Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

IE7 slow running [RESOLVED]

Started by michaeldemp , Apr 08 2008 02:19 AM

This topic is locked

#16
sage5

Posted 02 May 2008 - 08:19 PM

RIP 10/2009

Retired Staff
2,646 posts

Hi michaeldemp,

I'm sure we can get that to work, but it will take a bit of doing.
1. Put the SP2 CD in your CD/DVD drive, holding down the Shift key to stop it auto running.
2. Using My Computer, right click on the CD/DVD drive icon and choose Explore. (this stops the CD from running its programs)
3. See if you can locate a file called something like XPSP2.EXE. It will be in the order of 266Mb in size and should be in the root directory of the CD

What we might do here is see if you can find the file, then post me a screen shot of the Explorer window, so I can alter the next instructions to suit.

To take & Upload a Screenshot:

Open the application/window that you wish to capture the information from.
To ensure that you only capture the active window, hold down the Alt key & press the PrtScn (PrintScreen) key
Open MS Paint, or similar image editing application.
Select Edit > Paste from the top toolbar.
Save the file by setting the Save as type: to .GIF and File name: to Screen1
Use the instructions from Here to Upload the image to your Thread

Cheers,

sage5

#17
sage5

Posted 03 May 2008 - 01:31 AM

RIP 10/2009

Retired Staff
2,646 posts

Apologies for double post

Cheers,

sage5

Edited by sage5, 03 May 2008 - 01:34 AM.

#18
michaeldemp

Posted 06 May 2008 - 03:32 AM

Member

Topic Starter
Member
20 posts

I'm really sorry - just not clear what you want me to screen print. I've opened the SP2 contents window (attached). But I am not sure what you need a copy of beyond that - opening the file starts the installation wizard. What am I missing?

Mike

Attached Files

screen1.doc 130.5KB 13 downloads

#19
sage5

Posted 06 May 2008 - 05:05 PM

RIP 10/2009

Retired Staff
2,646 posts

Hi michaeldemp,
That screen shot was perfect. I now know the file name I needed to proceed.

What we are going to do is create a folder, on your hard drive, that will contain all the files necessary to run that scan.

1. Make sure that Hidden files are displayed:
Make sure Windows XP is set to show all files:

Click Start > My Computer.
On the Tools menu, click Folder Options.
On the View tab:
- Uncheck Hide extensions for known file types.
- Uncheck Hide protected operating system files.
- Under Hidden files and folders click Show hidden files and folders.
You will see a warning message, click Yes.
Click Apply.
Click OK.

2. Create new folders:
Go to your C:\ drive and create 2 new folders:
XP
XP_SP2

3. Copy files:
a) Copy all the files from the WinXP SP1 disc to the C:\XP folder.
b) Copy the XPSP2.EXE file from the SP2 disc to the C:\XP_SP2 folder.

4. Extract the SP2 files:
a) Go to Start > Run & type C:\XP_SP2\XPSP2.EXE -x (Note the space between the EXE & the -x)
b) Click OK to allow C:\XP_SP2 as the Directory for Extracted Files. The extraction process might take a minute.

5. Run the Update:
a) Using the Run command, type C:\XP_SP2\i386\Update\Update.exe -s:C:\XP & click OK. (This time there is only the space between the exe & the -s)
This will update all the files to SP2 and leave you with a folder which contains all the files you need to run the System File Checker.

System File Checker:

Go to Start > Run and type sfc /scannow (Note the space between the c & the /)
/scannow starts the System File Checker immediately.
If the scanner calls for the Windows XP CD, use the Browse button to point it to the C:\XP folder
Allow the scan to run and when complete reboot the system.

Let me know if that fixes the startup time for IE7.

Cheers,

sage5

Edited by sage5, 06 May 2008 - 05:05 PM.

#20
michaeldemp

Posted 08 May 2008 - 01:06 PM

Member

Topic Starter
Member
20 posts

Hi. Making progress but I got an error message when I tried to run the update. The message was 'C:\XP_SP2\1386\update refers to a location that is unavailable. It could be on a hard drive on this computer or on a network. Check to make sure the disk is properly inserted...........If it still cannot be located, the information might have been moved to a different location.'

