Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible malware/virus slowing computer [RESOLVED]


  • This topic is locked This topic is locked

#1
Conkey

Conkey

    Member

  • Member
  • PipPip
  • 17 posts
I have experienced a lot of freezing and hang-ups recently. Kaspesky found malware: deleted: Trojan program Trojan.Win32.Monder.gen but seemed to delete it. Could someone please review my Hjt log to see if something is infected? Would be much greateful


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45:48, on 16.08.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\RivaTuner v2.09\RivaTuner.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Razer\Lycosa\razertra.exe
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\SYSTEM32\CTXFIHLP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vg.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bayden.co...?l=en&v=1.6.1.5
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative....101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1214420172312
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15105/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32815B77-6891-404B-A6CD-DA7926FFE6BB}: NameServer = 193.213.112.4,130.67.60.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{32815B77-6891-404B-A6CD-DA7926FFE6BB}: NameServer = 193.213.112.4,130.67.60.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{32815B77-6891-404B-A6CD-DA7926FFE6BB}: NameServer = 193.213.112.4,130.67.60.68
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 11021 bytes

Malwarebytes' Anti-Malware 1.24
Database version: 1056
Windows 5.1.2600 Service Pack 3

15:41:09 16.08.2008
mbam-log-8-16-2008 (15-41-09).txt

Scan type: Quick Scan
Objects scanned: 48932
Time elapsed: 8 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements


#2
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Conkey,

Welcome to Geeks To Go,

I'm sorry that we haven't got to you until now, but the forum can get hectic at times.

I am sage5 and I will be helping you with this problem.

First I need you to download the following tools & save them to your Desktop:
Runscanner

Run the Scanner:
  • Extract the file to your Desktop & double click on the RunScanner.exe file.
  • Select Beginner Mode & click OK
  • Make sure that there are ticks in only the upper & middle check boxes, then click the Start full scan button.

    Note: If Runscanner.exe requests access to the Internet through your firewall please allow it to do so. The scan will then run for two or three minutes.
  • On completion it will ask to save the 2 files. Use the default names for both & save to the Desktop.

    Note: It will do this for both the .run file and the log file
  • In your next reply, attach the runscanner.run file:
  • In the Attachment section of the Add Reply window, use the Browse button to highlight the file on your desktop.
  • Now click the Upload button to attach the file.


Cheers,

sage5
  • 0

#3
Conkey

Conkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thanks for reply. It wont let med upload the log file so I just copy and paste it here (sorry for that).

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

General info
------------
Computer name : STASJONÆR
Creation time : 25.08.2008 20:09:04
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.13
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 3
RunScanner Version : 1.7.0.0
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
* C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe (Apache Software Foundation)
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe (Apache Software Foundation)
* C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe (Creative Technology Ltd)
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
C:\WINDOWS\system32\CTXFIHLP.EXE (Creative Technology Ltd)
C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe (D-Link)
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
* C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
* C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
* C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
* C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (Kaspersky Lab)
* C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (Kaspersky Lab)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
* C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
* C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
* C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe (Creative Technology Ltd.)
* C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
* C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
C:\Program Files\Razer\Lycosa\razertra.exe
C:\Program Files\RivaTuner v2.09\RivaTuner.exe
* C:\WINDOWS\system32\RUNDLL32.EXE (Microsoft Corporation)
* C:\DOCUME~1\IVIND~1\LOCALS~1\Temp\Rar$EX00.125\RunScanner.exe (Runscanner.net)
* C:\DOCUME~1\IVIND~1\LOCALS~1\Temp\Rar$EX01.125\RunScanner.exe (Runscanner.net)
* C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE (Creative Technology Ltd)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
* C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\msiexec.exe (Microsoft Corporation)
C:\Program Files\WinRAR\WinRAR.exe
* C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)

