404 Error On Bitdefender.com After Smitfraud Attack

Hi!


My computer was attacked by Smitfraud, and I am following the steps on http://answers.yahoo.com/question/index?qi...25024805AAHSixB to recover. The thing is: with the infected computer, I can't get access to www.bitdefender.com. I get a 404 error right away. I suspect Smitfraud screwed up some settings to achieve this 404 error. Does anyonne know how to fix this?


Answers highly appreciated


--Ma

Comments

  • Hello maerasfaloth,


    Please download Deckard's System Scanner. You need to save it on your desktop. Close all other applications and windows. First right click on dss(.exe) and choose for run as administrator. Now double click on dss(.exe) Confirm the warnings. It can take a while. Please copy the content of main and extra textfiles. Extra will be minimized and paste it at your next post. Because it will be large spread them about a few posts.


    Kind regards,


    Niels


    PS: I've moved your topic to a more appropriate forum section (malware section).

  • maerasfaloth
    edited August 2008

    Thanks!


    This is the result from running Deckard's System Scanner. This is from a Norwegian XP, by the way, so Common Files is Fellesfiler, Application Data is Programdata and Program Files is Programfiler :)


    main.txt:


    Deckard's System Scanner v20071014.68


    Run by ***** on 2008-08-09 12:38:58


    Computer is in Normal Mode.


    --------------------------------------------------------------------------------


    -- System Restore --------------------------------------------------------------


    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --


    26: 2008-08-09 10:39:06 UTC - RP184 - Deckard's System Scanner Restore Point


    25: 2008-08-07 20:44:58 UTC - RP183 - Installed SUPERAntiSpyware Free Edition


    24: 2008-08-06 16:18:22 UTC - RP182 - Software Distribution Service 3.0


    23: 2008-08-05 18:35:43 UTC - RP181 - Installed Before You Know It


    22: 2008-08-05 11:39:46 UTC - RP180 - Software Distribution Service 3.0


    -- First Restore Point --


    1: 2008-05-16 20:23:19 UTC - RP159 - Software Distribution Service 3.0


    Backed up registry hives.


    Performed disk cleanup.


    -- HijackThis Clone ------------------------------------------------------------


    Emulating logfile of Trend Micro HijackThis v2.0.2


    Scan saved at 2008-08-09 12:40:29


    Platform: Windows XP Service Pack 3 (5.01.2600)


    MSIE: Internet Explorer (7.00.6000.16674)


    Boot mode: Normal


    Running processes:


    C:\WINDOWS\system32\smss.exe


    C:\WINDOWS\system32\winlogon.exe


    C:\WINDOWS\system32\services.exe


    C:\WINDOWS\system32\lsass.exe


    C:\WINDOWS\system32\ati2evxx.exe


    C:\WINDOWS\system32\svchost.exe


    C:\WINDOWS\system32\svchost.exe


    C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe


    C:\WINDOWS\system32\spoolsv.exe


    C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    C:\WINDOWS\system32\CTSVCCDA.EXE


    C:\Programfiler\Creative\Shared Files\CTDevSrv.exe


    C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe


    C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe


    C:\Programfiler\F-Secure\common\FSMA32.EXE


    C:\Programfiler\F-Secure\Anti-Virus\fsgk32.exe


    C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe


    C:\Programfiler\F-Secure\common\FSMB32.EXE


    C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\mdm.exe


    C:\WINDOWS\system32\svchost.exe


    C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe


    C:\Programfiler\F-Secure\common\FCH32.EXE


    C:\Programfiler\F-Secure\common\FAMEH32.EXE


    C:\Programfiler\F-Secure\Anti-Virus\fsqh.exe


    C:\Programfiler\F-Secure\common\FNRB32.exe


    C:\Programfiler\F-Secure\Anti-Virus\fssm32.exe


    C:\Programfiler\F-Secure\FSAUA\program\fsaua.exe


    C:\Programfiler\F-Secure\common\FIH32.exe


    C:\WINDOWS\explorer.exe


    C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe


    C:\Programfiler\HP\HP Software Update\hpwuSchd2.exe


    C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe


    C:\Programfiler\HP\QuickPlay\QPService.exe


    C:\Programfiler\HPQ\Quick Launch Buttons\eabservr.exe


    C:\Programfiler\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe


    C:\Programfiler\QuickTime\QTTask.exe


    C:\Programfiler\iTunes\iTunesHelper.exe


    C:\Programfiler\F-Secure\common\FSM32.EXE


    C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe


    C:\WINDOWS\system32\ctfmon.exe


    C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


    C:\Programfiler\Skype\Phone\Skype.exe


    C:\Programfiler\MSN Messenger\msnmsgr.exe


    C:\Programfiler\DNA\btdna.exe


    C:\Programfiler\DAEMON Tools\daemon.exe


    C:\Programfiler\Creative\Creative Media Lite\CTZDetec.exe


    C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe


    C:\Programfiler\F-Secure\FSGUI\fsguidll.exe


    C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe


    C:\Programfiler\F-Secure\Anti-Virus\fsav32.exe


    C:\Programfiler\iPod\bin\iPodService.exe


    C:\Programfiler\HPQ\shared\HpqToaster.exe


    C:\Programfiler\Skype\Plugin Manager\skypePM.exe


    C:\Documents and Settings\*****\Skrivebord\dss.exe


    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s


    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/


    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger


    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch


    O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll


    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll


    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll


    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


    O2 - BHO: QXK Olive - {86A223EE-081B-4CF9-98FB-52514CE4A8E1} - C:\WINDOWS\wnlmdakqenv.dll (file missing)


    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll


    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programfiler\Google\GoogleToolbar4.dll


    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll


    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programfiler\Google\GoogleToolbar4.dll


    O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"


    O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe


    O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe


    O4 - HKLM\..\Run: [QPService] "C:\Programfiler\HP\QuickPlay\QPService.exe"


    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start


    O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe


    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe


    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe


    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime


    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"


    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\F-Secure\Common\FSM32.EXE" /splash


    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programfiler\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW


    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"


    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"


    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe


    O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


    O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized


    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background


    O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe"


    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033


    O4 - HKCU\..\Run: [CTZDetec.exe] C:\Programfiler\Creative\Creative Media Lite\CTZDetec.exe


    O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe


    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')


    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')


    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')


    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')


    O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe


    O4 - Global Startup: VPN Client.lnk = ?