Any advice?

Thanks a million

Mike

#21
sage5

Posted 08 May 2008 - 04:19 PM

RIP 10/2009

Retired Staff
2,646 posts

The message was 'C:\XP_SP2\1386\update refers to a location that is unavailable.

It looks like you may have mistyped the command by typing C:\XP_SP2\1386\Update\Update.exe -s:C:\XP

That needs the be i386 (an i, not a 1)

#22
michaeldemp

Posted 09 May 2008 - 06:48 AM

Member

Topic Starter
Member
20 posts

Yes it was a mis-type, sorry. I've now gone through everything, uninstalled IE7 and re-installed it and it is still slow, I'm afraid. The screen paints more quickly but it takes around the same time for it to connect with the home page.

Have we exhausted the options? Whatever, I am extremely grateful to you for your patience and skill.

Mike

#23
sage5

Posted 10 May 2008 - 07:33 AM

RIP 10/2009

Retired Staff
2,646 posts

At this point we can rule out System errors, so maybe lingering malware, or software conflict

Please download the following & save to your Desktop:
Deckard's System Scanner

Create a Startup list:

Open HiJackThis
Click on the Open Misc Tools Section button.
Make sure that the 2 boxes next to the Generate Startuplist log button are ticked
Now click on the Generate Startuplist log button.
NotePad will open a new window.
Copy and paste the text from the log into your next post.

Run Deckard's System Scanner:

Close all other windows before proceeding.
Double click on the dss.exe file on your Desktop and follow the prompts.
Scans will run, and 2 text files will open in Notepad.
Close both of the text files.

These files are C:\Deckard\System Scanner\main.txt & extra.txt.
I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of

main.txt
extra.txt
Text from the StartUp List, normally in the HijackThis folder (C:\Program Files\Trend Micro\HijackThis)

in your next reply.

Cheers,

sage5

#24
michaeldemp

Posted 15 May 2008 - 10:20 AM

Member

Topic Starter
Member
20 posts

Sorry for the delay. I've been very busy and I'mm off to Romania in the morning. But I'll be able to look at it again on Sunday or Monday, I hope.

The three logs are below.

Mike

MAIN TXT.
Deckard's System Scanner v20071014.68
Run by Michael Dempsey on 2008-05-15 17:05:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
77: 2008-05-15 16:05:28 UTC - RP1156 - Deckard's System Scanner Restore Point
76: 2008-05-14 09:33:33 UTC - RP1155 - Software Distribution Service 3.0
75: 2008-05-11 19:06:24 UTC - RP1154 - Software Distribution Service 3.0
74: 2008-05-11 18:04:18 UTC - RP1153 - System Checkpoint
73: 2008-05-09 16:33:06 UTC - RP1152 - Software Distribution Service 3.0

-- First Restore Point --
1: 2008-02-15 13:09:40 UTC - RP1080 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Michael Dempsey.exe) -------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-15 17:09:36
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Tanagra\Memeo\MemeoService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\EMC\Keyboard Application\1.2\EMCKBAPP.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Tanagra\Memeo\MemeoBackup.exe
C:\Documents and Settings\Michael Dempsey\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\Michael Dempsey.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.2/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar5.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar5.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EMCKEYBOARD] C:\Program Files\EMC\Keyboard Application\1.2\EMCKBAPP.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] wserv32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update] wserv32.exe (User 'Default user')
O4 - Startup: Memeo Launcher.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab53083.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab53083.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab53083.cab
O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://www.crownbar.com/LNetCam.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124285578718
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.fringef...emote/msrdp.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab53083.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab53852.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: Memeo (BMUService) - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\MemeoService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 11924 bytes