Unrated items
-------------
002 C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
002 C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
002 * C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (Kaspersky Lab)
002 C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe
002 C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
002 C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
002 C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
002 C:\WINDOWS\system32\CTXFIHLP.EXE (Creative Technology Ltd)
002 C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe (D-Link)
002 C:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
002 C:\WINDOWS\system32\nwiz.exe
002 C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
002 C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
002 C:\Program Files\RivaTuner v2.09\RivaTuner.exe
002 C:\Program Files\RivaTuner v2.09\RivaTuner.exe
002 C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
002 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
003 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
004 C:\Program Files\SpywareGuard\sgmain.exe
010 C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour-tjeneste)
010 C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Audio Service)
010 * C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (Kaspersky Anti-Virus 7.0)
010 C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe (Marvell RAID Event Agent)
010 C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe (MRU Web Service)
010 * C:\WINDOWS\system32\PnkBstrA.exe (PnkBstrA)
011 C:\WINDOWS\system32\drivers\NSDriver.sys (Ad-Watch Connect Kernel Filter)
011 C:\WINDOWS\system32\ANIO.SYS (ANIO Service)
011 * C:\WINDOWS\system32\drivers\AsIO.sys (AsIO)
011 * C:\WINDOWS\system32\COMMONFX.DLL (COMMONFX.DLL)
011 * C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative 20X HAL Driver)
011 * C:\WINDOWS\system32\drivers\ctac32k.sys (Creative AC3 Software Decoder)
011 * C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Audio Driver (WDM))
011 * C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative DVD-Audio Device Driver)
011 * C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative OS Services Driver)
011 * C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Proxy Driver)
011 * C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative SoundFont Management Device Driver)
011 * C:\WINDOWS\system32\CT20XUT.DLL (CT20XUT.DLL)
011 * C:\WINDOWS\system32\CTAUDFX.DLL (CTAUDFX.DLL)
011 * C:\WINDOWS\system32\CTEAPSFX.DLL (CTEAPSFX.DLL)
011 * C:\WINDOWS\system32\CTEDSPFX.DLL (CTEDSPFX.DLL)
011 * C:\WINDOWS\system32\CTEDSPIO.DLL (CTEDSPIO.DLL)
011 * C:\WINDOWS\system32\CTEDSPSY.DLL (CTEDSPSY.DLL)
011 * C:\WINDOWS\system32\CTERFXFX.DLL (CTERFXFX.DLL)
011 * C:\WINDOWS\system32\CTEXFIFX.DLL (CTEXFIFX.DLL)
011 * C:\WINDOWS\system32\CTHWIUT.DLL (CTHWIUT.DLL)
011 * C:\WINDOWS\system32\CTSBLFX.DLL (CTSBLFX.DLL)
011 * C:\WINDOWS\system32\drivers\emupia2k.sys (E-mu Plug-in Architecture Driver)
011 * C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEARAspiWDM)
011 * C:\WINDOWS\system32\DRIVERS\klim5.sys (Kaspersky Anti-Virus NDIS Filter)
011 * C:\WINDOWS\system32\drivers\kl1.sys (Kl1)
011 C:\WINDOWS\system32\drivers\klif.sys (Klif)
011 * C:\WINDOWS\system32\DRIVERS\mv61xx.sys (mv61xx)
011 C:\Program Files\RivaTuner v2.09\RivaTuner32.sys (RivaTuner32)
011 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV)
011 C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SASENUM)
011 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL)
011 C:\WINDOWS\System32\Drivers\sptd.sys (sptd)
011 C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software pcouffin)
042 C:\Program Files\PopupPopper\SiteList.exe (Bayden Systems) {3E94F358-9537-4BBA-8D12-D7F8A0136973}
050 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
050 C:\Program Files\SpywareGuard\spywareguard.dll {81559C35-8464-49F7-BB0E-07A383BEF910}
052 C:\PROGRA~1\POPUPP~1\PopLib.dll (Bayden Systems) {41353F8B-78CE-48A5-BE44-153ED293D192}
052 C:\Program Files\SpywareGuard\dlprotect.dll {4A368E80-174F-4872-96B5-0B27DDD11DB2}
061 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
061 C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll (ESTsoft) {4EB37360-49E8-11D3-95B5-004033382980}
061 C:\WINDOWS\system32\nvshell.dll {1CDB2949-8F65-4355-8456-263E7C208A5D}
061 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
061 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
061 C:\Program Files\SpywareGuard\spywareguard.dll {81559C35-8464-49F7-BB0E-07A383BEF910}
061 * C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (Kaspersky Lab) {85E0B171-04FA-11D1-B7DA-00A0C90348D6}
061 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
061 C:\Program Files\Creative\Creative Zen Vision M\SHCTMTP.dll (Creative Technology Ltd) {4AFB2C13-9D16-4478-AEF4-C3FC539961E4}
062 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
063 C:\WINDOWS\system32\lsdelete.exe
067 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
067 * C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
100 ShellNext HKCU : http://www.bayden.co...?l=en&v=1.6.1.5
100 Start Page HKCU : http://vg.no/
104 C:\WINDOWS\DOWNLO~1\CONFLICT.1\ASUSTE~1.DLL {0D41B8C5-2599-4893-8183-00195EC8D5F9}
104 * C:\PROGRA~1\Creative\SHARED~1\SOFTWA~1\CTPID.ocx (Creative Technology Ltd) {F6ACF75C-C32C-447B-9BEF-46B766368D29}
105 E&ksporter til Microsoft Excel : res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
107 C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
120 NameServer {32815B77-6891-404B-A6CD-DA7926FFE6BB} : 193.213.112.4,130.67.60.68
173 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
173 C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll (ESTsoft) {4EB37360-49E8-11D3-95B5-004033382980}
173 C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll (Creative Technology Ltd) {7895F317-A125-42CC-BD3E-5830765CE577}
173 * C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5}
173 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
173 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
221 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
221 C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll (ESTsoft) {4EB37360-49E8-11D3-95B5-004033382980}
221 C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll (Creative Technology Ltd) {7895F317-A125-42CC-BD3E-5830765CE577}
221 * C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5}
221 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
221 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll (ESTsoft) {4EB37360-49E8-11D3-95B5-004033382980}
225 C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll (ESTsoft) {4EB37360-49E8-11D3-95B5-004033382980}
225 C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll (Creative Technology Ltd) {7895F317-A125-42CC-BD3E-5830765CE577}
225 C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll (Creative Technology Ltd) {7895F317-A125-42CC-BD3E-5830765CE577}
225 * C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5}
225 * C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
227 C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll (ESTsoft) {4EB37360-49E8-11D3-95B5-004033382980}
227 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
227 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
229 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
229 C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll (ESTsoft) {4EB37360-49E8-11D3-95B5-004033382980}
231 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info

