11014 (English), 12/10/2005 04:06:00, 286720 bytes
Driver: C:\WINDOWS\system32\nvmccs.dll, 6.14.0010.8198 (English), 12/10/2005 04:06:00, 229376 bytes
Driver: C:\WINDOWS\help\nvcpl.hlp, 12/10/2005 04:06:00, 169507 bytes
Driver: C:\WINDOWS\help\nvwcplen.hlp, 12/10/2005 04:06:00, 55444 bytes
Driver: C:\WINDOWS\system32\nvcod.dll, 1.00.0000.0035 (English), 12/10/2005 04:06:00, 35840 bytes
Driver: C:\WINDOWS\system32\nvcodins.dll, 1.00.0000.0035 (English), 12/10/2005 04:06:00, 35840 bytes

Name: PCI standard host CPU bridge
Device ID: PCI\VEN_1022&DEV_1103&SUBSYS_00000000&REV_00\3&61AAA01&0&C3
Driver: n/a

Name: PCI standard host CPU bridge
Device ID: PCI\VEN_1022&DEV_1102&SUBSYS_00000000&REV_00\3&61AAA01&0&C2
Driver: n/a

Name: PCI standard host CPU bridge
Device ID: PCI\VEN_1022&DEV_1101&SUBSYS_00000000&REV_00\3&61AAA01&0&C1
Driver: n/a

Name: PCI standard host CPU bridge
Device ID: PCI\VEN_1022&DEV_1100&SUBSYS_00000000&REV_00\3&61AAA01&0&C0
Driver: n/a

Name: PCI standard PCI-to-PCI bridge
Device ID: PCI\VEN_1002&DEV_5A34&SUBSYS_00000000&REV_00\3&61AAA01&0&10
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.2180 (English), 8/10/2004 15:00:00, 68224 bytes

Name: PCI standard host CPU bridge
Device ID: PCI\VEN_1002&DEV_5950&SUBSYS_00000000&REV_10\3&61AAA01&0&00
Driver: n/a

Name: Standard Dual Channel PCI IDE Controller
Device ID: PCI\VEN_1002&DEV_4379&SUBSYS_2A26103C&REV_00\3&61AAA01&0&90
Driver: C:\WINDOWS\system32\DRIVERS\pciidex.sys, 5.01.2600.2180 (English), 8/3/2004 23:59:42, 25088 bytes
Driver: C:\WINDOWS\system32\DRIVERS\atapi.sys, 5.01.2600.2180 (English), 8/3/2004 23:59:44, 95360 bytes
Driver: C:\WINDOWS\system32\DRIVERS\pciide.sys, 5.01.2600.0000 (English), 8/17/2001 14:51:52, 3328 bytes

Name: PCI standard ISA bridge
Device ID: PCI\VEN_1002&DEV_4377&SUBSYS_00000000&REV_00\3&61AAA01&0&A3
Driver: C:\WINDOWS\system32\DRIVERS\isapnp.sys, 5.01.2600.0000 (English), 8/10/2004 15:00:00, 35840 bytes

Name: ATI IDE Controller
Device ID: PCI\VEN_1002&DEV_4376&SUBSYS_2A26103C&REV_00\3&61AAA01&0&A1
Driver: C:\WINDOWS\system32\DRIVERS\pciide.sys, 5.01.2600.0000 (English), 8/17/2001 14:51:52, 3328 bytes
Driver: C:\WINDOWS\system32\DRIVERS\pciidex.sys, 5.01.2600.2180 (English), 8/3/2004 23:59:42, 25088 bytes
Driver: C:\WINDOWS\system32\DRIVERS\atapi.sys, 5.01.2600.2180 (English), 8/3/2004 23:59:44, 95360 bytes

Name: Standard OpenHCD USB Host Controller
Device ID: PCI\VEN_1002&DEV_4375&SUBSYS_2A26103C&REV_00\3&61AAA01&0&99
Driver: C:\WINDOWS\system32\drivers\usbohci.sys, 5.01.2600.2180 (English), 8/4/2004 09:08:38, 17024 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.2180 (English), 8/10/2004 15:00:00, 142976 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.2180 (English), 8/4/2004 10:56:48, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.2180 (English), 8/10/2004 15:00:00, 57600 bytes

Name: Standard OpenHCD USB Host Controller
Device ID: PCI\VEN_1002&DEV_4374&SUBSYS_2A26103C&REV_00\3&61AAA01&0&98
Driver: C:\WINDOWS\system32\drivers\usbohci.sys, 5.01.2600.2180 (English), 8/4/2004 09:08:38, 17024 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.2180 (English), 8/10/2004 15:00:00, 142976 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.2180 (English), 8/4/2004 10:56:48, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.2180 (English), 8/10/2004 15:00:00, 57600 bytes

Name: Standard Enhanced PCI to USB Host Controller
Device ID: PCI\VEN_1002&DEV_4373&SUBSYS_2A26103C&REV_00\3&61AAA01&0&9A
Driver: C:\WINDOWS\system32\drivers\usbehci.sys, 5.01.2600.2180 (English), 8/10/2004 15:00:00, 26624 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.2180 (English), 8/10/2004 15:00:00, 142976 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.2180 (English), 8/4/2004 10:56:48, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.2180 (English), 8/10/2004 15:00:00, 57600 bytes
Driver: C:\WINDOWS\system32\hccoin.dll, 5.01.2600.2180 (English), 8/10/2004 15:00:00, 7168 bytes

Name: ATI SMBus
Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_2A26103C&REV_11\3&61AAA01&0&A0
Driver: n/a

Name: PCI standard PCI-to-PCI bridge
Device ID: PCI\VEN_1002&DEV_4371&SUBSYS_00000000&REV_00\3&61AAA01&0&A4
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.2180 (English), 8/10/2004 15:00:00, 68224 bytes

Name: Realtek AC'97 Audio
Device ID: PCI\VEN_1002&DEV_4370&SUBSYS_2A27103C&REV_02\3&61AAA01&0&A5
Driver: C:\WINDOWS\system32\ksuser.dll, 5.03.2600.2180 (English), 8/4/2004 10:56:44, 4096 bytes
Driver: C:\WINDOWS\system32\ksproxy.ax, 5.03.2600.2180 (English), 8/4/2004 10:56:58, 130048 bytes
Driver: C:\WINDOWS\system32\drivers\ks.sys, 5.03.2600.2180 (English), 8/4/2004 09:15:22, 140928 bytes
Driver: C:\WINDOWS\system32\drivers\drmk.sys, 5.01.2600.2180 (English), 8/4/2004 09:08:00, 60288 bytes
Driver: C:\WINDOWS\system32\drivers\portcls.sys, 5.01.2600.1364 (English), 3/16/2004 20:58:20, 136960 bytes
Driver: C:\WINDOWS\system32\drivers\stream.sys, 5.03.2600.2180 (English), 8/4/2004 09:08:04, 48640 bytes
Driver: C:\WINDOWS\system32\wdmaud.drv, 5.01.2600.2180 (English), 8/4/2004 10:56:58, 23552 bytes
Driver: C:\WINDOWS\system32\drivers\ALCXWDM.SYS, 5.10.0000.5840 (English), 4/20/2005 14:00:56, 2317696 bytes
Driver: C:\WINDOWS\system32\ALSNDMGR.CPL, 2.02.0000.0043 (English), 4/18/2005 14:03:48, 18694144 bytes
Driver: C:\WINDOWS\ALCXMNTR.EXE, 1.05.0000.0000 (English), 9/7/2004 16:47:52, 57344 bytes