-- HijackThis Fixed Entries (C:\Program Files\Trend Micro\HijackThis\backups\) -

backup-20080408-140545-172 O2 - BHO: (no name) - {7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} - (no file)
backup-20080408-140545-952 O4 - HKLM\..\Run: [CARPService] carpserv.exe
backup-20080408-140545-285 O4 - HKLM\..\Run: [Microsoft System Checkup] wnetlogin.exe
backup-20080408-140545-922 O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
backup-20080408-140545-189 O4 - HKLM\..\Run: [Microsoft Update] wserv32.exe
backup-20080408-140545-387 O4 - HKLM\..\Run: [Microsoft-Updates] svxhost.exe
backup-20080408-140545-804 O4 - HKLM\..\RunServices: [Microsoft System Checkup] wnetlogin.exe
backup-20080408-140545-541 O4 - HKLM\..\RunServices: [Microsoft Update] wserv32.exe
backup-20080408-140545-251 O4 - HKLM\..\RunServices: [Microsoft-Updates] svxhost.exe
backup-20080408-140545-681 O4 - HKCU\..\Run: [Microsoft Update] wserv32.exe
backup-20080408-140545-923 O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
backup-20080408-140545-566 O16 - DPF: {92F02779-6D88-4958-8AD3-83C12A16ADC7} -
backup-20080408-140546-292 O16 - DPF: {92F02779-6D88-4958-8AD3-83C12D86ADC7} -
backup-20080408-140546-806 O16 - DPF: {BCF9A64D-1440-4404-863C-F5DF2B99F798} (Catan Online Game) - http://zone.msn.com/...an.cab36900.cab

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 vobcom - c:\windows\system32\drivers\vobcom.sys <Not Verified; VOB Computersysteme GmbH; InstantWrite>
R1 vobiw - c:\windows\system32\drivers\vobiw.sys <Not Verified; VOB Computersysteme GmbH; InstantWrite>
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 cdrdrv - c:\windows\system32\drivers\cdrdrv.sys <Not Verified; VOB Computersysteme GmbH; InstantWrite>

S3 catchme - c:\docume~1\michae~1\locals~1\temp\catchme.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BMUService (Memeo) - "c:\program files\tanagra\memeo\memeoservice.exe" <Not Verified; Tanagra, Inc.; Memeo>

S2 nwclnta (Network Client) -
S3 x10nets (X10 Device Network Service) -

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-04-16 12:51:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-04-15 and 2008-05-15 -----------------------------

2008-05-08 19:34:01 0 d-------- C:\XP_SP2
2008-05-08 19:33:50 0 d-------- C:\XP
2008-04-28 10:16:54 0 d--hs---- C:\FOUND.002
2008-04-16 13:44:52 0 d-------- C:\Program Files\iPod
2008-04-16 13:44:46 0 d-------- C:\Program Files\iTunes

-- Find3M Report ---------------------------------------------------------------

2008-04-10 14:13:04 843 --a------ C:\WINDOWS\system32\InitialServ.bin
2008-04-10 14:01:32 1671341 --a------ C:\Program Files\ComboFix.exe
2008-04-09 11:36:42 3389712 --a------ C:\Program Files\rfasetup.exe <Not Verified; RoseCitySoftware; >
2008-04-08 14:16:02 0 d-------- C:\Documents and Settings\Michael Dempsey\Application Data\Malwarebytes
2008-04-08 14:15:36 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-08 13:51:38 1596094 --a------ C:\Program Files\mbam-setup.exe <Not Verified; Malwarebytes; Malwarebytes' Anti-Malware>
2008-04-08 09:16:08 0 d-------- C:\Program Files\Trend Micro
2008-04-08 08:50:46 12839 --a------ C:\Program Files\hijackthis.log
2008-04-07 14:32:26 0 d-------- C:\Documents and Settings\Michael Dempsey\Application Data\Tanagra
2008-04-07 14:31:56 0 d-------- C:\Program Files\Tanagra
2008-04-02 12:40:24 0 d-------- C:\Program Files\Safari

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [14/08/2003 23:34 C:\WINDOWS\SOUNDMAN.EXE]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [05/05/2003 09:55]
"IW ControlCenter"="C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [12/03/2003 11:56]
"rfagent"="C:\Program Files\RFA\rfagent.exe" [04/12/2007 20:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" [05/03/2007 18:53]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [08/05/2003 11:00]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [09/03/2007 11:09]
"EMCKEYBOARD"="C:\Program Files\EMC\Keyboard Application\1.2\EMCKBAPP.exe" [09/12/2005 14:28]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [02/09/2003 06:46]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"="c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/02/2008 19:57]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Update"=wserv32.exe

C:\Documents and Settings\Michael Dempsey\Start Menu\Programs\Startup\
Memeo Launcher.lnk - C:\Documents and Settings\Michael Dempsey\Application Data\Microsoft\Installer\{78A39E62-605C-4E8E-9674-31E03BEC29B7}\_8F1B0A23F0AC40B99A091F7F3D92B106.exe [07/04/2008 14:32:05]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Dempsey^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SupaDial]
C:\Program Files\SupaDial\SupaDial.exe /A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

-- End of Deckard's System Scanner: finished at 2008-05-15 17:15:55 ------------

EXTRA TXT
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3000+
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1023.48 MiB / 554.15 MiB
Pagefile Memory (total/avail): 2461.34 MiB / 2106.03 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.73 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 183.05 GiB total, 154.03 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Fixed (FAT32) - 74.51 GiB total, 69.42 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD2000LB-00EDA0 - 183.09 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 183.09 GiB - C:

\\.\PHYSICALDRIVE2 - IN-WIN iAPP HS-CF USB Device

\\.\PHYSICALDRIVE3 - IN-WIN iAPP HS-MS USB Device

\\.\PHYSICALDRIVE5 - IN-WIN iAPP HS-SD/MMC USB Device

\\.\PHYSICALDRIVE4 - IN-WIN iAPP HS-SM USB Device

\\.\PHYSICALDRIVE1 - SAMSUNG HM080HC USB Device - 74.53 GiB - 1 partition
\PARTITION0 - Unknown - 74.53 GiB - J:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntivirusOverride is set.

FW: Kaspersky Anti-Virus v6.0.2.678 (Kaspersky Lab)
AV: Kaspersky Anti-Virus v6.0.2.678 (Kaspersky Lab)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Michael Dempsey\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-QH7IWDO9Q1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Michael Dempsey
LOGONSERVER=\\YOUR-QH7IWDO9Q1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 10, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=040a
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp
USERDOMAIN=YOUR-QH7IWDO9Q1
USERNAME=Michael Dempsey
USERPROFILE=C:\Documents and Settings\Michael Dempsey
windir=C:\WINDOWS
__COMPAT_LAYER=DisableNXShowUI

-- User Profiles ---------------------------------------------------------------

Michael Dempsey (admin)
Win Dempsey (admin)
Wendy Dempsey (admin)
Roger Irish (admin)
Steven Dempsey (admin)
Ellie Dempsey (admin)
The Boys (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0CF63063-BD94-4A8B-9966-B6FDC3F55B38}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI DVD Decoder 2.2.0.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{45D228AA-4284-467A-9DB6-942B92BFF656} /l1033
ATI Multimedia Center 8.6.0.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B7DC0CAF-0D27-4ACE-8E34-8594C8D7C1DB} /l1033
ATI Remote Wonder 2.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B9C42916-EE1B-4D35-9829-5E19BD8B692A} /l1033
B630-4 --> C:\WINDOWS\B630-4\UNWISE.EXE C:\WINDOWS\B630-4\INSTALL.LOG
Binatone ADSL500 USB Modem Network Adapter --> "C:\Program Files\Binatone ADSL500 USB Modem\Binatone ADSL500 USB Modem Network\SETUP.EXE" -U -IVID_0509&PID_080F
BUM --> MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
Canon MP Navigator 2.2 --> "C:\Program Files\Canon\MP Navigator 2.2\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.2\uninst.ini
Canon MP530 --> "C:\WINDOWS\system32\CanonMP Uninstaller Information\{3215EBED-1D06-42fb-A05C-A752A46FB24C}\DelDrv.exe" /U:{3215EBED-1D06-42fb-A05C-A752A46FB24C} /L0x0009
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CD-LabelPrint --> "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Dan Elwell's Broadband Speed Test --> "C:\Program Files\Dan Elwell's Broadband Speed Test\unins000.exe"
DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
Dazzle Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC64BC82-1AF0-11D6-830E-0050DABBB449}\setup.exe" -l0x9
DivX Decoder Filter --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log
Dorling Kindersley Application Database v1.4 --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{abe7844e-4d49-4c7e-9d03-7329a6b9feac}.sdb"
Dragon NaturallySpeaking Components --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\SPEECH\DRAGON\Uninst.isu
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
FirstClass® Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\setup.exe" -l0x9 -uninst
Flickr Uploadr 3.0.5 --> "C:\Program Files\Flickr Uploadr\uninstall.exe"
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar5.dll"
Hello (remove only) --> "C:\Program Files\Hello\Uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HydraVision --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Info-ZIP WiZ --> C:\PROGRA~1\WIZ\UNWISE.EXE C:\PROGRA~1\WIZ\INSTALL.LOG
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Anti-Virus 6.0 for Windows Workstations --> MsiExec.exe /I{79B986AD-54D8-4498-AA06-89808829ACC0}
Kaspersky Anti-Virus 6.0 for Windows Workstations --> MsiExec.exe /I{79B986AD-54D8-4498-AA06-89808829ACC0}
Keyboard Application 1.2 --> C:\Program Files\EMC\Keyboard Application\1.2\unins001.EXE
KODAK EASYSHARE Gallery Easy Upload, v2.0 --> C:\Documents and Settings\Michael Dempsey\Local Settings\Application Data\KodakGallery\EasyShareSetup\$SETUP_140007_9a7293\Setup.exe /APR-REMOVE
Macromedia Flash Player --> MsiExec.exe /X{E18B6DCE-AE5A-4E16-AFFA-EB8F3E09FBD6}
Macromedia Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memeo --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{78A39E62-605C-4E8E-9674-31E03BEC29B7}
MGI PhotoSuite SE (Remove Only) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\PhotoSuite SE\Uninst.isu"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office OneNote 2007 --> MsiExec.exe /X{91120000-00A1-0000-0000-0000000FF1CE}
Microsoft Office OneNote 2007 Trial --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ONENOTER /dll OSETUP.DLL
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
OnDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F330A4C0-802E-11D5-8311-0050DABBB21D}\Setup.exe" -L0x0009
OU eTMA File Handler --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\OUeTMAFileHandler\ST6UNST.LOG"
OU eTMA File Handler (C:\Program Files\OUeTMAFileHandler\) --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\OUeTMAFileHandler\ST6UNST.000"
OU eTMA File Handler (C:\Program Files\OUeTMAFileHandler\) #3 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\OUeTMAFileHandler\ST6UNST.001"
OU eTMA File Handler (C:\Program Files\OUeTMAFileHandler\) #4 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\OUeTMAFileHandler\ST6UNST.002"
OU eTMA Monitor File Handler --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\OUeTMAMonitorFileHandler\ST6UNST.LOG"
OU eTMA Monitor File Handler (C:\Program Files\OUeTMAMonitorFileHandler\) --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\OUeTMAMonitorFileHandler\ST6UNST.000"
Pinnacle InstantCD/DVD Suite --> MsiExec.exe /I{A8A7ACEF-A7AF-4129-9BC1-4F33A4C31EEC}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Presto! PageManager 7.15.11 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}\SETUP.EXE" -l0x9 anything
QSR NVivo 2.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\QSR\NVivo\DeIsL1.isu"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Reader Drivers and Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8811C6B-4C6F-11D6-830E-0050DABBB449}\setup.exe" -l0x9
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Registry First Aid --> "C:\Program Files\RFA\unins000.exe"
Route Planner 1.2 --> "C:\Program Files\AA Multimedia\Route Planner\SETUP\setup.exe" /u
Safari --> MsiExec.exe /I{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-00A1-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-00A1-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SupaDial --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\SupaDial\ST6UNST.LOG"
Update for Office 2007 (KB932080) --> msiexec /package {91120000-00A1-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-00A1-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
V92 PCI Voice Faxmodem --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67D8F537-7929-11D6-9D72-0008C7223F91}\Setup.exe" -l0x9
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Webcast --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{200E0DC2-2223-11D6-830E-0050DABBB449}\Setup.exe"
WebUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBAD6496-1968-46F7-A23F-9BE02F85001D}\Setup.exe"
WinAce Archiver --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Companion --> rundll32.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YCOMP5~1.DLL,DllCommand ui

-- Application Event Log -------------------------------------------------------

Event Record #/Type13859 / Error
Event Submitted/Written: 05/13/2008 02:32:37 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application winword.exe, version 9.0.0.2717, faulting module winword.exe, version 9.0.0.2717, fault address 0x000facce.
Processing media-specific event for [winword.exe!ws!]

Event Record #/Type13848 / Warning
Event Submitted/Written: 05/12/2008 11:42:10 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{91120000-00A1-0000-0000-0000000FF1CE}', feature 'ProductNonBootFiles' failed during request for component '{22056900-C842-11D1-A0DD-00A0C9054277}'

Event Record #/Type13847 / Warning
Event Submitted/Written: 05/12/2008 11:42:10 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{91120000-00A1-0000-0000-0000000FF1CE}', feature 'ProductNonBootFiles', component '{82ECD641-A343-4D45-B2DD-34E0961B7622}' failed. The resource 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{62CEC9E0-3811-4C36-A94E-4F7565DCD23F}\Compatibility Flags' does not exist.

Event Record #/Type13845 / Warning
Event Submitted/Written: 05/12/2008 11:42:10 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{91120000-00A1-0000-0000-0000000FF1CE}', feature 'ProductNonBootFiles' failed during request for component '{22056900-C842-11D1-A0DD-00A0C9054277}'

Event Record #/Type13844 / Warning
Event Submitted/Written: 05/12/2008 11:42:10 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{91120000-00A1-0000-0000-0000000FF1CE}', feature 'ProductNonBootFiles', component '{82ECD641-A343-4D45-B2DD-34E0961B7622}' failed. The resource 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{62CEC9E0-3811-4C36-A94E-4F7565DCD23F}\Compatibility Flags' does not exist.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type71461 / Error
Event Submitted/Written: 05/15/2008 04:21:57 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register with DCOM within the required timeout.

Event Record #/Type71460 / Error
Event Submitted/Written: 05/15/2008 04:21:26 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register with DCOM within the required timeout.

Event Record #/Type71459 / Error
Event Submitted/Written: 05/15/2008 04:20:56 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register with DCOM within the required timeout.

Event Record #/Type71458 / Error
Event Submitted/Written: 05/15/2008 04:11:28 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register with DCOM within the required timeout.

Event Record #/Type71457 / Error
Event Submitted/Written: 05/15/2008 04:10:58 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register with DCOM within the required timeout.

-- End of Deckard's System Scanner: finished at 2008-05-15 17:15:55 ------------

HIJACK THIS STARTUP LIST
StartupList report, 15/05/2008, 17:03:47
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16640)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Tanagra\Memeo\MemeoService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\EMC\Keyboard Application\1.2\EMCKBAPP.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Tanagra\Memeo\MemeoBackup.exe
C:\Program Files\FirstClass\Fcc32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Michael Dempsey\Start Menu\Programs\Startup]
Memeo Launcher.lnk = ?

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SoundMan = SOUNDMAN.EXE
PinnacleDriverCheck = C:\WINDOWS\System32\PSDrvCheck.exe
IW ControlCenter = C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
rfagent = "C:\Program Files\RFA\rfagent.exe"
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
AVP = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
OpwareSE2 = "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
EMCKEYBOARD = C:\Program Files\EMC\Keyboard Application\1.2\EMCKBAPP.exe
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ATI Launchpad = "C:\Program Files\ATI Multimedia\main\launchpd.exe"
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

--------------------------------------------------

Autorun entries from Registry:

#25
sage5

Posted 15 May 2008 - 04:02 PM

RIP 10/2009

Retired Staff
2,646 posts

Hi michaeldemp,

The HijackThis Startup List got cut off before the end. Can you resend that log for me please?

