Jump to content

Change Mode

dragnmastr85

Anti-Spyware Brigade
  • Posts

    1,427
  • Joined

  • Last visited

Posts posted by dragnmastr85

  1. "Silent Runners.vbs", revision 52, http://www.silentrunners.org/

    Operating System: Windows XP SP2

    Output limited to non-default values, except where indicated by "{++}"

     

     

    Startup items buried in registry:

    ---------------------------------

     

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

    "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

    "Aim6" = "(empty string)" [file not found]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"" ["Nero AG"]

    "Top Stats" = ""D:\PC Magazine Utilities\Top Stats\TopStats.exe"" ["Ziff Davis Media, Inc."]

     

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

    "Smapp" = "D:\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."]

    "DiskeeperSystray" = ""D:\Executive Software\Diskeeper\DkIcon.exe"" ["Executive Software International, Inc."]

    "lxcrmon.exe" = ""D:\Lexmark 2400 Series\lxcrmon.exe"" [null data]

    "EzPrint" = ""D:\Lexmark 2400 Series\ezprint.exe"" ["Lexmark International Inc."]

    "FaxCenterServer" = ""D:\Lexmark Fax Solutions\fm3032.exe" /s" [empty string]

    "SunJavaUpdateSched" = ""D:\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."]

    "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

    "PWRISOVM.EXE" = "D:\PowerISO\PWRISOVM.EXE" ["PowerISO Computing, Inc."]

    "StartCCC" = "D:\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [null data]

    "NeroFilterCheck" = "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" ["Nero AG"]

    "NBKeyScan" = ""D:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"" ["Nero AG"]

    "UltraMon" = ""D:\UltraMon\UltraMon.exe" /auto" ["Realtime Soft"]

    "QuickTime Task" = ""D:\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

    "laim" = ""D:\AIM Lite\aimlite.exe" -autorun" [null data]

    "egui" = ""D:\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["Eset"]

    "Zune Launcher" = ""D:\Zune\ZuneLauncher.exe"" [MS]

     

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

    -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

    \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

    -> {HKLM...CLSID} = "Spybot-S&D IE Protection"

    \InProcServer32\(Default) = "D:\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

    -> {HKLM...CLSID} = "SSVHelper Class"

    \InProcServer32\(Default) = "D:\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]

     

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"

    -> {HKLM...CLSID} = "Display Panning CPL Extension"

    \InProcServer32\(Default) = "deskpan.dll" [file not found]

    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"

    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

    \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

    "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

    -> {HKLM...CLSID} = "AlcoholShellEx"

    \InProcServer32\(Default) = "D:\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data]

    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

    -> {HKLM...CLSID} = "RealOne Player Context Menu Class"

    \InProcServer32\(Default) = "C:\Program Files\Real\rpshell.dll" ["RealNetworks, Inc."]

    "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

    -> {HKLM...CLSID} = "DesktopContext Class"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

    -> {HKLM...CLSID} = "Desktop Explorer"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

    -> {HKLM...CLSID} = "nView Desktop Context Menu"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

    "{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"

    -> {HKLM...CLSID} = "dBpShell Class"

    \InProcServer32\(Default) = "D:\Illustrate\dBpowerAMP\dBShell.dll" [empty string]

    "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"

    -> {HKLM...CLSID} = "dMCIShell Class"

    \InProcServer32\(Default) = "D:\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]

    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

    -> {HKLM...CLSID} = "iTunes"

    \InProcServer32\(Default) = "D:\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

    -> {HKLM...CLSID} = "NVIDIA CPL Extension"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

    "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"

    -> {HKLM...CLSID} = "PowerISO"

    \InProcServer32\(Default) = "D:\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

    "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"

    -> {HKLM...CLSID} = "SimpleShlExt Class"

    \InProcServer32\(Default) = "D:\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [empty string]

    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "D:\Microsoft Office\OFFICE11\msohev.dll" [MS]

    "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"

    -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"

    \InProcServer32\(Default) = "D:\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

    "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension"

    -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"

    \InProcServer32\(Default) = "D:\Eset\ESET NOD32 Antivirus\shellExt.dll" ["Eset"]