------------------
DirectX Components
------------------
ddraw.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 266240 bytes
ddrawex.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 27136 bytes
dxapi.sys: 5.01.2600.0000 English Final Retail 8/10/2004 15:00:00 10496 bytes
d3d8.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 1179648 bytes
d3d8thk.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 8192 bytes
d3d9.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 1689088 bytes
d3dim.dll: 5.01.2600.0000 English Final Retail 8/10/2004 15:00:00 436224 bytes
d3dim700.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 825344 bytes
d3dramp.dll: 5.01.2600.0000 English Final Retail 8/10/2004 15:00:00 590336 bytes
d3drm.dll: 5.01.2600.0000 English Final Retail 8/10/2004 15:00:00 350208 bytes
d3dxof.dll: 5.01.2600.0000 English Final Retail 8/10/2004 15:00:00 47616 bytes
d3dpmesh.dll: 5.01.2600.0000 English Final Retail 8/10/2004 15:00:00 34816 bytes
dplay.dll: 5.00.2134.0001 English Final Retail 8/10/2004 15:00:00 33040 bytes
dplayx.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 229888 bytes
dpmodemx.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 23552 bytes
dpwsock.dll: 5.00.2134.0001 English Final Retail 8/10/2004 15:00:00 42768 bytes
dpwsockx.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 57344 bytes
dplaysvr.exe: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 30208 bytes
dpnsvr.exe: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 18432 bytes
dpnet.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 375296 bytes
dpnlobby.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 3584 bytes
dpnaddr.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 3584 bytes
dpvoice.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 212480 bytes
dpvsetup.exe: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 83456 bytes
dpvvox.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 116736 bytes
dpvacm.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 21504 bytes
dpnhpast.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 35328 bytes
dpnhupnp.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 60928 bytes
dpserial.dll: 5.00.2134.0001 English Final Retail 8/10/2004 15:00:00 53520 bytes
dinput.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 159232 bytes
dinput8.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 181760 bytes
dimap.dll: 5.01.2600.0000 English Final Retail 8/10/2004 15:00:00 44032 bytes
diactfrm.dll: 5.01.2600.0000 English Final Retail 8/10/2004 15:00:00 394240 bytes
joy.cpl: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 68608 bytes
gcdef.dll: 5.01.2600.0000 English Final Retail 8/10/2004 15:00:00 76800 bytes
pid.dll: 5.03.2600.2180 English Final Retail 8/10/2004 22:00:00 35328 bytes
dsound.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 367616 bytes
dsound3d.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 1294336 bytes
dswave.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 19456 bytes
dsdmo.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 181760 bytes
dsdmoprp.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 71680 bytes
dmusic.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 104448 bytes
dmband.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 28672 bytes
dmcompos.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 61440 bytes
dmime.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 181248 bytes
dmloader.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 35840 bytes
dmstyle.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 105984 bytes
dmsynth.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 103424 bytes
dmscript.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 82432 bytes
system.dll: 1.00.3705.6018 English Final Retail 11/17/2004 07:28:46 1179648 bytes
system.dll: 1.01.4322.2032 English Final Retail 8/9/2005 08:14:13 1224704 bytes
Microsoft.DirectX.Direct3D.dll: 9.05.0132.0000 English Final Retail 1/5/2006 18:26:36 473600 bytes
Microsoft.DirectX.Direct3DX.dll: 9.06.0168.0000 English Final Retail 1/5/2006 18:26:36 567296 bytes
Microsoft.DirectX.Direct3DX.dll: 9.07.0239.0000 English Final Retail 12/31/2005 17:12:28 576000 bytes
Microsoft.DirectX.DirectDraw.dll: 5.04.0000.2904 English Final Retail 1/5/2006 18:26:37 145920 bytes
Microsoft.DirectX.DirectInput.dll: 5.04.0000.2904 English Final Retail 1/5/2006 18:26:37 159232 bytes
Microsoft.DirectX.DirectPlay.dll: 5.04.0000.2904 English Final Retail 1/5/2006 18:26:37 364544 bytes
Microsoft.DirectX.DirectSound.dll: 5.04.0000.2904 English Final Retail 1/5/2006 18:26:37 178176 bytes
Microsoft.DirectX.AudioVideoPlayback.dll: 5.04.0000.2904 English Final Retail 1/5/2006 18:26:36 53248 bytes
Microsoft.DirectX.Diagnostics.dll: 5.04.0000.2904 English Final Retail 1/5/2006 18:26:36 12800 bytes
Microsoft.DirectX.dll: 5.04.0000.2904 English Final Retail 1/5/2006 18:26:36 223232 bytes
dx7vb.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 619008 bytes
dx8vb.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 1227264 bytes
dxdiagn.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 2113536 bytes
mfc40.dll: 4.01.0000.6140 English Final Retail 8/10/2004 15:00:00 924432 bytes
mfc42.dll: 6.02.4131.0000 English Final Retail 8/10/2004 15:00:00 1028096 bytes
wsock32.dll: 5.01.2600.2180 English Final Retail 8/10/2004 15:00:00 22528 bytes
amstream.dll: 6.05.2600.2180 English Final Retail 8/10/2004 15:00:00 70656 bytes
devenum.dll: 6.05.2600.2180 English Final Retail 8/10/2004 15:00:00 59904 bytes
dxmasf.dll: 6.04.0009.1133 English Final Retail 8/22/2006 05:05:26 498742 bytes
mciqtz32.dll: 6.05.2600.2180 English Final Retail 8/10/2004 15:00:00 35328 bytes
mpg2splt.ax: 6.05.2700.2230 English Final Retail 9/28/2004 11:54:48 149504 bytes
msdmo.dll: 6.05.2600.2180 English Final Retail 8/10/2004 15:00:00 14336 bytes
encapi.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 20480 bytes
qasf.dll: 10.00.0000.3802 English Final Retail 1/28/2005 23:44:28 221184 bytes
qcap.dll: 6.05.2600.2180 English Final Retail 8/10/2004 15:00:00 192512 bytes
qdv.dll: 6.05.2600.2180 English Final Retail 8/10/2004 15:00:00 279040 bytes
qdvd.dll: 6.05.2600.2180 English Final Retail 8/10/2004 15:00:00 385024 bytes
qedit.dll: 6.05.2600.2180 English Final Retail 8/10/2004 15:00:00 562176 bytes
qedwipes.dll: 6.05.2600.2180 English Final Retail 8/10/2004 15:00:00 733696 bytes
quartz.dll: 6.05.2600.2749 English Final Retail 8/30/2005 00:13:42 1287680 bytes
strmdll.dll: 4.01.0000.3936 English Final Retail 8/21/2006 10:52:08 246814 bytes
iac25_32.ax: 2.00.0005.0053 English Final Retail 8/10/2004 22:00:00 199680 bytes
ir41_32.ax: 4.51.0016.0003 English Final Retail 8/10/2004 22:00:00 848384 bytes
ir41_qc.dll: 4.30.0062.0002 English Final Retail 8/10/2004 15:00:00 120320 bytes
ir41_qcx.dll: 4.30.0064.0001 English Final Retail 8/10/2004 15:00:00 338432 bytes
ir50_32.dll: 5.2562.0015.0055 English Final Retail 8/10/2004 15:00:00 755200 bytes
ir50_qc.dll: 5.00.0063.0048 English Final Retail 8/10/2004 15:00:00 200192 bytes
ir50_qcx.dll: 5.00.0064.0048 English Final Retail 8/10/2004 15:00:00 183808 bytes
ivfsrc.ax: 5.10.0002.0051 English Final Retail 8/10/2004 22:00:00 154624 bytes
mswebdvd.dll: 6.05.2600.2180 English Final Retail 8/10/2004 15:00:00 204288 bytes
ks.sys: 5.03.2600.2180 English Final Retail 8/4/2004 09:15:22 140928 bytes
ksproxy.ax: 5.03.2600.2180 English Final Retail 8/4/2004 10:56:58 130048 bytes
ksuser.dll: 5.03.2600.2180 English Final Retail 8/4/2004 10:56:44 4096 bytes
stream.sys: 5.03.2600.2180 English Final Retail 8/4/2004 09:08:04 48640 bytes
mspclock.sys: 5.03.2600.2180 English Final Retail 8/4/2004 08:58:40 5376 bytes
mspqm.sys: 5.01.2600.2180 English Final Retail 8/4/2004 08:58:42 4992 bytes
mskssrv.sys: 5.03.2600.2180 English Final Retail 8/4/2004 08:58:42 7552 bytes
swenum.sys: 5.03.2600.2180 English Final Retail 8/10/2004 22:00:00 4352 bytes
mpeg2data.ax: 6.05.2700.2230 English Final Retail 9/28/2004 11:54:48 62976 bytes
msvidctl.dll: 6.05.2700.2230 English Final Retail 9/28/2004 11:54:48 1616384 bytes
vbisurf.ax: 5.03.2600.2180 English Final Retail 8/10/2004 22:00:00 30720 bytes
msyuv.dll: 5.03.2600.2180 English Final Retail 8/10/2004 22:00:00 17408 bytes
wstdecod.dll: 5.03.2600.2180 English Final Retail 8/10/2004 15:00:00 50688 bytes