    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000


    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000


    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll


    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll


    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll


    O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)


    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe


    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe


    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe


    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe


    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab


    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/3/9...heckControl.cab


    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab


    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab


    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programfiler\MSN Messenger\msgrapp.8.1.0178.00.dll


    O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll


    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programfiler\MSN Messenger\msgrapp.8.1.0178.00.dll


    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programfiler\Fellesfiler\Microsoft Shared\Web Components\11\OWC11.DLL


    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programfiler\Fellesfiler\Skype\Skype4COM.dll


    O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE12\MSOXMLMF.DLL


    O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll


    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe


    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe


    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE


    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Programfiler\Creative\Shared Files\CTDevSrv.exe


    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe


    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe


    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programfiler\F-Secure\common\FNRB32.exe


    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programfiler\F-Secure\FSAUA\program\fsaua.exe


    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\F-Secure\common\FSMA32.EXE


    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe


    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe


    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe


    O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe


    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe


    O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Programfiler\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe


    --


    End of file - 11536 bytes


    -- File Associations -----------------------------------------------------------


    .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


    .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------


    All drivers whitelisted.


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------


    R2 Apple Mobile Device - "c:\programfiler\fellesfiler\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


    R2 CTDevice_Srv (CT Device Query service) - c:\programfiler\creative\shared files\ctdevsrv.exe <Not Verified; Creative Technology Ltd; CTDevSrv Application>


    S3 Tomcat5 (Apache Tomcat) - "c:\programfiler\apache software foundation\tomcat 5.5\bin\tomcat5.exe" //rs//tomcat5 <Not Verified; Apache Software Foundation; Service Runner>


    -- Device Manager: Disabled ----------------------------------------------------


    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}


    Description: vsdatant


    Device ID: ROOT\LEGACY_VSDATANT\0000


    Manufacturer:


    Name: vsdatant


    PNP Device ID: ROOT\LEGACY_VSDATANT\0000


    Service: vsdatant


    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}


    Description: Cisco Systems VPN Adapter


    Device ID: ROOT\NET\0000


    Manufacturer: Cisco Systems


    Name: Cisco Systems VPN Adapter


    PNP Device ID: ROOT\NET\0000


    Service: CVirtA


    -- Scheduled Tasks -------------------------------------------------------------


    2008-07-18 23:28:04 282 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2008-07-09 and 2008-08-09 -----------------------------


    2008-08-07 22:45:00 0 d-------- C:\Programfiler\SUPERAntiSpyware


    2008-08-07 22:13:58 3288 --a------ C:\WINDOWS\system32\tmp.reg


    2008-08-07 22:13:27 0 d-------- C:\SmitfraudFix


    2008-08-07 22:13:15 1479127 --a------ C:\SmitfraudFix.exe


    2008-08-07 22:01:01 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


    2008-08-07 14:35:43 139264 --a------ C:\WINDOWS\epgk.exe


    2008-08-05 20:35:44 0 d-------- C:\Programfiler\Transparent


    2008-08-05 14:15:39 0 d-------- C:\WINDOWS\Prefetch


    2008-08-05 14:06:35 0 d-------- C:\WINDOWS\l2schemas


    2008-08-05 14:06:34 0 d-------- C:\WINDOWS\system32\no


    2008-08-05 14:06:33 0 d-------- C:\WINDOWS\system32\bits


    2008-08-05 13:57:23 0 d-------- C:\WINDOWS\ServicePackFiles


    2008-08-05 13:47:16 0 d-------- C:\WINDOWS\EHome


    -- Find3M Report ---------------------------------------------------------------


    2008-08-09 12:34:26 0 d-------- C:\Documents and Settings\*****\Programdata\DNA


    2008-08-09 12:05:54 0 d-------- C:\Documents and Settings\*****\Programdata\Skype


    2008-08-07 22:45:00 0 d-------- C:\Documents and Settings\*****\Programdata\SUPERAntiSpyware.com


    2008-08-07 14:36:46 0 d-------- C:\Documents and Settings\*****\Programdata\TmpRecentIcons


    2008-08-05 20:35:43 0 d--h----- C:\Programfiler\InstallShield Installation Information


    2008-08-05 20:08:45 392308 --a------ C:\WINDOWS\system32\perfh014.dat


    2008-08-05 20:08:45 63328 --a------ C:\WINDOWS\system32\perfc014.dat


    2008-08-05 14:20:44 0 d-------- C:\Programfiler\MSN Messenger


    2008-08-05 14:13:50 0 d-------- C:\Documents and Settings\*****\Programdata\BitTorrent


    2008-08-05 14:07:30 0 d-------- C:\Programfiler\Messenger


    2008-08-05 14:06:32 0 d-------- C:\Programfiler\Movie Maker


    2008-08-05 13:56:52 0 d-------- C:\Programfiler\Windows NT


    2008-07-24 22:02:02 0 d-------- C:\Programfiler\Creative


    2008-07-14 21:02:31 0 d-------- C:\Programfiler\Java


    2008-07-14 20:28:27 0 d-------- C:\Documents and Settings\*****\Programdata\Creative


    2008-06-12 13:21:09 0 d-------- C:\Programfiler\Sun


    -- to be continued--

  • -- main.txt continued --


    -- Registry Dump ---------------------------------------------------------------


    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86A223EE-081B-4CF9-98FB-52514CE4A8E1}]


    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce


    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce


    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices


    CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE


    VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [08.09.2007 15:10:01]


    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system


    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system


    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run


    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer


    HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer


    Written by Bobbi Flekman 2006 ©


    GeneralFlags REG_DWORD 0 (0x0)


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]


    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [13.05.2008 10:13 77824]


    REGEDIT4


    "ChangePasswordUseKerberos"=dword:00000001


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions]


    "ProcessGroupPolicy"="ProcessGroupPolicy"


    00


    "MaxNoGPOListChangesInterval"=dword:000003c0


    00


    "RequiresSuccessfulRegistry"=dword:00000001


    "NoGPOListChanges"=dword:00000001


    "RequiresSuccessfulRegistry"=dword:00000001


    74,61,6c,6c,65,72,2c,41,70,70,6c,69,63,61,74,69,6f,6e,29,00,00


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify]