     

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

    "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    -> {HKLM...CLSID} = "WPDShServiceObj Class"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

     

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\

    <<!>> "Shell" = "Explorer.exe C:\WINDOWS\Config\lsass.exe" [MS], [file not found]

     

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

    <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

    <<!>> PCANotify\DLLName = "PCANotify.dll" ["Symantec Corporation"]

     

    HKLM\Software\Classes\PROTOCOLS\Filter\

    <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

     

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

    -> {HKLM...CLSID} = "PDF Shell Extension"

    \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    {FED7043D-346A-414D-ACD7-550D052499A7}\(Default) = "dBpowerAMP Column Handler"

    -> {HKLM...CLSID} = "dBpShell Class"

    \InProcServer32\(Default) = "D:\Illustrate\dBpowerAMP\dBShell.dll" [empty string]

     

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

    Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"

    -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"

    \InProcServer32\(Default) = "D:\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

    Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

    -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"

    \InProcServer32\(Default) = "D:\Eset\ESET NOD32 Antivirus\shellExt.dll" ["Eset"]

    MediaTagger\(Default) = "{335AD8E7-7F60-46FC-BFEE-68043F14218E}"

    -> {HKLM...CLSID} = "Media Tagger Context Menu Shell Extension"

    \InProcServer32\(Default) = "D:\MEDIAT~1\MTShell.dll" ["© Ladislav Dufek"]

    PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

    -> {HKLM...CLSID} = "PowerISO"

    \InProcServer32\(Default) = "D:\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data]

     

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

    MediaTagger\(Default) = "{335AD8E7-7F60-46FC-BFEE-68043F14218E}"

    -> {HKLM...CLSID} = "Media Tagger Context Menu Shell Extension"

    \InProcServer32\(Default) = "D:\MEDIAT~1\MTShell.dll" ["© Ladislav Dufek"]

    PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

    -> {HKLM...CLSID} = "PowerISO"

    \InProcServer32\(Default) = "D:\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data]

     

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

    Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

    -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"

    \InProcServer32\(Default) = "D:\Eset\ESET NOD32 Antivirus\shellExt.dll" ["Eset"]

    PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

    -> {HKLM...CLSID} = "PowerISO"

    \InProcServer32\(Default) = "D:\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data]

     

     

    Default executables:

    --------------------

     

    HKCU\Software\Classes\piffile\

     

     

    Group Policies {GPedit.msc branch and setting}:

    -----------------------------------------------

     

    Note: detected settings may not have any effect.

     

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

     

    "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

    Shutdown: Allow system to be shut down without having to log on}

     

    "undockwithoutlogon" = (REG_DWORD) hex:0x00000001

    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

    Devices: Allow undock without having to log on}

     

     

    Active Desktop and Wallpaper:

    -----------------------------

     

    Active Desktop may be disabled at this entry:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

     

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

    "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

     

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

    HKCU\Control Panel\Desktop\

    "Wallpaper" = "C:\Documents and Settings\Adam.STATIC_02\Local Settings\Application Data\Realtime Soft\UltraMon\UltraMon Wallpaper.bmp"

     

     

    Enabled Screen Saver:

    ---------------------

     

    HKCU\Control Panel\Desktop\

    "SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS]

     

     

    Startup items in "Adam" & "All Users" startup folders:

    ------------------------------------------------------

     

    C:\Documents and Settings\Adam.STATIC_02\Start Menu\Programs\Startup

    "DotColor" -> shortcut to: "D:\QuickTime\QTSystem\DotColor\DotColor.exe" ["Inetis d.o.o."]

     

     

    Winsock2 Service Provider DLLs:

    -------------------------------

     

    Namespace Service Providers

     

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

     

    Transport Service Providers

     

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11

    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

     

     

    Toolbars, Explorer Bars, Extensions:

    ------------------------------------

     

    Explorer Bars

     

    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

     

    HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"

    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

    InProcServer32\(Default) = "D:\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

     

    Extensions (Tools menu items, main toolbar menu buttons)

     

    HKLM\Software\Microsoft\Internet Explorer\Extensions\

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

    "MenuText" = "Sun Java Console"

    "CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"

    -> {HKCU...CLSID} = "Java Plug-in 1.6.0_02"

    \InProcServer32\(Default) = "D:\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]

    -> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"

    \InProcServer32\(Default) = "D:\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."]

     

    {92780B25-18CC-41C8-B9BE-3C9C571A8263}\

    "ButtonText" = "Research"

     

    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\

    "MenuText" = "Spybot - Search & Destroy Configuration"

    "CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"

    -> {HKLM...CLSID} = "Spybot-S&D IE Protection"

    \InProcServer32\(Default) = "D:\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

     

    {E2E2DD38-D088-4134-82B7-F2BA38496583}\

    "MenuText" = "@xpsp3res.dll,-20001"

    "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

     

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\

    "ButtonText" = "Messenger"

    "MenuText" = "Windows Messenger"

    "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

     

     

    Running Services (Display Name, Service Name, Path {Service DLL}):

    ------------------------------------------------------------------

     

    Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

    Diskeeper, Diskeeper, ""D:\Executive Software\Diskeeper\DkService.exe"" ["Executive Software International, Inc."]

    Eset Service, ekrn, ""D:\Eset\ESET NOD32 Antivirus\ekrn.exe"" ["Eset"]

    lxcr_device, lxcr_device, "C:\WINDOWS\system32\lxcrcoms.exe -service" [" "]

    M-Audio Series II MIDI Installer, MA_CMIDI_InstallerService, "D:\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe" [empty string]

    Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]

    Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "D:\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"]

    NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe"" ["Nero AG"]

    SoundMAX Agent Service, SoundMAX Agent Service (default), "D:\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]

    StarWind iSCSI Service, StarWindService, "D:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]

    Zune Network Sharing Service, ZuneNetworkSvc, "D:\Zune\ZuneNss.exe" [MS]

     

     

    Print Monitors:

    ---------------

     

    HKLM\System\CurrentControlSet\Control\Print\Monitors\

    2400 Series Port\Driver = "lxcrlmpm.dll" [" "]

    Canon BJ Language Monitor iP1600\Driver = "CNMLM75.DLL" ["CANON INC."]

    Lexmark Print-2-Fax Port\Driver = "LXPRMON.DLL" [empty string]

    Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

    PDF995 Monitor\Driver = "pdf995mon.dll" [null data]

     

     

    ---------- (launch time: 2007-09-26 15:50:53)

    <<!>>: Suspicious data at a malware launch point.

     

    + This report excludes default entries except where indicated.

    + To see *everywhere* the script checks and *everything* it finds,

    launch it from a command prompt or a shortcut with the -all parameter.

    + The search for DESKTOP.INI DLL launch points on all local fixed drives

    took 157 seconds.

    ---------- (total run time: 268 seconds)

  2. Not sure when this started but about after 15 minutes of system uptime a second lsass is in task manager that uses up bandwidth enough so that I can use anything at all net based and also gives cpu full load. take a look. Thanks ahead of time!

    Posted Image

     

     

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)

    Scan saved at 2:19:24 PM, on 9/24/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    D:\AntiVir PersonalEdition Premium\avguard.exe

    D:\AntiVir PersonalEdition Premium\sched.exe

    D:\AntiVir PersonalEdition Premium\avesvc.exe

    D:\Executive Software\Diskeeper\DkService.exe

    C:\WINDOWS\system32\lxcrcoms.exe

    D:\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    D:\Nero\Nero8\Nero BackItUp\NBService.exe

    D:\Analog Devices\SoundMAX\SMAgent.exe

    D:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    C:\WINDOWS\System32\svchost.exe