Missing files
-------------
003 C:\Program Files\Messenger\msmsgs.exe
011 C:\WINDOWS\system32\drivers\a3oe097r.sys
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\abp480n5.sys
011 C:\WINDOWS\system32\drivers\adpu160m.sys
011 C:\WINDOWS\system32\drivers\Aha154x.sys
011 C:\WINDOWS\system32\drivers\aic78u2.sys
011 C:\WINDOWS\system32\drivers\aic78xx.sys
011 C:\WINDOWS\system32\drivers\AliIde.sys
011 C:\WINDOWS\system32\drivers\amsint.sys
011 C:\WINDOWS\system32\drivers\asc.sys
011 C:\WINDOWS\system32\drivers\asc3350p.sys
011 C:\WINDOWS\system32\drivers\asc3550.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\cd20xrnt.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\CmdIde.sys
011 C:\WINDOWS\system32\drivers\Cpqarray.sys
011 C:\WINDOWS\system32\drivers\dac2w2k.sys
011 C:\WINDOWS\system32\drivers\dac960nt.sys
011 C:\WINDOWS\system32\drivers\dpti2o.sys
011 C:\WINDOWS\system32\drivers\hpn.sys
011 C:\WINDOWS\system32\drivers\i2omgmt.sys
011 C:\WINDOWS\system32\drivers\i2omp.sys
011 C:\WINDOWS\system32\drivers\ini910u.sys
011 C:\WINDOWS\system32\drivers\IntelIde.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\mraid35x.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\perc2.sys
011 C:\WINDOWS\system32\drivers\perc2hib.sys
011 C:\WINDOWS\system32\drivers\ql1080.sys
011 C:\WINDOWS\system32\drivers\Ql10wnt.sys
011 C:\WINDOWS\system32\drivers\ql12160.sys
011 C:\WINDOWS\system32\drivers\ql1240.sys
011 C:\WINDOWS\system32\drivers\ql1280.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\Sparrow.sys
011 C:\WINDOWS\system32\drivers\sym_hi.sys
011 C:\WINDOWS\system32\drivers\sym_u3.sys
011 C:\WINDOWS\system32\drivers\symc810.sys
011 C:\WINDOWS\system32\drivers\symc8xx.sys
011 C:\WINDOWS\system32\drivers\TosIde.sys
011 C:\WINDOWS\system32\drivers\ultra.sys
011 C:\WINDOWS\system32\drivers\ViaIde.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
042 C:\Program Files\Messenger\msmsgs.exe
061 deskpan.dll

Attached Files


Edited by Conkey, 25 August 2008 - 12:21 PM.

  • 0

#4
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Conkey,

We can fix the few orphans picked up by RunScanner
Run the Fix:
  • Download the attachment at the end of this post & save it to your Desktop, overwriting the existing file. (This is your fixed runscanner.run file)
  • Double click the runscanner.run file. This will open using RunScanner

    Note: Do NOT add any extra ticks, of your own, to the list.
  • Click on the small Item fixer tab & click the Fix selected items button
  • Accept the warning(s) and repeat until they are all gone.
  • Reboot your PC.

Are you getting any slow down / odd behaviour from your PC?
It looks to be in really good shape.

Cheers,

sage5

Attached Files


  • 0

#5
Conkey

Conkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Did the fix with no obvious problems. The freezes may have been after a driver update. Reinstalled older drivers that I installed just prior to the onset of problems. Cant say I've had he same amount of freezes after driverissue was solved. But still I get hang-ups up to 10-15 sec when changing between tasks (that shouldn't be hard on the cpu in the first place).

Well thanks for your time and help :)
  • 0

#6
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Tell me is your SuperAntiSpyware less than 30 days old, or the "paid for" version?
This might be trying to provide real time protection, and may be clashing with SpywareGuard.

Create an Uninstall list:
  • Open HijackThis, click Open the Misc Tools section
  • Click Open Uninstall Manager
  • Click Save list.
This generates C:\Program Files\Trend Micro\HijackThis\uninstall_list.txt. I will need you to paste the text from this file, into your next post.

Create a Startup list:
  • Open HiJackThis
  • Click on the Open Misc Tools Section button.
  • Make sure that the 2 boxes next to the Generate Startuplist log button are ticked
  • Now click on the Generate Startuplist log button.
  • NotePad will open a new window. This file is C:\Program Files\Trend Micro\HijackThis\startuplist.txt
  • Copy and paste the text from the log into your next post.

Edited by sage5, 26 August 2008 - 05:21 PM.

  • 0

#7
Conkey

Conkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I do have a free version of the superantispyware.