    "Impersonate"=dword:00000000


    "Unlock"="AtiUnLockEvent"


    "Logoff"="ChainWlxLogoffEvent"


    "Logoff"="CryptnetWlxLogoffEvent"


    "Asynchronous"=dword:00000001


    "Unlock"="WlDimsUnlock"


    "Asynchronous"=dword:00000001


    "Logoff"="SchedEventLogOff"


    "DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00


    "Asynchronous"=dword:00000001


    "Disconnect"="TSEventDisconnect"


    "EulaAccepted"=dword:00000000


    "Asynchronous"=dword:00000001


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SpecialAccounts]


    "ASPNET"=dword:00000000


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Credentials]


    !d;s/.*t//;s/


    [hkey.*/n


    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon


    !d;s/.*t//;s/


    [hkey.*/n


    DLLName REG_SZ Ati2evxx.dll


    !d;s/.*t//;s/


    [hkey.*/n


    Asynchronous REG_DWORD 0 (0x0)


    !d;s/.*t//;s/


    [hkey.*/n


    Asynchronous REG_DWORD 0 (0x0)


    !d;s/.*t//;s/


    [hkey.*/n


    DLLName REG_SZ cscdll.dll


    !d;s/.*t//;s/


    [hkey.*/n


    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy


    !d;s/.*t//;s/


    [hkey.*/n


    DLLName REG_SZ wlnotify.dll


    !d;s/.*t//;s/


    [hkey.*/n


    Asynchronous REG_DWORD 0 (0x0)


    !d;s/.*t//;s/


    [hkey.*/n


    Logoff REG_SZ WLEventLogoff


    !d;s/.*t//;s/


    [hkey.*/n


    DLLName REG_SZ WlNotify.dll


    !d;s/.*t//;s/


    [hkey.*/n


    Asynchronous REG_DWORD 0 (0x0)


    !d;s/.*t//;s/


    [hkey.*/n


    EulaAccepted REG_DWORD 0 (0x0)


    !d;s/.*t//;s/


    [hkey.*/n


    DLLName REG_SZ wlnotify.dll


    Written by Bobbi Flekman 2006 ©


    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    ApplicationGoo REG_BINARY 140200001002000000020000900434000000560053005f00560045005200530049004f004e005f00


    49004e0046004f0000000000bd04effe00000100000007000b000000000007000b0000003f0000000


    20000000400010001000000000000000000000000000000440000000100560061007200460069006c


    00650049006e0066006f00000000002400040000005400720061006e0073006c006100740069006f0


    06e00000000000904e404f0030000010053007400720069006e006700460069006c00650049006e00


    66006f000000cc03000001003000340030003900300034004500340000004a001900010043006f006


    d006d0065006e007400730000004300720079007300740061006c002000530051004c002000440065


    007300690067006e0065007200200037002e0030000000000088003400010043006f006d007000610


    06e0079004e0061006d006500000000005300650061006700610074006500200053006f0066007400


    7700610072006500200049006e0066006f0072006d006100740069006f006e0020004d0061006e006


    100670065006d0065006e0074002000470072006f00750070002c00200049006e0063002e000000ae


    00450001004c006500670061006c0043006f007000790072006900670068007400000043006f00700


    07900720069006700680074002000280063002900200031003900390031002d003100390039001000


    000000000000


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    DisableHeapLookAside REG_SZ 1


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    ApplicationGoo REG_BINARY 5409000054020000000200008c0334000000560053005f00560045005200530049004f004e005f00


    49004e0046004f0000000000bd04effe000001000200a8112e0400000200a8112e0400003f0000002


    00000000400000001000000000000000000000000000000ec020000010053007400720069006e0067


    00460069006c00650049006e0066006f000000c802000001003000300030003000300034006200300


    0000038001000010043006f006d006d0065006e007400730000004f007200690067006e0061006c00


    2000560065007200730069006f006e00000042001100010043006f006d00700061006e0079004e006


    1006d006500000000005300410050002000410047002c002000570061006c006c0064006f00720066


    00000000005a0019000100460069006c0065004400650073006300720069007000740069006f006e0


    0000000005300410050002000460072006f006e00740065006e006400200066006f00720020005700


    69006e0064006f0077007300000000003c000e000100460069006c006500560065007200730069006


    f006e000000000034003500320030002e0032002e0030002e00310030003700300000003200090001


    0049006e007400650072006e0061006c004e0061006d0065000000460045005700460052004f004e0


    05400000000007a002b0001004c006500670061006c0043006f007000790072006900670068000200


    000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000


    100530065007200760069006300650020005000610063006b00200033000000230054020000000200


    008c0334000000560053005f00560045005200530049004f004e005f0049004e0046004f000000000


    0bd04effe0000010003009e112604000003009e11260400003f000000200000000400000001000000


    000000000000000000000000ec020000010053007400720069006e006700460069006c00650049006


    e0066006f000000c8020000010030003000300030003000340062003000000038001000010043006f


    006d006d0065006e007400730000004f007200690067006e0061006c0020005600650072007300690


    06f006e00000042001100010043006f006d00700061006e0079004e0061006d006500000000005300


    410050002000410047002c002000570061006c006c0064006f0072006600000000005a00190001004


    60069006c0065004400650073006300720069007000740069006f006e000000000053004100500020


    00460072006f006e00740065006e006400200066006f0072002000570069006e0064006f007700730


    0000000003c000e000100460069006c006500560065007200730069006f006e000000000034003500


    310030002e0033002e0030002e003100300036003200000032000900010049006e007400650072006


    e0061006c004e0061006d0065000000460045005700460052004f004e005400000000007a002b0001


    004c006500670061006c0043006f007000790072006900670068000200000000000000010000004c0


    000003cfd060004000000000000006505000002000000030000000000010053006500720076006900


    6300650020005000610063006b0020003300000023005402000000020000200334000000560053005


    f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100000004


    00f003000000000400f00300003f00000000000000040001000100000000000000000000000000000


    07e020000010053007400720069006e006700460069006c00650049006e0066006f0000005a020000


    01003000340030003900300034004500340000002e000700010043006f006d00700061006e0079004


    e0061006d00650000000000530041005000200041004700000000005a0019000100460069006c0065


    004400650073006300720069007000740069006f006e00000000005300410050002000460072006f0


    06e00740065006e006400200066006f0072002000570069006e0064006f0077007300000000003600