------------------
DirectShow Filters
------------------

DirectShow Filters:
WMAudio Decoder DMO,0x00800800,1,1,,
WMAPro over S/PDIF DMO,0x00600800,1,1,,
WMSpeech Decoder DMO,0x00600800,1,1,,
WMVideo Advanced Decoder DMO,0x00800001,1,1,,
Mpeg4s Decoder DMO,0x00800001,1,1,,
WMV Screen decoder DMO,0x00800001,1,1,,
WMVideo Decoder DMO,0x00800001,1,1,,
Mpeg43 Decoder DMO,0x00800001,1,1,,
Mpeg4 Decoder DMO,0x00800001,1,1,,
WMT MuxDeMux Filter,0x00200000,0,0,wmm2filt.dll,2.01.4026.0000
InterVideo Video Decoder,0x008f0000,2,4,IVIVIDEO.ax,5.00.0011.0789
Full Screen Renderer,0x00200000,1,0,quartz.dll,6.05.2600.2749
InterVideo Audio Processor,0x00200000,1,1,IviAudioProcess.ax,
WAV Dest Trial,0x00200000,0,0,WavD2Try.dll,1.01.0000.3463
WST Renderer,0x00800000,1,1,WSTRenderer.ax,6.05.2700.2230
DV Muxer,0x00400000,0,0,qdv.dll,6.05.2600.2180
Color Space Converter,0x00400001,1,1,quartz.dll,6.05.2600.2749
WM ASF Reader,0x00400000,0,0,qasf.dll,10.00.0000.3802
HPITFLTR Source,0x00000000,0,0,,
Screen Capture filter,0x00200000,0,1,wmpsrcwp.dll,10.00.0000.3802
AVI Splitter,0x00600000,1,1,quartz.dll,6.05.2600.2749
WMT AudioAnalyzer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
VGA 16 Color Ditherer,0x00400000,1,1,quartz.dll,6.05.2600.2749
Sonic Audio Depth Converter (Symphony),0x00200000,1,1,AudioDepthConverterS.ax,5.00.0000.0001
Indeo® video 5.10 Compression Filter,0x00200000,1,1,ir50_32.dll,5.2562.0015.0055
Windows Media Audio Decoder,0x00800001,1,1,msadds32.ax,8.00.0000.4487
Photo Story 2 Trial Source Filter,0x00200000,0,1,PSSF2Try.dll,1.01.0000.3463
Sonic DirectShow Tap,0x00200000,1,1,DirectShowTap.ax,5.00.0000.0001
AC3 Parser Filter,0x00600000,1,1,mpg2splt.ax,6.05.2700.2230
MainConcept MPEG Splitter,0x005ffffe,1,2,mcspmpeg.ax,1.00.0000.0058
MainConcept MPEG Audio Decoder,0x00600000,1,1,mcdsmpeg.ax,1.00.0000.0063
MainConcept MPEG Video Decoder,0x00600000,1,1,mcdsmpeg.ax,1.00.0000.0063
WMT Format Conversion,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
StreamBufferSink,0x00200000,0,0,sbe.dll,6.05.2700.2230
WMT Black Frame Generator,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
HP Frame Grabber Filter,0x00200000,1,1,hpqdsftr.ax,53.00.0013.0000
MJPEG Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.2749
Indeo® video 5.10 Decompression Filter,0x00640000,1,1,ir50_32.dll,5.2562.0015.0055
WMT Screen Capture filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
Microsoft Screen Video Decompressor,0x00800000,1,1,msscds32.ax,8.00.0000.4487
MPEG-I Stream Splitter,0x00600000,1,2,quartz.dll,6.05.2600.2749
SAMI (CC) Parser,0x00400000,1,1,quartz.dll,6.05.2600.2749
VBI Codec,0x00600000,1,4,VBICodec.ax,6.05.2700.2180
MPEG Layer-3 Decoder,0x00810000,1,1,l3codecx.ax,1.05.0000.0050
MPEG-2 Splitter,0x005fffff,1,0,mpg2splt.ax,6.05.2700.2230
Sonic MPEG Audio Decoder,0x00200000,1,1,SonicMPEGAudio.DLL,2.05.0004.1403
muvee HXImage Filter,0x00200000,1,1,HXImageFilter.ax,4.00.0025.0000
ACELP.net Sipro Lab Audio Decoder,0x00800001,1,1,acelpdec.ax,1.04.0000.0000
RTStreamSink,0x00200000,1,0,RTStreamSink.ax,5.00.0000.0001
HP MPEG-1 Encoder,0x00200000,3,3,hpqdsftr.ax,53.00.0013.0000
Internal Script Command Renderer,0x00800001,1,0,quartz.dll,6.05.2600.2749
MPEG Audio Decoder,0x03680001,1,1,quartz.dll,6.05.2600.2749
File Source (Netshow URL),0x00400000,0,1,wmpasf.dll,10.00.0000.3802
WMT Import Filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
DV Splitter,0x00600000,1,2,qdv.dll,6.05.2600.2180
Bitmap Generate,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Windows Media Video Decoder,0x00800000,1,1,wmvds32.ax,8.00.0000.4487
Sonic RTStreamSink (Symphony),0x00200000,1,0,RTStreamSinkS.ax,5.00.0000.0001
Video Mixing Renderer 9,0x00200000,1,0,quartz.dll,6.05.2600.2749
Windows Media Video Decoder,0x00800000,1,1,wmv8ds32.ax,8.00.0000.4000
WMT VIH2 Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Record Queue,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Windows Media Multiplexer,0x00600000,1,1,wmpasf.dll,10.00.0000.3802
ASX file Parser,0x00600000,1,1,wmpasf.dll,10.00.0000.3802
ASX v.2 file Parser,0x00600000,1,0,wmpasf.dll,10.00.0000.3802
NSC file Parser,0x00600000,1,1,wmpasf.dll,10.00.0000.3802
ACM Wrapper,0x00600000,1,1,quartz.dll,6.05.2600.2749
Windows Media source filter,0x00600000,0,2,wmpasf.dll,10.00.0000.3802
Video Renderer,0x00800001,1,0,quartz.dll,6.05.2600.2749
Frame Eater,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
MPEG-2 Video Stream Analyzer,0x00200000,0,0,sbe.dll,6.05.2700.2230
Sonic Audio Depth Converter,0x00200000,1,1,AudioDepthConverter.ax,1.00.0000.0000
Line 21 Decoder,0x00600000,1,1,qdvd.dll,6.05.2600.2180
Video Port Manager,0x00600000,2,1,quartz.dll,6.05.2600.2749
WST Decoder,0x00600000,1,1,wstdecod.dll,5.03.2600.2180
Video Renderer,0x00400000,1,0,quartz.dll,6.05.2600.2749
Sonic MPEG Non-Pro Audio Decoder (Symphony),0x00200000,1,1,SonicMPEGAudioS.DLL,2.05.0004.1403
QuickTimeRenderer Filter,0x00200000,1,0,QuickTimeRenderer.ax,8.01.0000.0000