    D:\AntiVir PersonalEdition Premium\avmailc.exe

    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\Config\lsass.exe

    D:\Analog Devices\SoundMAX\SMTray.exe

    D:\Lexmark 2400 Series\lxcrmon.exe

    D:\Lexmark 2400 Series\ezprint.exe

    D:\Java\jre1.6.0_02\bin\jusched.exe

    D:\AntiVir PersonalEdition Premium\avgnt.exe

    D:\PowerISO\PWRISOVM.EXE

    D:\UltraMon\UltraMon.exe

    C:\WINDOWS\system32\ctfmon.exe

    D:\AIM6\aim6.exe

    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

    D:\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

    D:\QuickTime\QTSystem\DotColor\DotColor.exe

    D:\UltraMon\UltraMonTaskbar.exe

    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

    D:\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

    D:\AIM6\aolsoftware.exe

    D:\FileZilla\FileZilla.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\WINDOWS\system32\taskmgr.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Documents and Settings\Adam.STATIC_02\Desktop\HiJackThis_v2.exe

     

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\lsass.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\jre1.6.0_02\bin\ssv.dll

    O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)

    O4 - HKLM\..\Run: [smapp] D:\Analog Devices\SoundMAX\SMTray.exe

    O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Executive Software\Diskeeper\DkIcon.exe"

    O4 - HKLM\..\Run: [lxcrmon.exe] "D:\Lexmark 2400 Series\lxcrmon.exe"

    O4 - HKLM\..\Run: [EzPrint] "D:\Lexmark 2400 Series\ezprint.exe"

    O4 - HKLM\..\Run: [FaxCenterServer] "D:\Lexmark Fax Solutions\fm3032.exe" /s

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Java\jre1.6.0_02\bin\jusched.exe"

    O4 - HKLM\..\Run: [avgnt] "D:\AntiVir PersonalEdition Premium\avgnt.exe" /min

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\PowerISO\PWRISOVM.EXE

    O4 - HKLM\..\Run: [startCCC] D:\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [NBKeyScan] "D:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

    O4 - HKLM\..\Run: [ultraMon] "D:\UltraMon\UltraMon.exe" /auto

    O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [Aim6] "D:\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

    O4 - Startup: DotColor.lnk = D:\QuickTime\QTSystem\DotColor\DotColor.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O15 - Trusted Zone: http://www.select2perform.com

    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

    O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164255139918

    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

    O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - D:\AntiVir PersonalEdition Premium\avmailc.exe

    O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - D:\AntiVir PersonalEdition Premium\sched.exe

    O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - D:\AntiVir PersonalEdition Premium\avguard.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - D:\AntiVir PersonalEdition Premium\avesvc.exe

    O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Executive Software\Diskeeper\DkService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Computer, Inc. - D:\iPod\bin\iPodService.exe

    O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe

    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

    O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - D:\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe

    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Nero\Nero8\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

     

    --

    End of file - 8467 bytes

  3. well I can play wow on max settings with the 5500. Im looking for a long term upgrade. I can always buy ram later. So everyone agrees with the psu. Which of the two sapphires should I get? That nvidia card is too low for my tastes. Ill keep an eye on that ram for later though.

     

    Main focus is vid card. if that vid card needs a better psu than what Ive got I need one of those also. ram is last priority. thanks for all the help so far.

  4. http://www.newegg.com/Product/ProductList....amp;Order=PRICE

    DO you mean the second sapphire card down the list (N82E16814102071 if you wanna ctrl-f) thats 160 after rebate? I sure could afford that. Would that be a really significant upgrade over what I have now. After this card and another gig of ram I hope to not have to upgrade for another 3 yrs or so. In which case Ill prob build a new machine.

  5. well I know I need to tend to the flags but I was just wondering hardware wise. Im looking to spend around 200 but cheaper is better. I know I can get 2G ram for about 100 but if I want a decent vid card I want to spend more than 100 so chances are Ill need a vid card for around 200 or less and Ill just hold off on the ram for now. any suggestions? I will look around too just let me know if you see anything great. I prefer nvidia but am willing to compromise :P

  6. I have shared drives on my windows xp based machine that I would like to access. They show up in the network screen but when I try to access them it asks for a username domain and password. These drives are part of a workgroup not a domain. The user name I would guess would be my username for the windows machine. I do not have a password setup for it. How do I connect?

  7. I see that on this forum you have the group and the date joined on the left hand side for the users. I have a phpbb forum that I manage and would like this displayed also. I know this is invision but is there a way to do it in phpbb?

×
×
  • Create New...