    0b000100460069006c006500560065007200730069006f006e000000000034002e0030002e0030002


    e003100300030003800000000002c000600010049006e007400650072006e0061006c004e0061006d


    0065000000460052004f004e00540000005e001d0001004c006500670061006c0043006f007000790


    072006900670068007400000043006f0070007900720069006700680074002000a900200031003900


    390033002d0031003900390037002000530041005000200041004700000000002800000001004c006


    500670061006c0054007200610064000200000000000000010000004c0000003cfd06000400000000


    000000650500000200000003000000000001005300650072007600690063006500200050006100630


    06b0020003300000023005402000000020000180334000000560053005f0056004500520053004900


    4f004e005f0049004e0046004f0000000000bd04effe0000010000000400dd03000000000400dd030


    0003f0000000000000004000100010000000000000000000000000000007802000001005300740072


    0069006e006700460069006c00650049006e0066006f0000005402000001003000340030003900300


    034004500340000002e000700010043006f006d00700061006e0079004e0061006d00650000000000


    530041005000200041004700000000005a0019000100460069006c006500440065007300630072006


    9007000740069006f006e00000000005300410050002000460072006f006e00740065006e00640020


    0066006f0072002000570069006e0064006f00770073000000000034000a000100460069006c00650


    0560065007200730069006f006e000000000034002e0030002e0030002e0039003800390000002c00


    0600010049006e007400650072006e0061006c004e0061006d0065000000460052004f004e0054000


    0005e001d0001004c006500670061006c0043006f007000790072006900670068007400000043006f


    0070007900720069006700680074002000a900200031003900390033002d003100390039003700200


    0530041005000200041004700000000002800000001004c006500670061006c005400720061006400


    65006d000200000000000000010000004c0000003cfd0600040000000000000065050000020000000


    300000000000100530065007200760069006300650020005000610063006b002000330000002300


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    ApplicationGoo REG_BINARY 5802000054020000000200006c0734000000560053005f00560045005200530049004f004e005f00


    49004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f0000000


    00000000400040001000000000000000000000000000000cc060000010053007400720069006e0067


    00460069006c00650049006e0066006f0000005403000001003000340030003900300034004200300


    0000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d007000


    61006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006


    f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073


    006300720069007000740069006f006e00000000004d006900630072006f0073006f0066007400200


    0450078006300680061006e0067006500200053006500720076006500720020005300650074007500


    7000000036000b000100460069006c006500560065007200730069006f006e000000000035002e003


    5002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c


    004e0061006d00650000005300650074007500700000009c003c0001004c006500670061006c00430


    06f007000790072006900670068007400000043006f00700079007200690067006800740020000200


    000000000000010000004c0000003cfd0600050000000000000065050000020000000300000002000


    000530065007200760069006300650020005000610063006b002000340000002300


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    ApplicationGoo REG_BINARY 580200005402000000020000440234000000560053005f00560045005200530049004f004e005f00


    49004e0046004f0000000000bd04effe00000100010001000c000000010001000c000000000000000


    00000000400000001000000000000000000000000000000440000000000560061007200460069006c


    00650049006e0066006f00000000002400040000005400720061006e0073006c006100740069006f0


    06e00000000000904b004a4010000010053007400720069006e006700460069006c00650049006e00


    66006f00000080010000010030003400300039003000340042003000000040002000010043006f006


    d00700061006e0079004e0061006d00650000000000440065004c006f0072006d00650020004d0061


    007000700069006e0067000000440022000100500072006f0064007500630074004e0061006d00650


    0000000005200650067002000280044004c0069006200620079005c006d0073006600290000000000


    340014000100460069006c006500560065007200730069006f006e000000000031002e00300031002


    e0030003000310032000000380014000100500072006f006400750063007400560065007200730069


    006f006e00000031002e00300031002e003000300031003200000034001200010049006e007400650


    072006e0061006c004e0061006d00650000004d004e00470052004500470033003200000000000200


    000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000


    100530065007200760069006300650020005000610063006b002000330000002300


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    GlobalFlag REG_SZ 0x00200000


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    GlobalFlag REG_SZ 0x00200000


    DisableHeapLookAside REG_SZ 1


    DisableHeapLookAside REG_SZ 1


    ApplicationGoo REG_BINARY 140200001002000000020000b40234000000560053005f00560045005200530049004f004e005f00


    49004e0046004f0000000000bd04effe00000100350007000000000035000700000000003f0000000


    0000000040000000100000000000000000000000000000012020000010053007400720069006e0067


    00460069006c00650049006e0066006f000000ee01000001003000340030003900300034006200300


    0000042001100010043006f006d00700061006e0079004e0061006d00650000000000500065006f00


    70006c00650053006f00660074002c00200049006e0063002e0000000000280000000100460069006


    c0065004400650073006300720069007000740069006f006e00000000002a0005000100460069006c


    006500560065007200730069006f006e000000000037002e0035003300000000009c003c0001004c0


    06500670061006c0043006f007000790072006900670068007400000043006f007000790072006900


    6700680074002000a900200031003900380038002d0031003900390038002000500065006f0070006


    c00650053006f00660074002c00200049006e0063002e002000200041006c006c0020005200690067


    0068007400730020005200650073006500720076006500640000003c000a0001004f0072006900670


    069006e0061006c00460069006c0065006e0061006d00650000007000730064006d0074002e001000


    000000000000


    DisableHeapLookAside REG_SZ 1


    DisableHeapLookAside REG_SZ 1


    CheckAppHelp REG_DWORD 1 (0x1)


    ApplicationGoo REG_BINARY 000700005402000000020000840734000000560053005f00560045005200530049004f004e005f00


    49004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f0000000


    00000000400040001000000000000000000000000000000e4060000010053007400720069006e0067


    00460069006c00650049006e0066006f0000006003000001003000340030003900300034004200300


    0000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d007000


    61006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006


    f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073


    006300720069007000740069006f006e00000000004d006900630072006f0073006f0066007400200


    0450078006300680061006e0067006500200053006500720076006500720020005300650074007500


    7000000036000b000100460069006c006500560065007200730069006f006e000000000035002e003


    5002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c


    004e0061006d00650000005300650074007500700000009e003d0001004c006500670061006c00430


    06f007000790072006900670068007400000043006f00700079007200690067006800740020000200