HJT startuplist:

StartupList report, 28.08.2008, 15:58:47
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16705)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\RivaTuner v2.09\RivaTuner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Razer\Lycosa\razertra.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Øivind\Start Menu\Programs\Startup]
SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

amd_dc_opt = C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
CPU Power Monitor = "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
Cpu Level Up help = C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe
CTDVDDET = "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
RCSystem = "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
AudioDrvEmulator = "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
VolPanel = "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
UpdReg = C:\WINDOWS\UpdReg.EXE
CTHelper = CTHELPER.EXE
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
D-Link D-Link RangeBooster N DWA-140 = C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
Lycosa = "C:\Program Files\Razer\Lycosa\razerhid.exe"
AVP = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
AppleSyncNotifier = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
CTxfiHlp = CTXFIHLP.EXE
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
RivaTunerStartupDaemon = "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S
RivaTuner = "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /T

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\POPUPP~1\PopLib.dll - {41353F8B-78CE-48A5-BE44-153ED293D192}
SpywareGuard Download Protection - C:\Program Files\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

MP Scheduled Scan.job

--------------------------------------------------

Enumerating Download Program Files:

[asusTek_sysctrl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\ASUSTE~1.DLL
CODEBASE = http://support.asus....ek_sys_ctrl.cab

[System Requirements Lab Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\sysreqlab3.dll
CODEBASE = http://www.nvidia.co.../sysreqlab3.cab
OSD = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\SysReqLab3.osd

[Creative Software AutoUpdate]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\CTSUEngn.ocx
CODEBASE = http://www.creative....101/CTSUEng.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://www.update.mi...b?1214420172312

[Java Plug-in 1.6.0_07]
InProcServer32 = C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.6.0_06]
InProcServer32 = C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.6.0_07]
InProcServer32 = C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.6.0_07]
InProcServer32 = C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[get_atlcom Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\gp.ocx
CODEBASE = http://www.adobe.com...obat/nos/gp.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx
CODEBASE = http://fpdownload2.m...ash/swflash.cab

[Creative Software AutoUpdate Support Package]
InProcServer32 = C:\PROGRA~1\Creative\SHARED~1\SOFTWA~1\CTPID.ocx
CODEBASE = http://www.creative....15105/CTPID.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Ad-Aware 2007 Service: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" (autostart)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Ad-Watch Connect Kernel Filter: \??\C:\WINDOWS\system32\drivers\NSDriver.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD Processor Driver: system32\DRIVERS\AmdK8.sys (system)
AMD Low Level Device Driver: system32\DRIVERS\AmdLLD.sys (manual start)
ANIO Service: \??\C:\WINDOWS\system32\ANIO.SYS (autostart)
ANIWZCSd Service: C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (autostart)
Apple Mobile Device: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: system32\DRIVERS\arp1394.sys (manual start)
AsIO: system32\drivers\AsIO.sys (system)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
Kaspersky Anti-Virus 7.0: "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (autostart)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Bonjour-tjeneste: "C:\Program Files\Bonjour\mDNSResponder.exe" (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COMMONFX.DLL: system32\COMMONFX.DLL (manual start)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Creative Audio Engine Licensing Service: "C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
CT20XUT.DLL: system32\CT20XUT.DLL (manual start)
Creative AC3 Software Decoder: system32\drivers\ctac32k.sys (manual start)
Creative Audio Driver (WDM): system32\drivers\ctaud2k.sys (manual start)
CTAUDFX.DLL: system32\CTAUDFX.DLL (manual start)
Creative Audio Service: C:\Program Files\Creative\Shared Files\CTAudSvc.exe (autostart)
Creative DVD-Audio Device Driver: system32\drivers\ctdvda2k.sys (manual start)
CTEAPSFX.DLL: system32\CTEAPSFX.DLL (manual start)
CTEDSPFX.DLL: system32\CTEDSPFX.DLL (manual start)
CTEDSPIO.DLL: system32\CTEDSPIO.DLL (manual start)
CTEDSPSY.DLL: system32\CTEDSPSY.DLL (manual start)
CTERFXFX.DLL: system32\CTERFXFX.DLL (manual start)
CTEXFIFX.DLL: system32\CTEXFIFX.DLL (manual start)
CTHWIUT.DLL: system32\CTHWIUT.DLL (manual start)
Creative Proxy Driver: system32\drivers\ctprxy2k.sys (manual start)
CTSBLFX.DLL: system32\CTSBLFX.DLL (manual start)
Creative SoundFont Management Device Driver: system32\drivers\ctsfm2k.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Extensible Authentication Protocol Service: %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)
E-mu Plug-in Architecture Driver: system32\drivers\emupia2k.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Creative 20X HAL Driver: system32\drivers\ha20x2k.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Lycosa HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
iPod-tjeneste: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Kl1: system32\drivers\kl1.sys (system)
Klif: \??\C:\WINDOWS\system32\drivers\klif.sys (system)
Kaspersky Anti-Virus NDIS Filter: system32\DRIVERS\klim5.sys (manual start)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Lycosa Keyboard: System32\Drivers\Lycosa.sys (manual start)
Marvell RAID Event Agent: C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe (manual start)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
MRU Web Service: "C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe" -k runservice (autostart)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
ATK0110 ACPI UTILITY: system32\DRIVERS\ASACPI.sys (manual start)
mv61xx: system32\DRIVERS\mv61xx.sys (system)
Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NBService: C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NMIndexingService: "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Creative OS Services Driver: system32\drivers\ctoss2k.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
VSO Software pcouffin: System32\Drivers\pcouffin.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
PnkBstrA: C:\WINDOWS\system32\PnkBstrA.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: system32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
RivaTuner32: \??\C:\Program Files\RivaTuner v2.09\RivaTuner32.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Ralink 802.11n USB Wireless LAN Card Driver: system32\DRIVERS\rt2870.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)
SASENUM: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (manual start)
SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
High-Capacity Floppy Disk Drive: system32\DRIVERS\sfloppy.sys (manual start)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
sptd: System32\Drivers\sptd.sys (system)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{A03FC628-5B20-4318-B46E-3A034F2DB659} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Apple Mobile USB Driver: System32\Drivers\usbaapl.sys (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
USB RNDIS Adapter: system32\DRIVERS\usb8023x.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Windows CE USB Serial Host Driver: system32\DRIVERS\wceusbsh.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Defender: "C:\Program Files\Windows Defender\MsMpEng.exe" (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Windows Management Interface for ACPI: system32\DRIVERS\wmiacpi.sys (system)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)
WpdUsb: system32\DRIVERS\wpdusb.sys (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (system)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller: system32\DRIVERS\yk51x86.sys (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 39 757 bytes
Report generated in 0,109 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Attached Files