DivX Decoder Filter,0xff800000,1,1,divxdec.ax,6.05.0001.0000
LEAD MCMP/MJPEG Codec,0x00000000,0,0,,
LEAD MCMP/MJPEG Decoder,0x00000000,0,0,,
WM ASF Writer,0x00400000,0,0,qasf.dll,10.00.0000.3802
InterVideo Audio Decoder,0x008f0000,1,1,iviaudio.ax,5.00.0011.0789
CBVA Filter,0x00200000,1,1,CBVAFilter.dll,5.01.2700.2180
WMT Sample Information Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
VBI Surface Allocator,0x00600000,1,1,vbisurf.ax,5.03.2600.2180
Microsoft MPEG-4 Video Decompressor,0x00800000,1,1,mpg4ds32.ax,8.00.0000.4487
DivX Demux,0x00600000,1,0,DivXMedia.ax,0.00.0000.0028
File writer,0x00200000,1,0,qcap.dll,6.05.2600.2180
Sonic MPEG Video Decoder (Symphony),0x00200000,2,1,SonicMPEGVideoS.DLL,2.05.0004.1041
WMT Log Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WMT Virtual Renderer,0x00200000,1,0,wmm2filt.dll,2.01.4026.0000
Sonic MPEG Video Decoder,0x00200000,2,1,SonicMPEGVideo.DLL,2.05.0004.1041
DVD Navigator,0x00200000,0,2,qdvd.dll,6.05.2600.2180
Overlay Mixer2,0x00400000,1,1,qdvd.dll,6.05.2600.2180
Tivo DirectShow Source Filter,0x00400000,0,1,TiVoDirectShowFilter.dll,1.00.0017.6289
AVI Draw,0x00600064,9,1,quartz.dll,6.05.2600.2749
.RAM file Parser,0x00600000,1,0,wmpasf.dll,10.00.0000.3802
muvee Video Analyser,0x00200000,1,0,mvvanalyse.ax,4.00.0013.0000
muvee Music Analyser,0x00200000,1,0,mvmanalyse.ax,4.00.0013.0000
InterVideo Navigator,0x00190000,0,3,Ivinav.ax,5.00.0011.0789
WST Pager,0x00800000,1,1,WSTPager.ax,6.05.2700.2180
WMT DirectX Transform Wrapper,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
G.711 Codec,0x00200000,1,1,g711codc.ax,5.01.2600.0000
MPEG-2 Demultiplexer,0x00600000,1,1,mpg2splt.ax,6.05.2700.2230
DV Video Decoder,0x00800000,1,1,qdv.dll,6.05.2600.2180
Indeo® audio software,0x00500000,1,1,iac25_32.ax,2.00.0005.0053
Windows Media Update Filter,0x00400000,1,0,wmpasf.dll,10.00.0000.3802
ASF DIB Handler,0x00600000,1,1,wmpasf.dll,10.00.0000.3802
ASF ACM Handler,0x00600000,1,1,wmpasf.dll,10.00.0000.3802
ASF ICM Handler,0x00600000,1,1,wmpasf.dll,10.00.0000.3802
ASF URL Handler,0x00600000,1,1,wmpasf.dll,10.00.0000.3802
ASF JPEG Handler,0x00600000,1,1,wmpasf.dll,10.00.0000.3802
ASF DJPEG Handler,0x00600000,1,1,wmpasf.dll,10.00.0000.3802
ASF embedded stuff Handler,0x00600000,1,1,wmpasf.dll,10.00.0000.3802
DivX Subtitle Decoder,0x00600000,1,1,DivXMedia.ax,0.00.0000.0028
9x8Resize,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WIA Stream Snapshot Filter,0x00200000,1,1,wiasf.ax,1.00.0000.0000
QuickTime Source Filter,0x00200000,0,1,QuickTimeSource.dll,4.00.0025.0000
Allocator Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
SampleGrabber,0x00200000,1,1,qedit.dll,6.05.2600.2180
Null Renderer,0x00200000,1,0,qedit.dll,6.05.2600.2180
WMT Virtual Source,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
MPEG-2 Sections and Tables,0x005fffff,1,0,Mpeg2Data.ax,6.05.2700.2230
WMT Interlacer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
StreamBufferSource,0x00200000,0,0,sbe.dll,6.05.2700.2230
Smart Tee,0x00200000,1,2,qcap.dll,6.05.2600.2180
Overlay Mixer,0x00200000,0,0,qdvd.dll,6.05.2600.2180
RealPlayer Audio Filter,0x00200000,1,1,rdsf3260.dll,6.00.0012.1442
AVI Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.2749
Uncompressed Domain Shot Detection Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
AVI/WAV File Source,0x00400000,0,2,quartz.dll,6.05.2600.2749
QuickTime Movie Parser,0x00600000,1,1,quartz.dll,6.05.2600.2749
Wave Parser,0x00400000,1,1,quartz.dll,6.05.2600.2749
MIDI Parser,0x00400000,1,1,quartz.dll,6.05.2600.2749
Multi-file Parser,0x00400000,1,1,quartz.dll,6.05.2600.2749
File stream renderer,0x00400000,1,1,quartz.dll,6.05.2600.2749
XML Playlist,0x00400000,1,0,wmpasf.dll,10.00.0000.3802
Sonic Cinemaster MPEG Splitter (Symphony),0x00200000,1,2,SonicMPEGSplitterS.dll,1.00.0000.0103
DirectShow Tap (Symphony),0x00200000,1,1,DirectShowTapS.ax,5.00.0000.0001
Sonic MPEG Splitter,0x00200000,1,2,SonicMPEGSplitter.dll,1.00.0000.0106
AVI Mux,0x00200000,1,0,qcap.dll,6.05.2600.2180
Line 21 Decoder 2,0x00600002,1,1,quartz.dll,6.05.2600.2749
File Source (Async.),0x00400000,0,1,quartz.dll,6.05.2600.2749
File Source (URL),0x00400000,0,1,quartz.dll,6.05.2600.2749
WMT DV Extract,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
HP Rotate Filter,0x00200000,1,1,hpqdsftr.ax,53.00.0013.0000
QuickTime Encoder,0x00200000,1,0,QuickTimeSink.ax,4.00.0025.0000
WMT Switch Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WMT Volume,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
HP Resize Filter,0x00200000,1,1,hpqdsftr.ax,53.00.0013.0000
Stretch Video,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Infinite Pin Tee Filter,0x00200000,1,1,qcap.dll,6.05.2600.2180
QT Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.2749
MPEG Video Decoder,0x40000001,1,1,quartz.dll,6.05.2600.2749
Indeo® video 4.4 Decompression Filter,0x00640000,1,1,ir41_32.ax,4.51.0016.0003
Indeo® video 4.4 Compression Filter,0x00200000,1,1,ir41_32.ax,4.51.0016.0003