    000000000000010000004c0000003cfd0600050000000000000065050000020000000000000000000


    000530065007200760069006300650020005000610063006b00200033000000240054020000000200


    00a40834000000560053005f00560045005200530049004f004e005f0049004e0046004f000000000


    0bd04effe00000100050005000700a807050005000700a8073f000000000000000400040001000000


    00000000000000000000000004080000010053007400720069006e006700460069006c00650049006


    e0066006f000000f0030000010030003400300039003000340042003000000018000000010043006f


    006d006d0065006e007400730000004c001600010043006f006d00700061006e0079004e0061006d0


    06500000000004d006900630072006f0073006f0066007400200043006f00720070006f0072006100


    740069006f006e000000680020000100460069006c006500440065007300630072006900700074006


    9006f006e00000000004d006900630072006f0073006f00660074002000450078006300680061006e


    00670065002000530065007200760065007200200053006500740075007000000036000b000100460


    069006c006500560065007200730069006f006e000000000035002e0035002e003100390036003000


    2e003700000000002c000600010049006e007400650072006e0061006c004e0061006d00650000005


    30065007400750070000000a600410001004c006500670061006c0043006f00700079007200690067


    0068007400000043006f00700079007200690067006800740020000200000000000000010000004c0


    000003cfd060005000000000000006505000002000000000000000000000053006500720076006900


    6300650020005000610063006b0020003300000024005402000000020000180434000000560053005


    f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100050005


    000700a807050005000700a8073f00000000000000040004000100000000000000000000000000000


    078030000010053007400720069006e006700460069006c00650049006e0066006f00000054030000


    010030003400300039003000340042003000000018000000010043006f006d006d0065006e0074007


    30000004c001600010043006f006d00700061006e0079004e0061006d006500000000004d00690063


    0072006f0073006f0066007400200043006f00720070006f0072006100740069006f006e000000680


    020000100460069006c0065004400650073006300720069007000740069006f006e00000000004d00


    6900630072006f0073006f00660074002000450078006300680061006e00670065002000530065007


    200760065007200200053006500740075007000000036000b000100460069006c0065005600650072


    00730069006f006e000000000035002e0035002e0031003900360030002e003700000000002c00060


    0010049006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000


    9a003b0001004c006500670061006c0043006f007000790072006900670068007400000043006f007


    00079007200690067006800740020000200000000000000010000004c0000003cfd06000500000000


    000000650500000200000000000000000000005300650072007600690063006500200050006100630


    06b002000330000002400


    ApplicationGoo REG_BINARY 140200001002000000020000040334000000560053005f00560045005200530049004f004e005f00


    49004e0046004f0000000000bd04effe000001001c0008000000000000000800000000003f0000000


    0000000040000000100000000000000000000000000000064020000010053007400720069006e0067


    00460069006c00650049006e0066006f0000004002000001003000340030003900300034006200300


    0000044001200010043006f006d00700061006e0079004e0061006d0065000000000043006f007200


    65006c00200043006f00720070006f0072006100740069006f006e0000004e0013000100460069006


    c0065004400650073006300720069007000740069006f006e000000000043006f00720065006c0020


    00530065007400750070002000570069007a00610072006400000000002c0006000100460069006c0


    06500560065007200730069006f006e000000000038002e0030003200380000004600130001004900


    6e007400650072006e0061006c004e0061006d006500000043006f00720065006c002000530065007


    400750070002000570069007a00610072006400000000006c00240001004c006500670061006c0043


    006f007000790072006900670068007400000043006f0070007900720069006700680074002000a90


    0200031003900390037002c00200043006f00720065006c00200043006f00720070006f0072000800


    000000000000


    ApplicationGoo REG_BINARY 140200001002000000020000380334000000560053005f00560045005200530049004f004e005f00


    49004e0046004f0000000000bd04effe0000010002000a0001000a0002000a0001000a00000000000


    0000000040001000100000000000000000000000000000098020000010053007400720069006e0067


    00460069006c00650049006e0066006f0000007402000001003000340030003900300034004500340


    000004a001500010043006f006d00700061006e0079004e0061006d00650000000000530079006d00


    61006e00740065006300200043006f00720070006f0072006100740069006f006e000000000060001


    c000100460069006c0065004400650073006300720069007000740069006f006e0000000000530079


    006d0061006e007400650063002000530079006d006500760065006e007400200049006e007300740


    061006c006c0065007200000034000a000100460069006c006500560065007200730069006f006e00


    00000000310030002e0032002e00310030002e003100000030000800010049006e007400650072006


    e0061006c004e0061006d006500000053004500560049004e005300540000007e002d0001004c0065


    00670061006c0043006f007000790072006900670068007400000043006f007000790072006900670


    06800740020002800430029002000530079006d0061006e00740065006300200043006f0072000100


    000000000000


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    DisableHeapLookAside REG_SZ 1


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    CheckAppHelp REG_DWORD 1 (0x1)


    DisableHeapLookAside REG_SZ 1


    CheckAppHelp REG_DWORD 1 (0x1)


    ApplicationGoo REG_BINARY 1402000010020000000200007c0334000000560053005f00560045005200530049004f004e005f00


    49004e0046004f0000000000bd04effe00000100000001000900260000000100090026003f0000000


    00000000400000001000000000000000000000000000000dc020000010053007400720069006e0067


    00460069006c00650049006e0066006f000000b802000001003000340030003900300034006200300


    0000066002700010043006f006d006d0065006e0074007300000042007500730069006e0065007300


    7300200049006e00740065006c006c006900670065006e006300650020006f006e002000450076006


    5007200790020004400650073006b0074006f0070000000000048001400010043006f006d00700061


    006e0079004e0061006d0065000000000043006f0067006e006f007300200049006e0063006f00720


    070006f0072006100740065006400000060001c000100460069006c00650044006500730063007200


    69007000740069006f006e000000000043006f0067006e006f0073002000470065006e00650072006


    9006300200049006e007300740061006c006c006100740069006f006e00000038000c000100460069


    006c006500560065007200730069006f006e000000000031002c00200030002c002000330038002c0


    020003900000030000800010049006e007400650072006e0061006c004e0061006d00650000000100


    000000000000


    GlobalFlag REG_SZ 0x000010F0


    ApplicationGoo REG_BINARY 140200001002000000020000a40234000000560053005f00560045005200530049004f004e005f00