  • 0

#8
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Conkey,

Item 1.
You don't appear to be running a 3rd party firewall. These are essential to protect from trojans, viruses, spyware etc.

You should check out:- Comodo Firewall Pro or Sunbelt Personal Firewall

User manuals are available for both:
Comodo's manual is built in and accessable from the Help Menu.

Sunbelt Manual Here

Both are simple to install & free to use.
Please install only 1

Item 2.
System File Checker:
  • Go to Start > Run and type sfc /scannow (Note the space between the c & the /)
  • /scannow starts the System File Checker immediately.
  • You will probably need your Windows XP CD to be handy as it may be required.
    If you have Service Pack 2 installed, you will need the SP2 version of the CD. This can be done with a borrowed CD, if you don't have one.
  • Allow the scan to run and when complete reboot the system

Run the PC for a day or 2 & see if this fixes the issue. If not, go to Item 3.

Item 3.
Below is a list of the antimalware apps on your PC:

Ad-Aware 2007
Windows Defender
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.1
SpywareGuard
SUPERAntiSpyware Free Edition

How long have all of these been loaded?
Are any of them new installations?

Spybot: I'm not sure why there is 2 listings for this, it might be a agood idea to uninstall both, & reinstall the new version

SpywareGuard: by default provides "real-time" protection. It could conflict with any other app which is also trying to do the same.
for example:
Windows Defender
Spybot - Search & Destroy, if using the Tea Timer module.

Let's try this:
Can you please check that all of the above apps have the real-time protection disabled by using the following link:
Link

Use the computer for a day or 2 & see if having those disabled, stops the hangs etc. Either way tell me how you get on.

I need you to post me a fresh HijackThis log to confirm correct installation of the Firewall.

Cheers,

sage5
  • 0

#9
Conkey

Conkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
When I installed Comodo firewall, I got serious internetlag. Tried it a couple of days and deleted it. When I now downloaded the sunbelt firewall my kaspersky antivirus is giong bananas not letting me install it (due to adaware). I do think the latest jangups has been due to the firewall, allthough I see that you use it.
  • 0

#10
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Conkey,

Download the following & save to your Desktop:
OTScanIt.exe

OTScanIt.exe

Install OTScanIt:
  • Double-click on OTScanIt.exe to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Leave the default boxes checked/ticked in the Basic Scans headings, except
    • Click Yes under Rootkit scan
  • Make sure that you tick these in the Additional Scans box
    • Reg - BotCheck
    • Reg - Security Settings
    • File - Lop check
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning large amounts of data so depending on your system it could take a while to complete.
  • When the scan is done Notepad will open with the report file loaded in it.
  • Save the file in the new OTScanIt folder as Scan1.txt
If the log is too large to post, use the Reply button, scroll down to the Attachments section and attach the Notepad file here.
  • 0

Advertisements


#11
Conkey

Conkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
The file is too big to upload here. So sorry but here its pasted instead.