#26
michaeldemp

Posted 18 May 2008 - 06:25 AM

Member

Topic Starter
Member
20 posts

Here it is.

Mike

StartupList report, 15/05/2008, 17:03:47
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16640)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Tanagra\Memeo\MemeoService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\EMC\Keyboard Application\1.2\EMCKBAPP.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Tanagra\Memeo\MemeoBackup.exe
C:\Program Files\FirstClass\Fcc32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Michael Dempsey\Start Menu\Programs\Startup]
Memeo Launcher.lnk = ?

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SoundMan = SOUNDMAN.EXE
PinnacleDriverCheck = C:\WINDOWS\System32\PSDrvCheck.exe
IW ControlCenter = C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
rfagent = "C:\Program Files\RFA\rfagent.exe"
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
AVP = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
OpwareSE2 = "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
EMCKEYBOARD = C:\Program Files\EMC\Keyboard Application\1.2\EMCKBAPP.exe
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ATI Launchpad = "C:\Program Files\ATI Multimedia\main\launchpd.exe"
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
Canon Easy Web Print Helper - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE}
(no name) - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - c:\program files\google\googletoolbar5.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://c:\WINDOWS\I386\DAJAVA.CAB
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://c:\WINDOWS\I386\XMLDSO.CAB
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com...ex/qtplugin.cab

[StagingUI Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\StagingUI.ocx
CODEBASE = http://zone.msn.com/...UI.cab53083.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.ma...director/sw.cab

[ZoneBuddy Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZBuddy.ocx
CODEBASE = http://zone.msn.com/...dy.cab53083.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://by103fd.bay10...es/MsnPUpld.cab

[ZonePAChat Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx
CODEBASE = http://zone.msn.com/...at.cab53083.cab

[Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00]
InProcServer32 = C:\WINDOWS\system32\IMW32O40.OCX
CODEBASE = http://www.crownbar.com/LNetCam.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.micros...b?1124285578718

[Kodak Gallery Easy Upload Manager Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\axofupld.dll
CODEBASE = http://www.kodakgall..._2/axofupld.cab

[Microsoft RDP Client Control (redist)]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msrdp.ocx
CODEBASE = https://mail.fringef...emote/msrdp.cab

[Java Plug-in 1.6.0_02]
InProcServer32 = C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Anonymizer Anti-Spyware Scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\WebAAS.dll
CODEBASE = http://download.zone...ctor/WebAAS.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pdownloader.cab

[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://cdn2.zone.msn...ro.cab53083.cab

[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.6.0_02]
InProcServer32 = C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.6.0_02]
InProcServer32 = C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[get_atlcom Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\gp.ocx
CODEBASE = http://www.adobe.com...obat/nos/gp.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab

[StadiumProxy Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\StProxy.dll
CODEBASE = http://zone.msn.com/...xy.cab53852.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Service for WDM 3D Audio Driver: system32\drivers\ALCXSENS.SYS (manual start)
Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Apple Mobile Device: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)
ASAPIW2K: System32\Drivers\ASAPIW2K.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart)
ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)
ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)
ATI WDM Rage Theater Video: System32\DRIVERS\atinrvxx.sys (manual start)
ATI WDM TV Tuner: System32\DRIVERS\atintuxx.sys (autostart)
ATI WDM TV Audio Crossbar: System32\DRIVERS\atinxsxx.sys (autostart)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Kaspersky Anti-Virus 6.0: "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" -r (autostart)
basic2: System32\DRIVERS\HSF_BSC2.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Memeo: "C:\Program Files\Tanagra\Memeo\MemeoService.exe" (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
catchme: \??\C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\catchme.sys (manual start)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
Cdrdrv: System32\Drivers\Cdrdrv.sys (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Binatone ADSL500 USB Modem Network Adapter Driver: System32\DRIVERS\CnxTrLan.sys (manual start)
Binatone ADSL500 USB Modem Network Interface Device Driver: System32\DRIVERS\CnxTrUsb.sys (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fallback: System32\DRIVERS\HSF_FALL.sys (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
VIA Rhine-Family Fast Ethernet Adapter Driver Service: System32\DRIVERS\fetnd5bv.sys (manual start)
VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver: System32\DRIVERS\fetnd5.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Fsks: System32\DRIVERS\HSF_FSKS.sys (autostart)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
HSFHWBS2: System32\DRIVERS\HSFHWBS2.sys (manual start)
HSF_DP: System32\DRIVERS\HSF_DP.sys (manual start)
hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
K56: System32\DRIVERS\HSF_K56K.sys (autostart)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Kl1: system32\drivers\kl1.sys (system)
Klif: \??\C:\WINDOWS\system32\drivers\klif.sys (system)
Kaspersky Anti-Virus NDIS Filter: system32\DRIVERS\klim5.sys (manual start)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
ATI WDM Specialized MVD Codec: System32\DRIVERS\atinmdxx.sys (autostart)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Microsoft Office Diagnostics Service: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (manual start)
VIA OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Rksample: System32\DRIVERS\HSF_SAMP.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
SoftFax: System32\DRIVERS\HSF_FAXX.sys (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
StreamDispatcher: System32\DRIVERS\strmdisp.sys (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{8E1F329E-B25C-4D01-98D0-D8DCDB73450C} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Tones: System32\DRIVERS\HSF_TONE.sys (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ATI WDM Teletext Decoder: System32\DRIVERS\ATINTTXX.sys (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
Messenger Sharing Folders USN Journal Reader service: "C:\Program Files\MSN Messenger\usnsvc.exe" (manual start)
V124: System32\DRIVERS\HSF_V124.sys (autostart)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system)
ViaIde: System32\DRIVERS\viaide.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
winachsf: System32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 39,559 bytes
Report generated in 0.156 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#27
sage5

Posted 18 May 2008 - 05:26 PM

RIP 10/2009

Retired Staff
2,646 posts

Hi michaeldemp,

There isn't much going on in those logs. I am wondering if this might be just an issue with IE7 & its add ons.
Try this:

1. Open IE, but click the Stop button.
2. Go to Tools > Manage add-ons
3. Disable them all and try to load the Home page again.
4. If this works, re-enable the Add ons, 1 at a time till you find the culprit that is slowing things down.
5. Remove the problem one, it will most likely be via the Add/Remove Programs page of the Control Panel.

Let me know how you get on.

Cheers,

sage5

#28
michaeldemp

Posted 22 May 2008 - 10:51 AM

Member

Topic Starter
Member
20 posts

You genius. It was the google toolbar. Thank you so much. All the other oddities disappeared as a result of my following your earlier advice. Now the whole things works.

Many, many thanks

Mike

#29
sage5

Posted 22 May 2008 - 06:35 PM

RIP 10/2009

Retired Staff
2,646 posts

Hi Mike,

Thank goodness that's fixed that.
There is nothing worse than that sort of niggle.

Please go HERE to run Panda's TotalScan

Select the bubble for Full scan
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
Then the scan will begin
When the scan completes, click the Save button on the right of Scan details
Save it to C:\active_scan.txt
Post the contents of the TotalScan report

Cheers,

sage5

Edited by sage5, 22 May 2008 - 06:40 PM.

#30
michaeldemp

Posted 23 May 2008 - 08:23 AM

Member

Topic Starter
Member
20 posts

I ran Panda but got an error message

Oops! There's been an error...
Don't worry, we've taken note and we're working on a solution. Please try again later.

I will run it again but I'm off to Portugal tomorrow for a week so I can't do it until I get back. I am sorry for the delay but I will give it attanetion as soon as I return.

Thanks again

Mike