    49004e0046004f0000000000bd04effe00000100000001000100000000000100010000003f0000000


    0000000010001000100000000000000000000000000000004020000010053007400720069006e0067


    00460069006c00650049006e0066006f000000e001000001003000340030003900300034004500340


    0000020000000010043006f006d00700061006e0079004e0061006d00650000000000580018000100


    460069006c0065004400650073006300720069007000740069006f006e000000000049004e0053005


    40041004c004c0020004d004600430020004100700070006c00690063006100740069006f006e0000


    00300008000100460069006c006500560065007200730069006f006e000000000031002e0030002e0


    0300030003100000030000800010049006e007400650072006e0061006c004e0061006d0065000000


    49004e005300540041004c004c0000002400000001004c006500670061006c0043006f00700079007


    200690067006800740000002800000001004c006500670061006c00540072006100640065006d0061


    0072006b0073000000000040000c0001004f0072006900670069006e0061006c00460069006c00650


    06e0061006d006500000049004e005300540041004c004c002e004500580045000000300008000800


    000000000000


    "Notification Packages scecli


    Written by Bobbi Flekman 2006 ©


    Error: Key: software\microsoft\windows\currentversion\group policy\state does not exist!


    Written by Bobbi Flekman 2006 ©


    SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SaslProfiles


    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL


    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\WDigest


    SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.


    [hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\File system]


    @="Driver Group"


    [hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\RpcSs]


    @="Service"


    [hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\vgasave.sys]


    @="Driver"


    [hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]


    @="DiskDrive"


    [hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]


    @="Hdc"


    [hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]


    @="Keyboard"


    [hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]


    @="Mouse"


    [hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]


    @="System"


    [hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]


    @="Volume"


    SteelWerX Registry Console Tool 2.0


    Written by Bobbi Flekman 2006 ©


    Error: Key: software\microsoft\shared tools\msconfig\startupfolder does not exist!


    SteelWerX Registry Console Tool 2.0


    Written by Bobbi Flekman 2006 ©


    Error: Key: software\microsoft\shared tools\msconfig\startupreg does not exist!


    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs


    Written by Bobbi Flekman 2006 ©


    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components


    7,0,5730,0


    *


    2,0,0,0


    6,0,5730,11


    1 (0x1)


    2,0,0,0


    EN


    EN


    Macromedia Shockwave Director 9.0


    11,0,5721,5145


    11,0,5721,5145


    Adobe Shockwave Director 10.3


    DirectAnimation


    Adobe Shockwave Director 10.3


    1,1,1,7


    4,7,0,0320


    *


    1,397,2406,1


    Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)


    6,0,2900,2180


    1 (0x1)


    NO


    11,0,5721,5145


    4,71,1113,0


    7,0,5730,11


    6,00,01,0223


    5,6,0,8820


    C:\Programfiler\Messenger\msmsgs.exe


    5,00,2918,1900


    7,0,5730,11


    C:\WINDOWS\system32\msieftp.dll


    11,0,5721,5145


    4,9,9,2


    1,0,1,7


    WAB


    no


    en


    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix


    2 (0x2)


    1 (0x1)


    7,0,5730,11


    6,0,5730,11


    .NET Framework


    4,71,1968,1


    2,1,4026,0


    EN


    6,0,5730,11


    5,0,00,0


    -- End of Deckard's System Scanner: finished at 2008-08-09 12:41:39 ------------

  • extra.txt:


    Deckard's System Scanner v20071014.68


    Extra logfile - please post this as an attachment with your post.


    --------------------------------------------------------------------------------


    -- System Information ----------------------------------------------------------


    Microsoft Windows XP Home Edition (build 2600) SP 3.0


    Architecture: X86; Language: Norwegian


    CPU 0: Mobile AMD Sempron Processor 3100+


    Percentage of Memory in Use: 25%


    Physical Memory (total/avail): 2046.17 MiB / 1514.95 MiB


    Pagefile Memory (total/avail): 2660.15 MiB / 2112.71 MiB


    Virtual Memory (total/avail): 2047.88 MiB / 1943.81 MiB


    C: is Fixed (NTFS) - 54.89 GiB total, 20.19 GiB free.


    D: is Removable (FAT)


    E: is CDROM (No Media)


    F: is CDROM (No Media)


    \\.\PHYSICALDRIVE0 - ST960812A - 55.89 GiB - 2 partitions


    \PARTITION0 (bootable) - Installerbart filsystem - 54.89 GiB - C:


    \PARTITION1 - Unknown - 1027.6 MiB


    \\.\PHYSICALDRIVE1 - USB 2.0 FlashDisk USB Device - 243.17 MiB - 1 partition


    \PARTITION0 - MS-DOS V4 Huge - 247.58 MiB - D:


    -- Security Center -------------------------------------------------------------


    AUOptions is scheduled to auto-install.


    -- Environment Variables -------------------------------------------------------


    ALLUSERSPROFILE=C:\Documents and Settings\All Users


    APPDATA=C:\Documents and Settings\*****\Programdata


    CLASSPATH=.;C:\Programfiler\Java\jre1.5.0_10\lib\ext\QTJava.zip


    CLIENTNAME=Console


    CommonProgramFiles=C:\Programfiler\Fellesfiler


    COMPUTERNAME=PAPRIKA


    ComSpec=C:\WINDOWS\system32\cmd.exe


    FP_NO_HOST_CHECK=NO


    HOMEDRIVE=C:


    HOMEPATH=\Documents and Settings\*****


    LOGONSERVER=\\PAPRIKA


    NpmLib=C:\Norman\Npm\Bin


    NUMBER_OF_PROCESSORS=1


    OS=Windows_NT


    Path=C:\Programfiler\MiKTeX 2.5\miktex\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programfiler\ATI Technologies\ATI Control Panel;C:\Programfiler\QuickTime\QTSystem\;C:\Norman\Npm\Bin


    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH


    PCTYPE=PAVILION


    PLATFORM=MCD


    PROCESSOR_ARCHITECTURE=x86


    PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD


    PROCESSOR_LEVEL=15


    PROCESSOR_REVISION=2c02


    ProgramFiles=C:\Programfiler


    PROMPT=$P$G


    QTJAVA=C:\Programfiler\Java\jre1.5.0_10\lib\ext\QTJava.zip


    SESSIONNAME=Console


    SonicCentral=C:\Programfiler\Fellesfiler\Sonic Shared\Sonic Central\


    SystemDrive=C:


