Task Manager processes larger, slow, trojan

88accordlxcarb · 05-28-2008, 11:33 AM

All of my processes in the task manager are larger than they were a week ago. For example, i use a small program called Launchy, which is a equivalent of quicksilver (for accessing files). It used to be around 1000K, now it is 13980K in the task manager. Other files follow suit.

Pandascan will not run. It gets around 13% and closes down. I have done it in firefox and IE, and in safe mode.

Itunes started skipping at the beginning of each song, like it is waiting for memory or processor power to get the song going.

I have run AVG antispyware, spybot, and the DSS. AVG found:

C:\sysbdbi.exe Trojan Horse Downloader.Agent.NWC
C:\Windows\bywtrq.dll Trojan Horse Generic5.xgy

Deleted both of them.

It is still doing the same things after deleting the files.

Deckard's System Scanner v20071014.68
Run by Atha on 2008-05-28 14:09:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
19: 2008-05-28 18:10:08 UTC - RP320 - Deckard's System Scanner Restore Point
18: 2008-05-28 05:08:48 UTC - RP319 - Installed AVG Free 8.0
17: 2008-05-28 01:40:19 UTC - RP318 - System Checkpoint
16: 2008-05-27 01:38:10 UTC - RP317 - System Checkpoint
15: 2008-05-26 00:38:35 UTC - RP316 - Installed Drive Speed Checker

-- First Restore Point --
1: 2008-05-14 22:29:45 UTC - RP302 - Installed iTunes

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 1.08 GiB (less than 15%) free.

-- HijackThis (run as Atha.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-28 14:13:52
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\BAsfIpM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Download\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WD Spindown Utility] "C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Atha"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O15 - Trusted IP Range: https://192.168.1.34 (HKCU)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/s.../SysProExe.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/...dsolutions.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploa...loadClient.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\BAsfIpM.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\winvnc4.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

--
End of file - 7410 bytes

-- HijackThis Fixed Entries (C:\Download\HIJACK~1\backups\) --------------------

backup-20070315-105749-667 O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\khefgh.dll",setvm
backup-20070320-180207-427 O20 - AppInit_DLLs:
backup-20070605-061808-746 O20 - Winlogon Notify: fde216 - C:\WINDOWS\SYSTEM32\fde216.dll
backup-20070605-061808-829 O2 - BHO: (no name) - {bc4686f5-dd30-41d2-9df2-51ff1cf97098} - C:\WINDOWS\system32\fde216.dll
backup-20070605-062138-966 O2 - BHO: (no name) - {bc4686f5-dd30-41d2-9df2-51ff1cf97098} - C:\WINDOWS\system32\fde216.dll
backup-20080501-194148-104 O2 - BHO: (no name) - {bc4686f5-dd30-41d2-9df2-51ff1cf97098} - C:\WINDOWS\system32\fde216.dll (file missing)
backup-20080501-194212-245 O20 - Winlogon Notify: fde216 - fde216.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 fanio (FanIO driver) - c:\windows\system32\drivers\fanio.sys <Not Verified; Christian Diefer; fanio.sys>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
S3 SIS163u (SiS 163 usb Wireless LAN Adapter Driver) - c:\windows\system32\drivers\sis163u.sys <Not Verified; SiS Corporation; NDIS NIC Driver>
S3 SusAV (Susteen Composite Serial Port Driver) - c:\windows\system32\drivers\susav.sys <Not Verified; Susteen Inc.; Susteen USB-to-Serial Bridge Cable>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BAsfIpM (Broadcom ASF IP monitoring service v6.0.4) - c:\windows\system32\basfipm.exe <Not Verified; Broadcom Corp.; Broadcom ASF IP monitoring service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-05-28 14:00:00 350 --a------ C:\WINDOWS\Tasks\At15.job
2008-05-28 13:00:00 350 --a------ C:\WINDOWS\Tasks\At14.job
2008-05-28 12:00:00 350 --a------ C:\WINDOWS\Tasks\At13.job
2008-05-28 11:00:00 350 --a------ C:\WINDOWS\Tasks\At12.job
2008-05-28 10:00:00 350 --a------ C:\WINDOWS\Tasks\At11.job
2008-05-28 09:00:00 350 --a------ C:\WINDOWS\Tasks\At10.job
2008-05-28 08:14:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-28 08:00:00 350 --a------ C:\WINDOWS\Tasks\At9.job
2008-05-28 07:00:00 350 --a------ C:\WINDOWS\Tasks\At8.job
2008-05-28 06:00:00 350 --a------ C:\WINDOWS\Tasks\At7.job
2008-05-28 05:00:00 350 --a------ C:\WINDOWS\Tasks\At6.job
2008-05-28 04:00:00 350 --a------ C:\WINDOWS\Tasks\At5.job
2008-05-28 03:00:00 350 --a------ C:\WINDOWS\Tasks\At4.job
2008-05-28 01:00:00 350 --a------ C:\WINDOWS\Tasks\At2.job
2008-05-28 00:00:00 350 --a------ C:\WINDOWS\Tasks\At1.job
2008-05-27 23:00:00 350 --a------ C:\WINDOWS\Tasks\At24.job
2008-05-27 22:00:00 350 --a------ C:\WINDOWS\Tasks\At23.job
2008-05-27 21:00:00 350 --a------ C:\WINDOWS\Tasks\At22.job
2008-05-27 20:00:00 350 --a------ C:\WINDOWS\Tasks\At21.job
2008-05-27 19:00:00 350 --a------ C:\WINDOWS\Tasks\At20.job
2008-05-27 17:00:00 350 --a------ C:\WINDOWS\Tasks\At18.job
2008-05-27 16:00:00 350 --a------ C:\WINDOWS\Tasks\At17.job
2008-05-27 15:00:00 350 --a------ C:\WINDOWS\Tasks\At16.job
2008-05-27 02:00:00 350 --a------ C:\WINDOWS\Tasks\At3.job
2008-05-26 18:00:00 350 --a------ C:\WINDOWS\Tasks\At19.job
2008-05-02 18:38:29 240 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job

-- Files created between 2008-04-28 and 2008-05-28 -----------------------------

2008-05-28 13:18:20 0 d-------- C:\Program Files\Panda Security
2008-05-28 02:48:31 0 d--h----- C:\$AVG8.VAULT$
2008-05-28 01:09:05 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-28 01:08:48 0 d-------- C:\Program Files\AVG
2008-05-28 01:08:48 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-25 20:38:36 0 d-------- C:\Program Files\eXibition Software
2008-05-22 00:08:43 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-19 15:10:58 0 d-------- C:\Documents and Settings\Atha\Application Data\Cakewalk
2008-05-19 15:10:05 118784 --a------ C:\WINDOWS\dsdxirmv.exe
2008-05-19 14:59:23 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX>
2008-05-19 14:59:20 180224 --a------ C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-05-19 14:58:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Cakewalk
2008-05-19 14:58:26 0 d-------- C:\Program Files\Cakewalk
2008-05-19 14:58:26 0 d-------- C:\Cakewalk Projects
2008-05-15 18:32:48 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-15 18:32:20 0 d-------- C:\Documents and Settings\Atha\Application Data\InstallShield Installation Information
2008-05-15 18:01:33 0 d-------- C:\Program Files\Unreal Tournament 3
2008-05-15 18:00:21 0 d-------- C:\WINDOWS\system32\AGEIA
2008-05-15 18:00:20 0 d-------- C:\Program Files\AGEIA Technologies
2008-05-14 18:29:48 0 d-------- C:\Program Files\iTunes
2008-05-14 18:29:30 0 d-------- C:\Program Files\Bonjour
2008-05-12 21:45:09 0 d-------- C:\Move to Backupmusic
2008-05-08 21:16:21 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-08 21:16:20 0 d-------- C:\Program Files\FriendBlasterPro