WDM Streaming Data Transforms:
Microsoft Kernel Acoustic Echo Canceller,0x00000000,0,0,,
Microsoft Kernel GS Wavetable Synthesizer,0x00200000,1,1,,5.03.2600.2180
Microsoft Kernel DLS Synthesizer,0x00200000,1,1,,5.03.2600.2180
Microsoft Kernel DRM Audio Descrambler,0x00200000,1,1,,5.03.2600.2180

Video Compressors:
MSScreen encoder DMO,0x00600800,1,1,,
WMVideo9 Encoder DMO,0x00600800,1,1,,
WMVideo Advanced Encoder DMO,0x00600800,1,1,,
MSScreen 9 encoder DMO,0x00600800,1,1,,
DV Video Encoder,0x00200000,0,0,qdv.dll,6.05.2600.2180
Indeo® video 5.10 Compression Filter,0x00100000,1,1,ir50_32.dll,5.2562.0015.0055
LEAD MCMP/MJPEG Codec,0x00000000,0,0,,
MJPEG Compressor,0x00200000,0,0,quartz.dll,6.05.2600.2749
Cinepak Codec by Radius,0x00200000,1,1,qcap.dll,6.05.2600.2180
DivX® 6.5.1 Codec (1 Logical CPU),0x00200000,1,1,qcap.dll,6.05.2600.2180
Intel 4:2:0 Video V2.50,0x00200000,1,1,qcap.dll,6.05.2600.2180
Intel Indeo® Video R3.2,0x00200000,1,1,qcap.dll,6.05.2600.2180
Intel Indeo® Video 4.5,0x00200000,1,1,qcap.dll,6.05.2600.2180
Indeo® video 5.10,0x00200000,1,1,qcap.dll,6.05.2600.2180
Intel IYUV codec,0x00200000,1,1,qcap.dll,6.05.2600.2180
LEAD MCMP/MJPEG Codec (VFW),0x00200000,1,1,qcap.dll,6.05.2600.2180
Microsoft H.261 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.2180
Microsoft H.263 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.2180
Microsoft RLE,0x00200000,1,1,qcap.dll,6.05.2600.2180
Microsoft Video 1,0x00200000,1,1,qcap.dll,6.05.2600.2180
DivX® 6.5.1 YV12 Decoder,0x00200000,1,1,qcap.dll,6.05.2600.2180

Audio Compressors:
WM Speech Encoder DMO,0x00600800,1,1,,
WMAudio Encoder DMO,0x00600800,1,1,,
IAC2,0x00200000,1,1,quartz.dll,6.05.2600.2749
IMA ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.2749
PCM,0x00200000,1,1,quartz.dll,6.05.2600.2749
Microsoft ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.2749
ACELP.net,0x00200000,1,1,quartz.dll,6.05.2600.2749
DSP Group TrueSpeech™,0x00200000,1,1,quartz.dll,6.05.2600.2749
Windows Media Audio V1,0x00200000,1,1,quartz.dll,6.05.2600.2749
Windows Media Audio V2,0x00200000,1,1,quartz.dll,6.05.2600.2749
GSM 6.10,0x00200000,1,1,quartz.dll,6.05.2600.2749
Microsoft G.723.1,0x00200000,1,1,quartz.dll,6.05.2600.2749
CCITT A-Law,0x00200000,1,1,quartz.dll,6.05.2600.2749
CCITT u-Law,0x00200000,1,1,quartz.dll,6.05.2600.2749
MPEG Layer-3,0x00200000,1,1,quartz.dll,6.05.2600.2749

Audio Capture Sources:
Realtek AC97 Audio,0x00200000,0,0,qcap.dll,6.05.2600.2180

Midi Renderers:
Default MidiOut Device,0x00800000,1,0,quartz.dll,6.05.2600.2749
Microsoft GS Wavetable SW Synth,0x00200000,1,0,quartz.dll,6.05.2600.2749

WDM Streaming Capture Devices:
Realtek AC97 Audio,0x00200000,3,3,,5.03.2600.2180

WDM Streaming Rendering Devices:
Realtek AC97 Audio,0x00200000,3,3,,5.03.2600.2180

Multi-Instance Capable VBI Codecs:
VBI Codec,0x00600000,1,4,VBICodec.ax,6.05.2700.2180

BDA Transport Information Renderers:
MPEG-2 Sections and Tables,0x00600000,1,0,Mpeg2Data.ax,6.05.2700.2230

WDM Streaming Mixer Devices:
Microsoft Kernel Wave Audio Mixer,0x00000000,0,0,,

BDA CP/CA Filters:
Decrypt/Tag,0x00600000,1,0,encdec.dll,6.05.2700.2230
Encrypt/Tag,0x00200000,0,0,encdec.dll,6.05.2700.2230
XDS Codec,0x00200000,0,0,encdec.dll,6.05.2700.2230

Audio Renderers:
Realtek AC97 Audio,0x00200000,1,0,quartz.dll,6.05.2600.2749
Default DirectSound Device,0x00800000,1,0,quartz.dll,6.05.2600.2749
Default WaveOut Device,0x00200000,1,0,quartz.dll,6.05.2600.2749
DirectSound: Realtek AC97 Audio,0x00200000,1,0,quartz.dll,6.05.2600.2749

WDM Streaming System Devices:
Realtek AC97 Audio,0x00200000,16,2,,5.03.2600.2180

*************************************************************************************************

StartupList report, 5/28/2007, 9:17:17 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Brian.FIRST\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16441)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\Brian.FIRST\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ehTray = C:\WINDOWS\ehome\ehtray.exe
HPBootOp = "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
PCDrProfiler =
LSBWatcher = c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
HPHUPD08 = c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
HP Software Update = C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
ISUSPM Startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
Picasa Media Detector = C:\Program Files\Picasa2\PicasaMediaDetector.exe
PDUiP6600DMon = C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
sound64 = msag.exe
ms-its = MONITER.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
vptray = C:\PROGRA~1\SYMANT~1\VPTray.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
FreeRAM XP = "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
321102 = lpt.exe
ms-its = ___.exe
Preliminary = xwiz.exe
swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\AutoCADScriptFile\shell\open\command

(Default) = "C:\WINDOWS\system32\notepad.exe" "%1"

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\wpgldfsh.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - c:\program files\google\googletoolbar3.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

McAfee.com Scan for Viruses - My Computer (FIRST-Brian).job

--------------------------------------------------

Enumerating Download Program Files:

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft....k/?LinkID=39204

[.print Client RDP Webinstall]
InProcServer32 = C:\WINDOWS\DOWNLO~1\TPWebRDP.ocx
CODEBASE = https://eastowa.dcma...sh/TPRDPenN.cab

[{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}]
CODEBASE = http://download.mcaf...01/mcinsctl.cab

[Microsoft RDP Client Control (redist)]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\msrdp.ocx
CODEBASE = https://eastowa.dcma.../EAST/msrdp.cab

[SlimClient Class]
InProcServer32 = C:\Program Files\CheckPoint\SSL Network Extender\extender.dll
CODEBASE = https://vpn3.dcma.mil/extender.cab

[{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}]
CODEBASE = http://download.mcaf...,26/mcgdmgr.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://fpdownload.ma...ent/swflash.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\BRIAN~1.FIR\LOCALS~1\Temp\GLB1A2B.EXE|||L

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 8,074 bytes
Report generated in 0.031 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

**********************************************************************************************

Logfile of HijackThis v1.99.1
Scan saved at 9:08:24 AM, on 5/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\BRIAN~1.FIR\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://billsdaily.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {025A8CAC-82E3-94FA-28D2-DCC6A9B8A410} - DCC_send.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [sound64] msag.exe
O4 - HKLM\..\Run: [ms-its] MONITER.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [321102] lpt.exe
O4 - HKCU\..\Run: [ms-its] ___.exe
O4 - HKCU\..\Run: [Preliminary] xwiz.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {42D683F7-9C1B-11D7-A860-005056C00001} (.print Client RDP Webinstall) - https://eastowa.dcma...sh/TPRDPenN.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://eastowa.dcma.../EAST/msrdp.cab
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://vpn3.dcma.mil/extender.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24C35E9D-43DE-47B3-8C8D-C6AC403DF807}: NameServer = 85.255.115.50,85.255.112.65
O17 - HKLM\System\CCS\Services\Tcpip\..\{85A97D2F-744D-4A80-8BA1-D27DED4E4460}: NameServer = 85.255.115.50,85.255.112.65
O17 - HKLM\System\CCS\Services\Tcpip\..\{A83F88BF-698A-493E-8189-0426C28F2D63}: NameServer = 85.255.115.50,85.255.112.65
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8AEAE9E-28D4-4757-8126-6E455A1D3659}: NameServer = 85.255.115.50,85.255.112.65
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{24C35E9D-43DE-47B3-8C8D-C6AC403DF807}: NameServer = 85.255.115.50,85.255.112.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.65
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Regards,
Brian

Advertisements

Register to Remove

#2 Susan528

SuperMember

Authentic Member
3,194 posts

Posted 28 May 2007 - 06:02 PM

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.sub.../Fixwareout.exe
http://www.bleepingc.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

At the end of the fix, you may need to restart your computer again.

please post (reply) with the contents of the logfile C:\fixwareout\report.txt
=======================
If you want to skip this step then go to Deckards System Scanner until you find out-we can come back to this.
CAUTION!: It is possible that your Internet Service Provider requires specific settings here. Make sure you know if you need specific DNS settings here or not before you proceed to make the following changes or you may lose your internet connection. If you are sure you do not need a specific DNS address here, you may proceed.

Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be available on some systems
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)

======
Deckard’s System Scanner

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

Be sure you posted the C:\fixwareout\report.txt and the results from DSS please.

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#3 cockeysvillekid

New Member

New Member
6 posts

Posted 01 June 2007 - 11:27 PM

Here is the Fixwareout report.... I will now do the Deckards

Fixwareout Last edited 5/15/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdejb.exe"

»»»»»

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "xedocne" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "repiwoh" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23plhps" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "mgcppp" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "tesvaf" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "32refaselif" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "kshmd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}804836244BE4-3EB8-EE04-7D3B-A4B37E05{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}4409EEDE9B6B-B2B9-52A4-2810-7C7F4077{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "qsomd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "xedocne" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "gib_ogol" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "repiwoh" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "llun" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23plhps" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "mgcppp" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "tesvaf" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "32refaselif" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "0mdm" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1mdm" Deleted
....
»»»»» Misc files.
C:\Documents and Settings\All Users\Favorites\Download Free Spyware Remover.url Deleted
C:\Documents and Settings\All Users\Favorites\NEW VIAGRA at Half Price!.url Deleted
C:\Documents and Settings\All Users\Favorites\Online Chat With Nude Girls.url Deleted
C:\Documents and Settings\All Users\Favorites\Order CIALIS online without leaving home..url Deleted
C:\Documents and Settings\All Users\Favorites\PC protection in under 2 minutes!.url Deleted
C:\Documents and Settings\All Users\Favorites\SEX Dating - Real Girls For Real SEX.url Deleted
C:\Documents and Settings\All Users\Favorites\Stop PopUps On Your Computer.url Deleted
C:\Documents and Settings\All Users\Favorites\VIAGRA at incredible low price. Bonus Pills!.url Deleted
C:\Documents and Settings\All Users\Favorites\View ADULT photos of REAL GIRLS!.url Deleted
C:\WINDOWS\BALLOON.WAV Deleted
C:\WINDOWS\Help\SPAlert.chm Deleted
C:\WINDOWS\RDT.INI Deleted
C:\Documents and Settings\All Users\Favorites\Online Pharmacy Deleted
C:\Documents and Settings\All Users\Favorites\Sex and Dating Deleted
C:\Documents and Settings\All Users\Favorites\Spyware Uninstall Deleted
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

Click browse, find the file then click submit.
http://www.virustota...h/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other
C:\WINDOWS\Temp\kdejb.ren 63458 08/10/2004

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"PCDrProfiler"=""
"HPHUPD08"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\issch.exe\" -start"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"PDUiP6600DMon"="C:\\Program Files\\Canon\\Memory Card Utility\\iP6600D\\PDUiP6600DMon.exe"
"sound64"="msag.exe"
"ms-its"="MONITER.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"321102"="lpt.exe"
"ms-its"="___.exe"
"Preliminary"="xwiz.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