    SystemRoot=C:\WINDOWS


    TEMP=C:\DOCUME~1\ANJASV~1\LOKALE~1\Temp


    TMP=C:\DOCUME~1\ANJASV~1\LOKALE~1\Temp


    USERDOMAIN=PAPRIKA


    USERNAME=*****


    USERPROFILE=C:\Documents and Settings\*****


    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------


    ***** (admin)


    -- Add/Remove Programs ---------------------------------------------------------


    --> "C:\Programfiler\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"


    --> "C:\Programfiler\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"


    --> "C:\Programfiler\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"


    --> "C:\Programfiler\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"


    --> "C:\Programfiler\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"


    --> "C:\Programfiler\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"


    --> "C:\Programfiler\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"


    --> "C:\Programfiler\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"


    --> "C:\Programfiler\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"


    --> "C:\Programfiler\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"


    --> "C:\Programfiler\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"


    --> "C:\Programfiler\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Policy Manager Support"


    --> "C:\Programfiler\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"


    --> "C:\Programfiler\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"


    --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}


    --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}


    --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}


    --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9


    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf


    Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}


    Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe


    Adobe Reader 8.1.2 - Norsk --> MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A81200000003}


    Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log


    AdVantage (Powering DAEMON Tools) --> "C:\Programfiler\AdVantage\AdVUninst.exe" /r DAEM /d "AdVantage (Powering DAEMON Tools)" /m "AdVantage is safe advertising software that supports Freeze.com.\nAdVantage is certified by TRUSTe as a Trusted Download.\n\nAre you sure you want to uninstall AdVantage support for DAEMON Tools?"


    Apache Tomcat 5.5 (remove only) --> "C:\Programfiler\Apache Software Foundation\Tomcat 5.5\Uninstall.exe"


    Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}


    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}


    Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x14


    ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean


    ATI Kontrollpanel --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"


    Before You Know It 3.6 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{FC842F4A-1629-417E-83C3-4FB4D9BCB0C3}\Setup.exe" -l0x9


    BitTorrent 6.0 --> C:\Programfiler\BitTorrent\uninst.exe


    BMC Remedy Administrator 7.0 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{2ED57E6C-7276-4430-86DE-49D2007303B6}\setup.exe" -l0x9 Adminuninstall -removeonly


    BMC Remedy User 7.0 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{1F695CFF-C3A2-4A06-8D40-2FC93BC4208A}\setup.exe" -l0x9 Useruninstall -removeonly


    Cisco Systems VPN Client 5.0.00.0340 --> MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}


    Conexant AC-Link Audio --> C:\Programfiler\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -ICPL309BA.INF


    Creative Media Lite --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9 /remove


    Creative ZEN Stone Plus User's Guide --> "C:\Programfiler\Creative\Creative ZEN Stone Plus\UGRemove.exe" /Product_Name:ZENStonePlusUG


    Crystal11_Redistributables --> MsiExec.exe /I{154A9EEB-05FC-45E6-B7BD-75D27ED02276}


    DNA --> "C:\Programfiler\DNA\btdna.exe" /UNINSTALL


    F-Secure Anti-Virus for Workstations – Beskyttelse mot virus/spionprogrammer --> "C:\Programfiler\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"


    Forbedret kundeopplevelse --> C:\PROGRA~1\FELLES~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1044


    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\programfiler\google\googletoolbar4.dll"


    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"


    HP Help and Support --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x14 -removeonly


    HP Imaging Device Functions 6.0 --> C:\Programfiler\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat


    HP Photosmart Premier Software 6.0 --> C:\Programfiler\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat


    HP QuickPlay 2.0 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall


    HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}


    HP User Guides--System Recovery --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\Setup.exe" -l0x14 -removeonly


    HP User Guides 0025 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{52AE81CB-B786-490E-93CF-240A9891B392}\setup.exe" -l0x14 -removeonly


    HP Wireless Assistant 2.00 C1 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x14 hpquninst


    Internett-tjenester --> C:\PROGRA~1\FELLES~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{5CFD7508-7774-48FE-8280-7A3C0AE71755} /l1044


    iPod for Windows 2006-01-10 --> C:\Programfiler\Fellesfiler\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1044


    iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}


    J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}


    J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}


    Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}


    Java 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}


    Java 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}


    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"


    Microsoft Office Access MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-0015-0414-0000-0000000FF1CE}


    Microsoft Office Enterprise 2007 --> "C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL


    Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}


    Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-0016-0414-0000-0000000FF1CE}


    Microsoft Office Groove MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-00BA-0414-0000-0000000FF1CE}


    Microsoft Office InfoPath MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-0044-0414-0000-0000000FF1CE}


    Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-00A1-0414-0000-0000000FF1CE}


    Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-001A-0414-0000-0000000FF1CE}


    Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-0018-0414-0000-0000000FF1CE}


    Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110414-6000-11D3-8CFE-0150048383C9}


    Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}


    Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}


    Microsoft Office Proof (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-001F-0414-0000-0000000FF1CE}


    Microsoft Office Proof (Norwegian (Nynorsk)) 2007 --> MsiExec.exe /X{90120000-001F-0814-0000-0000000FF1CE}


    Microsoft Office Proofing (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-002C-0414-0000-0000000FF1CE}


    Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-0019-0414-0000-0000000FF1CE}


    Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-006E-0414-0000-0000000FF1CE}


    Microsoft Office Word MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-001B-0414-0000-0000000FF1CE}


    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"


    MiKTeX 2.5 --> "C:\Programfiler\MiKTeX 2.5\miktex\bin\copystart.exe" "C:\Programfiler\MiKTeX 2.5\miktex\config\uninstall.dat"


    OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}


    Oppdatering for Windows XP (KB951978) --> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"


    PuTTY version 0.58 --> "C:\Programfiler\PuTTY\unins000.exe"


    Quick Launch Buttons 5.20 G1 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x14 -uninst


    QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}


    Remedy Administrator 6.3 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{ECD9DCB8-DB7C-4297-9C11-097AA15F2994}\Setup.exe" -l0x9 Adminuninstall


    Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log


    Sikkerhetsoppdatering for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"


    Sikkerhetsoppdatering for Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"