-- Find3M Report ---------------------------------------------------------------

2008-05-23 12:59:36 0 d-------- C:\Program Files\Western Digital Technologies
2008-05-22 00:02:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-19 15:10:58 0 d-------- C:\Documents and Settings\Atha\Application Data\Identities
2008-05-19 00:16:40 0 d-------- C:\Documents and Settings\Atha\Application Data\Ruckus Network
2008-05-14 18:29:56 0 d-------- C:\Program Files\iPod
2008-05-14 13:58:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-12 20:34:29 0 d-------- C:\Documents and Settings\Atha\Application Data\Apple Computer
2008-05-04 23:39:43 0 d-------- C:\Program Files\Finale 2003
2008-05-02 21:24:38 0 d-------- C:\Program Files\QuickTime
2008-05-02 18:40:34 0 d-------- C:\Program Files\Apple Software Update
2008-05-02 18:34:46 0 d-------- C:\Program Files\Return to Castle Wolfenstein
2008-05-02 18:33:00 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-02 18:32:35 0 d-------- C:\Program Files\Colibri
2008-05-01 19:40:37 0 d-------- C:\Program Files\Common Files
2008-04-14 21:04:30 0 d-------- C:\Documents and Settings\Atha\Application Data\goombah
2008-04-13 19:44:01 0 d-------- C:\Program Files\Ruckus Player
2008-04-02 22:58:37 0 d-------- C:\Program Files\Emergent Music LLC
2008-03-28 14:42:33 0 d-------- C:\Documents and Settings\Atha\Application Data\U3

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark_X79-55"="C:\WINDOWS\system32\lsasss.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/09/2007 01:02 AM]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [03/29/2002 04:42 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"WD Spindown Utility"="C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe" [08/09/2004 03:15 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/28/2008 01:08 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2003 11:31 AM]
"i8kfangui"="C:\Program Files\I8kfanGUI\I8kfanGUI.exe" [02/16/2007 12:58 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesonce]
"washindex"=C:\Program Files\Washer\washidx.exe "Atha"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2/28/2008 12:09:37 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 05:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TK8 EasyNote 1.1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TK8 EasyNote 1.1.lnk
backup=C:\WINDOWS\pss\TK8 EasyNote 1.1.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Atha^Start Menu^Programs^Startup^emma.lnk]
path=C:\Documents and Settings\Atha\Start Menu\Programs\Startup\emma.lnk
backup=C:\WINDOWS\pss\emma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\areslite]
"C:\Program Files\Ares Lite Edition\AresLite.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Colibri]
C:\Program Files\Colibri\Colibri.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Washer]
C:\Program Files\Washer\washer.exe /0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\mobile PhoneTools\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Spindown Utility]
"C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3acd5e42-6ab3-11dc-9dc5-0012f0aac03f}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a3dbaf8-d895-11db-9dac-0012f0aac03f}]
AutoRun\command- E:\LaunchU3.exe -a

-- End of Deckard's System Scanner: finished at 2008-05-28 14:15:38 ------------

88accordlxcarb · 05-28-2008, 01:34 PM

Also, the Launchy program is now up to 14376K

Programs like Applemobiledevice are also growing as well. I have not used these programs since my first post.

Itunes also skips when tracks are pulled from an external hard drive, so i do not think it is the hard drive that is causing the stuttering/skipping at the beginning of each song.

05-28-2008, 01:34 PM	#2 (permalink)
88accordlxcarb Registered User Join Date: Mar 2007 Posts: 9 OS: WinXP Pro	Re: Task Manager processes larger, slow, trojan Also, the Launchy program is now up to 14376K Programs like Applemobiledevice are also growing as well. I have not used these programs since my first post. Itunes also skips when tracks are pulled from an external hard drive, so i do not think it is the hard drive that is causing the stuttering/skipping at the beginning of each song.