[code=auto:0]OTScanIt logfile created on: 02.09.2008 11:26:03
OTScanIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Øivind\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 160,65 Gb Free Space | 68,99% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 280,89 Gb Free Space | 60,31% Space Free | Partition Type: NTFS
Drive E: | 698,64 Gb Total Space | 398,11 Gb Free Space | 56,98% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STASJONÆR
Current User Name: Øivind
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
ctdvddet.exe -> %ProgramFiles%\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 18.06.2003 01:00:00 | Attr = ]
dllml.exe -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> Creative Technology Ltd. [Ver = 1.0.25.0 | Size = 49152 bytes | Modified Date = 04.11.2005 18:07:56 | Attr = ]
volpanlu.exe -> %ProgramFiles%\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe -> Creative Technology Ltd [Ver = 2.0.7.0 | Size = 122880 bytes | Modified Date = 28.07.2006 09:56:48 | Attr = ]
cthelper.exe -> %SystemRoot%\system32\CtHelper.exe -> Creative Technology Ltd [Ver = 6.00.01.1283-2.14.1610 | Size = 19456 bytes | Modified Date = 20.02.2008 20:58:44 | Attr = ]
ctaudsvc.exe -> %ProgramFiles%\Creative\Shared Files\CTAudSvc.exe -> Creative Technology Ltd [Ver = 3.1.39.0 | Size = 417792 bytes | Modified Date = 30.04.2008 10:27:50 | Attr = ]
airncfg.exe -> %ProgramFiles%\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe -> D-Link [Ver = 4, 1, 2, 820 | Size = 1671168 bytes | Modified Date = 20.08.2007 14:05:24 | Attr = ]
razerhid.exe -> %ProgramFiles%\Razer\Lycosa\razerhid.exe -> Razer USA Ltd. [Ver = 1, 0, 0, 1 | Size = 147456 bytes | Modified Date = 20.11.2007 16:53:36 | Attr = ]
avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.1.325 | Size = 227856 bytes | Modified Date = 08.02.2008 18:36:14 | Attr = ]
ctxfihlp.exe -> %SystemRoot%\system32\Ctxfihlp.exe -> Creative Technology Ltd [Ver = 6.00.01.1283-2.14.1750 | Size = 19968 bytes | Modified Date = 11.07.2008 15:50:26 | Attr = ]
ctxfispi.exe -> %SystemRoot%\system32\CTxfispi.exe -> Creative Technology Ltd [Ver = 6.00.01.1283-2.14.1750 | Size = 969216 bytes | Modified Date = 11.07.2008 15:46:44 | Attr = ]
avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.1.325 | Size = 227856 bytes | Modified Date = 08.02.2008 18:36:14 | Attr = ]
pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 08.08.2008 19:25:37 | Attr = ]
rivatuner.exe -> %ProgramFiles%\RivaTuner v2.09\RivaTuner.exe -> [Ver = 2, 9, 0, 0 | Size = 2707456 bytes | Modified Date = 28.04.2008 20:25:00 | Attr = ]
eaxloadr.exe -> %ProgramFiles%\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe -> Creative Technology Ltd [Ver = 1.0.2.0 | Size = 40960 bytes | Modified Date = 21.10.2005 18:12:22 | Attr = ]
notiman.exe -> %ProgramFiles%\Creative\ShareDLL\CADI\NotiMan.exe -> Creative Technology Ltd. [Ver = 1.0.0.3 | Size = 94208 bytes | Modified Date = 01.02.2007 11:13:06 | Attr = ]
sgmain.exe -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 29.08.2003 19:05:35 | Attr = ]
sgbhp.exe -> %ProgramFiles%\SpywareGuard\sgbhp.exe -> [Ver = 2.02.0001 | Size = 233472 bytes | Modified Date = 29.08.2003 11:14:56 | Attr = ]
razertra.exe -> %ProgramFiles%\Razer\Lycosa\razertra.exe -> [Ver = 1, 0, 0, 1 | Size = 143360 bytes | Modified Date = 07.01.2008 13:28:02 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(ANIWZCSdService) ANIWZCSd Service [Win32_Shared | Auto | Stopped] -> %ProgramFiles%\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -> Wireless Service [Ver = 1, 0, 3, 7034 | Size = 49152 bytes | Modified Date = 19.01.2007 11:49:26 | Attr = ]
(AVP) Kaspersky Anti-Virus 7.0 [Win32_Own | Auto | Running] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.1.325 | Size = 227856 bytes | Modified Date = 08.02.2008 18:36:14 | Attr = ]
(Creative Audio Engine Licensing Service) Creative Audio Engine Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Creative Labs Shared\Service\CTAELicensing.exe -> Creative Labs [Ver = 2.80.012 | Size = 79360 bytes | Modified Date = 26.08.2008 19:10:18 | Attr = ]
(CTAudSvcService) Creative Audio Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Creative\Shared Files\CTAudSvc.exe -> Creative Technology Ltd [Ver = 3.1.39.0 | Size = 417792 bytes | Modified Date = 30.04.2008 10:27:50 | Attr = ]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 08.08.2008 19:25:37 | Attr = ]
(KPF4) Kerio Personal Firewall 4 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Kerio\Personal Firewall 4\kpf4ss.exe -> Kerio Technologies [Ver = 4.2.2 | Size = 1617920 bytes | Modified Date = 10.10.2005 09:58:14 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
amd_dc_opt -> %ProgramFiles%\AMD\Dual-Core Optimizer\amd_dc_opt.exe [C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe] -> AMD [Ver = 1, 1, 3, 0 | Size = 77824 bytes | Modified Date = 23.07.2007 11:06:28 | Attr = ]
AudioDrvEmulator -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe ["C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"] -> Creative Technology Ltd. [Ver = 1.0.25.0 | Size = 49152 bytes | Modified Date = 04.11.2005 18:07:56 | Attr = ]
AVP -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe ["C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"] -> Kaspersky Lab [Ver = 7.0.1.325 | Size = 227856 bytes | Modified Date = 08.02.2008 18:36:14 | Attr = ]
Cpu Level Up help -> %ProgramFiles%\ASUS\AI Suite\CpuLevelUpHelp.exe [C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe] -> [Ver = 1.0.2.0 | Size = 881152 bytes | Modified Date = 30.11.2007 20:03:28 | Attr = ]