    Sikkerhetsoppdatering for Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"


    Sikkerhetsoppdatering for Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"


    Sikkerhetsoppdatering for Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"


    Sikkerhetsoppdatering for Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"


    Sikkerhetsoppdatering for Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"


    Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}


    Soft Data Fax Modem with SmartCP --> C:\Programfiler\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378\HXFSETUP.EXE -U -Icpl309bk.inf


    Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}


    Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}


    Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}


    Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}


    Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}


    Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}


    Sony Ericsson PC Suite --> MsiExec.exe /I{C037D08B-4883-491D-9329-DC5ACA90F797}


    SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}


    Synaptics Pointing Device Driver --> rundll32.exe "C:\Programfiler\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall


    Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\FELLES~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033


    TeXnicCenter Version 1 Beta 7.01 (Greengrass) --> "C:\Programfiler\TeXnicCenter\unins000.exe"


    TextPad 5 --> MsiExec.exe /X{B6EC7388-E277-4A5B-8C8F-71067A41BA64}


    Windows Live Messenger --> MsiExec.exe /I{B4C75EAB-B1B8-4120-B9AF-0852EAE4A434}


    Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}


    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


    Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"


    -- Application Event Log -------------------------------------------------------


    Event Record #/Type4919 / Warning


    Event Submitted/Written: 08/09/2008 00:04:33 PM


    Event ID/Source: 1001 / MsiInstaller


    Event Description:


    Gjenkjenning av produktet {5C82DAE5-6EB0-4374-9254-BE3319BA4E82} og funksjonen Phone mislyktes under forespørselen etter komponenten {57FF4446-590E-4894-AE39-D55928DBDE01}


    Event Record #/Type4918 / Warning


    Event Submitted/Written: 08/09/2008 00:04:33 PM


    Event ID/Source: 1004 / MsiInstaller


    Event Description:


    Gjenkjenning av produkt {5C82DAE5-6EB0-4374-9254-BE3319BA4E82}, funksjon Phone, komponent {98916693-F0B5-4923-8BC6-1F0E6A883411} mislyktes. Ressursen HKEY_CURRENT_USER\Software\Skype\Phone\FE_label finnes ikke.


    Event Record #/Type4913 / Warning


    Event Submitted/Written: 08/08/2008 08:35:39 PM


    Event ID/Source: 1001 / MsiInstaller


    Event Description:


    Gjenkjenning av produktet {5C82DAE5-6EB0-4374-9254-BE3319BA4E82} og funksjonen Phone mislyktes under forespørselen etter komponenten {57FF4446-590E-4894-AE39-D55928DBDE01}


    Event Record #/Type4912 / Warning


    Event Submitted/Written: 08/08/2008 08:35:39 PM


    Event ID/Source: 1004 / MsiInstaller


    Event Description:


    Gjenkjenning av produkt {5C82DAE5-6EB0-4374-9254-BE3319BA4E82}, funksjon Phone, komponent {98916693-F0B5-4923-8BC6-1F0E6A883411} mislyktes. Ressursen HKEY_CURRENT_USER\Software\Skype\Phone\FE_label finnes ikke.


    Event Record #/Type4906 / Warning


    Event Submitted/Written: 08/08/2008 06:23:46 PM


    Event ID/Source: 1001 / MsiInstaller


    Event Description:


    Gjenkjenning av produktet {5C82DAE5-6EB0-4374-9254-BE3319BA4E82} og funksjonen Phone mislyktes under forespørselen etter komponenten {57FF4446-590E-4894-AE39-D55928DBDE01}


    -- Security Event Log ----------------------------------------------------------


    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------


    Event Record #/Type30768 / Error


    Event Submitted/Written: 08/09/2008 00:20:46 PM


    Event ID/Source: 1 / sr


    Event Description:


    Systemgjenopprettingsfilteret fikk den uventede feilen 0xC000000D under behandling av filen BOOT.INI på volum HarddiskVolume2. Det har sluttet å overvåke volumet.


    Event Record #/Type30735 / Error


    Event Submitted/Written: 08/08/2008 09:15:24 PM


    Event ID/Source: 10010 / DCOM


    Event Description:


    Serveren {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} ble ikke registrert hos DCOM innen fristen for tidsavbrudd.


    Event Record #/Type30734 / Error


    Event Submitted/Written: 08/08/2008 09:14:54 PM


    Event ID/Source: 10010 / DCOM


    Event Description:


    Serveren {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} ble ikke registrert hos DCOM innen fristen for tidsavbrudd.


    Event Record #/Type30733 / Error


    Event Submitted/Written: 08/08/2008 09:14:23 PM


    Event ID/Source: 10010 / DCOM


    Event Description:


    Serveren {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} ble ikke registrert hos DCOM innen fristen for tidsavbrudd.


    Event Record #/Type30697 / Error


    Event Submitted/Written: 08/08/2008 08:33:41 PM


    Event ID/Source: 10005 / DCOM


    Event Description:


    DCOM fikk feilen "%%1084" ved forsøk på å starte tjenesten EventSystem med argument ""


    for å kunne kjøre server:


    {1BE1F766-5536-11D1-B726-00C04FB926AF}


    -- End of Deckard's System Scanner: finished at 2008-08-09 12:41:39 ------------

  • Check if the file c:\Windows\System32\Drivers\etc\hosts contains a line similar to this:


    127.0.0.1 www.bitdefender.com


    If it doesn, delete it and restart your computer.


    Best regards.

  • Hello maerasfaloth,


    If you can't follow cd-man's instructions please read this and do what he said.


    Please do this go to start,my computer,double click on the icon off your hard disk or partition where your software is installed open the Deckard folder after that open system scanner normally you should see hijackthis double click on it to run it choose do a system scan only.


    Check the following boxes :


    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


    O2 - BHO: QXK Olive - {86A223EE-081B-4CF9-98FB-52514CE4A8E1} - C:\WINDOWS\wnlmdakqenv.dll (file missing)


    Press on fix checked.


    I could find something suspicious.


    C:\WINDOWS\epgk.exe


    Can you please navigate to the windows folder and archive epgk.exe. To do that follow these instructions more specifically post 2. Make a new topic here. And upload the archive you have made this is easy to do once you are in the screen for creating a new topic scroll down until you see the Attachments section press on browse and navigate to the archive and press on upload. But there is a 2 MB file upload limit.


    Kind regards,


    Niels