#4 cockeysvillekid

New Member

New Member
6 posts

Posted 01 June 2007 - 11:36 PM

here is the Deckards main.txt

Deckard's System Scanner v20070426.43
Run by Brian on 2007-06-02 at 01:27:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
25: 2007-06-02 05:27:50 UTC - RP150 - Deckard's System Scanner Restore Point
24: 2007-06-02 03:55:22 UTC - RP149 - System Checkpoint
23: 2007-05-28 19:59:34 UTC - RP148 - Installed K-Lite Codec Pack
22: 2007-05-28 14:33:59 UTC - RP147 - System Checkpoint
21: 2007-05-22 22:31:46 UTC - RP146 - Software Distribution Service 3.0

-- First Restore Point --
1: 2007-03-03 19:29:20 UTC - RP126 - Software Distribution Service 2.0

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Brian.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:30:00 AM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Brian.FIRST\Desktop\Deckards System Scanner.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
C:\WINDOWS\system32\msiexec.exe
C:\DOCUME~1\BRIAN~1.FIR\Desktop\Brian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://billsdaily.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {025A8CAC-82E3-94FA-28D2-DCC6A9B8A410} - DCC_send.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [sound64] msag.exe
O4 - HKLM\..\Run: [ms-its] MONITER.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [321102] lpt.exe
O4 - HKCU\..\Run: [ms-its] ___.exe
O4 - HKCU\..\Run: [Preliminary] xwiz.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {42D683F7-9C1B-11D7-A860-005056C00001} (.print Client RDP Webinstall) - https://eastowa.dcma...sh/TPRDPenN.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://eastowa.dcma.../EAST/msrdp.cab
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://vpn3.dcma.mil/extender.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; Bo Brantén; filedisk>

S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 cpextender (Check Point SSL Network Extender) - c:\program files\checkpoint\ssl network extender\slimsvc.exe <Not Verified; Check Point Software Technologies; slim>

S0 Pml Driver HPZ12 - \systemroot\c:\windows\system32\hpzipm12.exe (file missing)

-- Scheduled Tasks -------------------------------------------------------------

2007-04-07 05:00:00 414 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (FIRST-Brian).job

-- Files created between 2007-05-02 and 2007-06-02 -----------------------------

2007-06-02 01:17:48 9336 --a------ C:\dnsbak.reg
2007-05-28 15:59:35 593920 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-05-28 15:59:34 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-05-28 15:41:45 0 d-------- C:\Documents and Settings\Brian.FIRST\Application Data\DivX
2007-05-08 18:24:43 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

-- Find3M Report ---------------------------------------------------------------

2007-06-02 01:19:59 0 d-------- C:\Program Files\Symantec AntiVirus
2007-05-28 09:06:25 212849 --a------ C:\Program Files\hijackthis.zip
2007-04-26 18:54:24 0 d-------- C:\Documents and Settings\Brian.FIRST\Application Data\Lavasoft
2007-04-26 18:54:06 0 d-------- C:\Program Files\Lavasoft
2007-04-26 18:53:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-07 00:00:54 0 d-------- C:\Program Files\Common Files\Remote Control Software Shared
2007-04-06 23:55:28 0 d-------- C:\Program Files\Logitech
2007-04-06 23:55:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-03-21 19:56:08 5454 --a------ C:\Documents and Settings\Brian.FIRST\Application Data\.googlewebacchosts
2007-03-12 00:32:38 2397 --a------ C:\WINDOWS\mozver.dat

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"PCDrProfiler"=""
"HPHUPD08"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\issch.exe\" -start"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"PDUiP6600DMon"="C:\\Program Files\\Canon\\Memory Card Utility\\iP6600D\\PDUiP6600DMon.exe"
"sound64"="msag.exe"
"ms-its"="MONITER.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"FreeRAM XP"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"321102"="lpt.exe"
"ms-its"="___.exe"
"Preliminary"="xwiz.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
Source REG_SZ http://www.mapquest....-01638-8ac10c40

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\
Notification Packages REG_MULTI_SZ scecli\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"hkey"="HKCU"
"inimapping"="0"
"item"="CTFMON.EXE"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"command"="C:\\Program Files\\HP\\HP Software Update\\HPwuSchd2.exe"
"hkey"="HKLM"
"inimapping"="0"
"item"="HP Software Update"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
"command"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"hkey"="HKLM"
"inimapping"="0"
"item"="LSBWatcher"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"hkey"="HKLM"
"inimapping"="0"
"item"="NvCplDaemon"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"command"="nwiz.exe /install"
"hkey"="HKLM"
"inimapping"="0"
"item"="nwiz"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"hkey"="HKCU"
"inimapping"="0"
"item"="swg"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\

-- End of Deckard's System Scanner: finished at 2007-06-02 at 01:31:12 ---------

#5 cockeysvillekid

New Member

New Member
6 posts

Posted 01 June 2007 - 11:37 PM

here is the Deckards extra.txt

Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3700+
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1022.48 MiB / 561.29 MiB
Pagefile Memory (total/avail): 2362.44 MiB / 2057.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1973.29 MiB

C: is Fixed (NTFS) - 178.3 GiB total, 157.12 GiB free.
D: is Fixed (FAT32) - 8 GiB total, 0.88 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Symantec AntiVirus Corporate Edition v10.0.2.2000 (Symantec Corporation)

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Brian.FIRST\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FIRST
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Brian.FIRST
LOGONSERVER=\\FIRST
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\Common Files\Autodesk Shared\;;C:\PROGRA~1\COMMON~1\MUVEET~130625;C:\PROGRA~1\COMMON~1\MUVEET~130625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2701
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\BRIAN~1.FIR\LOCALS~1\Temp
TMP=C:\DOCUME~1\BRIAN~1.FIR\LOCALS~1\Temp
USERDOMAIN=FIRST
USERNAME=Brian
USERPROFILE=C:\Documents and Settings\Brian.FIRST
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

HP_Administrator (admin)
Donna.FIRST.000 (admin)
Brian.FIRST (admin)
Administrator (admin)
Guest (guest)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AutoCAD 2006 - English --> MsiExec.exe /I{5783F2D7-4001-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Barnyard Invasion from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games49D60AF-B425-4F8A-BD66-9D8C1B519D59\Uninstall.exe"
Battlefield 2™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Bejeweled 2 Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\47D5A62B-1B41-4DB1-8267-ADA434FA782B\Uninstall.exe"
Big Kahuna Reef from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D77E8A46-BEB4-49ED-B2D3-B77180169FA3\Uninstall.exe"
Blackhawk Striker 2 from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\758619C0-7C97-42BB-B1E9-775F72FDAD1E\Uninstall.exe"
Blasterball 2 from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79\Uninstall.exe"
Blasterball 2 Holidays from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\1B497FAA-E53E-420D-8408-FFDD3278CD50\Uninstall.exe"
Boggle Supreme from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\90EA5584-4290-407B-B8F2-D6E6D65A4796\Uninstall.exe"
Bookworm Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E59F75D0-A38B-40F4-ABA2-CA35A7735473\Uninstall.exe"
Bounce Symphony from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5DAA9E44-1B31-41CD-88A8-228EDED6E36E\Uninstall.exe"
CadStd --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Apperson\CadStd\DeIsL1.isu" -c"C:\Program Files\Apperson\CadStd\_ISREG32.DLL"
Canon iP6600D --> C:\WINDOWS\system32\CNMCP7D.exe "-PRINTERNAMECanon iP6600D" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP6600D Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
Canon iP6600D Memory Card Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86D28491-78AB-445C-A507-6F3FA81D7611}\setup.exe" /PDUUninstall
Canon PhotoRecord --> MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Check Point SSL Network Extender --> MsiExec.exe /X{2f402236-95a9-4a0f-8de5-12789d58bc54}
Crystal Maze from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3D61540E-C88C-4358-B6A1-DC26648F2A3D\Uninstall.exe"
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -IAsu200Ck.inf
Digby's Donuts from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\A51671BD-9BE5-4944-AC62-A2A0B6FF5E54\Uninstall.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
eGames GameButler --> C:\PROGRA~1\eGames\GAMEBU~1\UNWISE.EXE C:\PROGRA~1\eGames\GAMEBU~1\INSTALL.LOG
FATE Demo from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B68BB501-10CD-46E2-BB45-075A2ABFD242\Uninstall.exe"
Flip Words from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\1280194E-E9D5-4253-95E7-40169E2A4848\Uninstall.exe"
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google SketchUp --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1423608-F529-40A1-93CA-C7F396F30DF0}\setup.exe" -l0x9
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Guild Wars --> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 1.99.1 --> C:\DOCUME~1\BRIAN~1.FIR\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe /uninstall
HP Boot Optimizer --> MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive --> MsiExec.exe /I{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Game Console and games --> C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone for Media Center PC --> MsiExec.exe /X{8D0C57BC-4942-4960-BB6D-142456D6F233}
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Multimedia Keyboard Software --> C:\HP\KBD\KBD.EXE uninstalled
HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 5.0 --> C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Tunes --> MsiExec.exe /X{3076D235-59F2-448E-889F-D04F985B4CF1}
Insaniquarium Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\A09026AE-8F16-4929-B4E6-1825535844DB\Uninstall.exe"
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Jewel Quest from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\A73FAC36-8925-465D-8FA2-4DA98BD9B441\Uninstall.exe"
K-Lite Codec Pack 3.1.0 Basic --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Harmony Remote Software 7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe" -l0x9 -removeonly
Mah Jong Quest from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\538B9061-0C77-4FB2-903F-EC42A1FF5DD8\Uninstall.exe"
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE --> MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mini Golf Master 2 --> C:\PROGRA~1\eGames\MINIGO~1\UNWISE.EXE C:\PROGRA~1\eGames\MINIGO~1\INSTALL.LOG
Mozilla Firefox (1.5) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5 (en-US)"
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
muvee autoProducer 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C3D719A-92C7-4323-89CC-C937D0267B84}\setup.exe" -l0x9
muvee autoProducer unPlugged 1.1 - HPD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1931B3A-29E9-4F91-9B61-BE2CF05E84F1}\setup.exe" -l0x9
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Office 2003 Tour --> MsiExec.exe /I{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
PC-Doctor 5 for Windows --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{AB61A692-5543-4C48-979B-8CEA1C52FE9C} /l1033
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Poker Master --> C:\PROGRA~1\eGames\POKERM~1\UNWISE.EXE C:\PROGRA~1\eGames\POKERM~1\INSTALL.LOG
Polar Bowler from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\1FFA88DF-0AC3-4D9E-9139-5FF98813C12C\Uninstall.exe"
Polar Golfer from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\55275778-F7D9-4BA0-95F4-DEFD71ADDFD9\Uninstall.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Puzzle Express from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games814ADC6-5B36-4144-A8EA-439C36B1BB11\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Ricochet Lost Worlds from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\GamesAA27562-3C4E-4860-8742-7ADEBE2EFC43\Uninstall.exe"
SCRABBLE Blast from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\2BA80327-9385-4EC8-9796-47C49BD73352\Uninstall.exe"
SCRABBLE from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B7217206-A362-446B-A0F7-A2622B82F821\Uninstall.exe"
SCRABBLE Rack Attack from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\EC03679F-C9F0-46E8-864D-FCCF83F4EB86\Uninstall.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shrek 2 Ogre Bowler from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\581538B9-2ED3-45E2-96CB-22AD8F811D2A\Uninstall.exe"
Slingo Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E\Uninstall.exe"
Slyder from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\600C800C-5985-4E74-AFE7-571001AC3FA4\Uninstall.exe"
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Super Granny from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\GamesC20CAB1-F8BC-4AC1-A796-535B005C1B83\Uninstall.exe"
Swarm from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\133F647D-B454-42BC-ADBE-387482A29B88\Uninstall.exe"
Symantec AntiVirus --> MsiExec.exe /I{46B63F23-2B4A-4525-A827-688026BE5E40}
Tradewinds from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B3FF79F4-CDA8-4845-A7C0-9CE017719F36\Uninstall.exe"
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369) --> C:\WINDOWS\$NtUninstallMC05Upd1$\spuninst\spuninst.exe
Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Windows Vista Upgrade Advisor --> MsiExec.exe /I{B79FBFDD-8B0C-4B8E-B70E-499E39978281}
Windows XP Media Center Edition 2005 KB888316 --> C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB890629 -->
Windows XP Media Center Edition 2005 KB895678 --> C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
WinImage --> "C:\Program Files\WinImage\winimage.exe" /uninstall

-- End of Deckard's System Scanner: finished at 2007-06-02 at 01:31:12 ---------

#6 cockeysvillekid

New Member

New Member
6 posts

Posted 01 June 2007 - 11:47 PM

oh yeah, I also successfully flushed the dns. No plunger needed :rofl:

#7 cockeysvillekid

New Member

New Member
6 posts

Posted 02 June 2007 - 08:52 PM

I now have another problem!! The "Sonic Update Manager" is now constantly popping up asking for some type of install disk. what is that and how do I get rid of it?

#8 Susan528

SuperMember

Authentic Member
3,194 posts

Posted 03 June 2007 - 05:04 AM

Here is an article that may help with the Sonic Update Manager problem.
http://kb.roxio.com/...N?set-locale=en

No Firewall Onboard
Also I do not see a firewall application installed. Perhaps you have a hardware firewall but a combination of both a software firewall and a hardware firewall is better. Just be sure there are no conflicts. Please do not rely solely on the Windows XP firewall. Using a software firewall other than the XP firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice:

Please test your firewall and make sure it is working properly.
Test Firewall

Please perform an online scan with Internet Explorer at
http://www.kaspersky...apter=161739400

* Turn off the real time scanner of any existing antivirus program while performing the online scan
Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  Extended
- Scan Options:
  Scan Archives
  Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Please post (reply) with the results from Kaspersky and another hijackthis log (Use the Brian.exe to run for the hijackthis log). It is located here:
C:\DOCUME~1\BRIAN~1.FIR\Desktop\Brian.exe

#9 Susan528

SuperMember

Authentic Member
3,194 posts

Posted 09 June 2007 - 03:51 AM

Because no reply was made. This topic is now closed. If you wish it reopened, please send us an email
(Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Also follow the recommendations in Tony Klein's article
So how did I get infected in the first place?

Body Background

skin color theme