CPU Power Monitor -> %ProgramFiles%\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe ["C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"] -> [Ver = 1.0.0.2 | Size = 626176 bytes | Modified Date = 16.10.2007 11:35:42 | Attr = ]
CTDVDDET -> %ProgramFiles%\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe ["C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"] -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 18.06.2003 01:00:00 | Attr = ]
CTHelper -> %SystemRoot%\system32\CtHelper.exe [CTHELPER.EXE] -> Creative Technology Ltd [Ver = 6.00.01.1283-2.14.1610 | Size = 19456 bytes | Modified Date = 20.02.2008 20:58:44 | Attr = ]
CTxfiHlp -> %SystemRoot%\system32\Ctxfihlp.exe [CTXFIHLP.EXE] -> Creative Technology Ltd [Ver = 6.00.01.1283-2.14.1750 | Size = 19968 bytes | Modified Date = 11.07.2008 15:50:26 | Attr = ]
D-Link D-Link RangeBooster N DWA-140 -> %ProgramFiles%\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe [C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe] -> D-Link [Ver = 4, 1, 2, 820 | Size = 1671168 bytes | Modified Date = 20.08.2007 14:05:24 | Attr = ]
Lycosa -> %ProgramFiles%\Razer\Lycosa\razerhid.exe ["C:\Program Files\Razer\Lycosa\razerhid.exe"] -> Razer USA Ltd. [Ver = 1, 0, 0, 1 | Size = 147456 bytes | Modified Date = 20.11.2007 16:53:36 | Attr = ]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.7519 | Size = 13529088 bytes | Modified Date = 16.05.2008 14:01:00 | Attr = ]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.7519 | Size = 86016 bytes | Modified Date = 16.05.2008 14:01:00 | Attr = ]
nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [Ver = | Size = 1630208 bytes | Modified Date = 16.05.2008 14:01:00 | Attr = ]
RCSystem -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe ["C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup] -> Creative Technology Ltd. [Ver = 1.0.25.0 | Size = 49152 bytes | Modified Date = 04.11.2005 18:07:56 | Attr = ]
RivaTuner -> %ProgramFiles%\RivaTuner v2.09\RivaTuner.exe ["C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /T] -> [Ver = 2, 9, 0, 0 | Size = 2707456 bytes | Modified Date = 28.04.2008 20:25:00 | Attr = ]
RivaTunerStartupDaemon -> %ProgramFiles%\RivaTuner v2.09\RivaTuner.exe ["C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S] -> [Ver = 2, 9, 0, 0 | Size = 2707456 bytes | Modified Date = 28.04.2008 20:25:00 | Attr = ]
UpdReg -> %SystemRoot%\Updreg.EXE [C:\WINDOWS\UpdReg.EXE] -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 11.05.2000 01:00:00 | Attr = ]
VolPanel -> %ProgramFiles%\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe ["C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r] -> Creative Technology Ltd [Ver = 2.0.7.0 | Size = 122880 bytes | Modified Date = 28.07.2006 09:56:48 | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Øivind Startup Folder > -> C:\Documents and Settings\Øivind\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\SpywareGuard.lnk -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 29.08.2003 19:05:35 | Attr = ]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
-> -> File not found
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 28.08.2008 15:52:39 | Attr = ]
{81559C35-8464-49F7-BB0E-07A383BEF910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SpywareGuard\spywareguard.dll [] -> [Ver = 2.02 | Size = 126976 bytes | Modified Date = 02.08.2003 23:20:57 | Attr = R ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 13.06.2007 12:23:07 | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 04.08.2004 14:00:00 | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 04.08.2004 14:00:00 | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 26.10.2007 05:36:51 | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 04.08.2004 14:00:00 | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.DLL -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1048 | Size = 352256 bytes | Modified Date = 28.08.2008 15:52:39 | Attr = ]
klogon -> %SystemRoot%\system32\klogon.dll -> Kaspersky Lab [Ver = 7.0.1.325 | Size = 219664 bytes | Modified Date = 08.02.2008 18:37:44 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
Reg Error: Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> ->
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 04.08.2004 14:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
< Drives with AutoRun files > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 25.06.2008 15:59:18 | Attr = ]
AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 27.04.2008 20:13:24 | Attr = ]
< HOSTS File > (250769 bytes and 8786 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://vg.no/ ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4609 domain(s) found. ->
41 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6797 domain(s) found. ->
47 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. ->
Marvell [:Range = 127.0.0.1] -> http = Local intranet | ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22.10.2006 23:08:42 | Attr = ]
{41353F8B-78CE-48A5-BE44-153ED293D192} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\PopupPopper\PopLib.dll [Control Popups in Internet Explorer] -> Bayden Systems [Ver = 1.6.1.5 | Size = 109568 bytes | Modified Date = 26.05.2003 23:41:55 | Attr = ]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [Ver = 2.02 | Size = 192512 bytes | Modified Date = 02.08.2003 23:24:01 | Attr = R ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28.01.2008 11:43:28 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10.06.2008 04:27:02 | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 10.06.2008 04:27:02 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10.06.2008 04:27:02 | Attr = ]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}:BandCLSID -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> Kaspersky Lab [Ver = 7.0.1.325 | Size = 223760 bytes | Modified Date = 08.02.2008 18:37:52 | Attr = ]
{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}:Exec -> %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [PokerStars] -> PokerStars [Ver = 1.120 | Size = 603416 bytes | Modified Date = 01.09.2008 10:28:48 | Attr = ]
{3E94F358-9537-4BBA-8D12-D7F8A0136973}:Exec -> %ProgramFiles%\PopupPopper\SiteList.exe [PopupPopper Control Panel] -> Bayden Systems [Ver = 1.5.1.4 | Size = 67584 bytes | Modified Date = 26.05.2003 08:30:47 | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28.01.2008 11:43:28 | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{32815B77-6891-404B-A6CD-DA7926FFE6BB} -> 193.213.112.4,130.67.60.68 (D-Link DWA-140 RangeBooster N USB Adapter) ->
{33BD519D-F9D1-461D-990E-5AE414EC6025} -> (Windows Mobile-based Device) ->
{6ED0AA5B-9546-4B3E-8630-35C1D95ED623} -> (Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller) ->
{DB270EE0-F019-4276-B87F-93270A5E5F89} -> (1394 Net Adapter) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 24.07.2007 15:17:08 | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0D41B8C5-2599-4893-8183-00195EC8D5F9}[HKEY_LOCAL_MACHINE] -> http://support.asus.com/common/asusTek_sys_ctrl.cab[asusTek_sysctrl Class] ->
{0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://www.pcpitstop.com/betapit/PCPitStop.CAB[PCPitstop Utility] ->
{1E54D648-B804-468d-BC78-4AFFED8E262E}[HKEY_LOCAL_MACHINE] -> http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab[System Requirements Lab Class] ->
{6C269571-C6D7-4818-BCA4-32A035E8C884}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab[Creative Software AutoUpdate] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214420172312[MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}[HKEY_LOCAL_MACHINE] -> http://www.adobe.com/products/acrobat/nos/gp.cab[get_atlcom Class] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
{F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/softwareupdate/su/ocx/15105/CTPID.cab[Creative Software AutoUpdate Support Package] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\\{F6ACF75C-C32C-447B-9BEF-46B766368D29} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/asusTek_sys_ctrl.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/asusTek_sys_ctrl.dll\\.Owner -> {0D41B8C5-2599-4893-8183-00195EC8D5F9} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/asusTek_sys_ctrl.dll\\{0D41B8C5-2599-4893-8183-00195EC8D5F9} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/CTSUEng.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/CTSUEng.ocx\\.Owner -> {6C269571-C6D7-4818-BCA4-32A035E8C884} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/CTSUEng.ocx\\{6C269571-C6D7-4818-BCA4-32A035E8C884} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/CTSUEngn.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/CTSUEngn.ocx\\.Owner -> {6C269571-C6D7-4818-BCA4-32A035E8C884} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/CTSUEngn.ocx\\{6C269571-C6D7-4818-BCA4-32A035E8C884} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/sysreqlab3.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/sysreqlab3.dll\\.Owner -> {1E54D648-B804-468d-BC78-4AFFED8E262E} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/sysreqlab3.dll\\{1E54D648-B804-468d-BC78-4AFFED8E262E} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\.Owner -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop3D.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop3D.dll\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop3D.dll\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04.08.2004 14:00:00 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15.06.2005 19:49:30 | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04.08.2004 14:00:00 | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25.04.2007 16:21:15 | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 04.08.2004 14:00:00 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1156 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 04.08.2004 14:00:00 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 04.08.2004 14:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> AA 22 7F 7B F2 10 A0 E7 17 F8 BD 6E A4 97 3E E3 34 63 32 31 35 37 34 61 00 FD 07 00 0D 4D 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 53 3F 00 16 63 69 21 31 BE 08 74 4C [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> F6 81 DA 5B F3 B2 D8 D2 33 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> B0 70 A1 15 EC C2 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 04.08.2004 14:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> E0 D5 06 F9 BF 9D 0D 52 88 F1 E1 16 08 41 83 A8 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 22 0E 7C 65 ED D6 C8 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04.08.2004 14:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlS
  • 0

#12
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
How big is the file??
  • 0

#13
Conkey

Conkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
about 790kb
  • 0

#14
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Conkey

When I look at the Attachments area of the Reply window at my side it says

Attachment space used 332.38K of 20MB

on the LHS &

Max. single upload size: 2MB

on the right.
Is that the same on yours??
  • 0

#15
Conkey

Conkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I can only attach up to 500k. (Attachment space used 0bytes of 500K)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP