justime8
2008-12-17, 18:31
Is there a tutorial for runanlyz? what do these sbsd log entries mean? (are they good or bad?) and can they be changed, and do they need to be changed for faster start up?) I could actually go and look at each file maybe...
where do I locate... File extension handler (user), so I might see that they all have a 0 bytes value.
I was not able to post the hole log but I think that is ok in this case.:)
RunAlyzer 0.7.3. Copyright © 2000-2007 Safer Networking Limited. All rights reserved.
SBSD compatible log file. All rights reserved.
This log includes only active entries.
This log includes only unknown and bad entries.
--- Startup entries list ---
Located: File extension handler (user),
where: S-1-5-21-1844237615-515967899-725345543-1003...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: File extension handler (user),
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: File extension handler (user),
where: S-1-5-18...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: File extension handler (user),
where: S-1-5-20...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: File extension handler (user),
where: S-1-5-19...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: File extension handler (common),
command: "%1" %*
file: "%1" %*
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Print Monitor, PJL Language Monitor
command: pjlmon.dll
file: pjlmon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Print Monitor, Standard TCP/IP Port
command: tcpmon.dll
file: tcpmon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Print Monitor, BJ Language Monitor
command: cnbjmon.dll
file: cnbjmon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Print Monitor, USB Monitor
command: usbmon.dll
file: usbmon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, oleaut32
command: oleaut32.dll
file: oleaut32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, ole32
command: ole32.dll
file: ole32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, olecnv32
command: olecnv32.dll
file: olecnv32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, olecli32
command: olecli32.dll
file: olecli32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, kernel32
command: kernel32.dll
file: kernel32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, imagehlp
command: imagehlp.dll
file: imagehlp.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, lz32
command: lz32.dll
file: lz32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, wldap32
command: wldap32.dll
file: wldap32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, olesvr32
command: olesvr32.dll
file: olesvr32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, user32
command: user32.dll
file: user32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, shell32
command: shell32.dll
file: shell32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, urlmon
command: urlmon.dll
file: urlmon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, url
command: url.dll
file: url.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, wininet
command: wininet.dll
file: wininet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, olethk32
command: olethk32.dll
file: olethk32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, rpcrt4
command: rpcrt4.dll
file: rpcrt4.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, version
command: version.dll
file: version.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, comdlg32
command: comdlg32.dll
file: comdlg32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, DllDirectory
command: %SystemRoot%\system32
file: %SystemRoot%\system32
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, gdi32
command: gdi32.dll
file: gdi32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, advapi32
command: advapi32.dll
file: advapi32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Safe Boot Shell, AlternateShell
command: cmd.exe
file: cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: Screen Saver Policy, SCRNSAVE.EXE
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver Policy, SCRNSAVE.EXE
where: S-1-5-20...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver Policy, SCRNSAVE.EXE
where: S-1-5-18...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver Policy, SCRNSAVE.EXE
where: S-1-5-19...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver Policy, SCRNSAVE.EXE
where: S-1-5-21-1844237615-515967899-725345543-1003...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver, SCRNSAVE.EXE
where: S-1-5-21-1844237615-515967899-725345543-1003...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver, SCRNSAVE.EXE
where: S-1-5-18...
command: logon.scr
file: logon.scr
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver, SCRNSAVE.EXE
where: S-1-5-20...
command: %SystemRoot%\System32\logon.scr
file: %SystemRoot%\System32\logon.scr
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver, SCRNSAVE.EXE
where: S-1-5-19...
command: %SystemRoot%\System32\logon.scr
file: %SystemRoot%\System32\logon.scr
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver, SCRNSAVE.EXE
where: .DEFAULT...
command: logon.scr
file: logon.scr
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: User Shell Policy, Shell
where: S-1-5-18...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: User Shell Policy, Shell
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: User Shell Policy, Shell
where: S-1-5-19...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: User Shell Policy, Shell
where: S-1-5-21-1844237615-515967899-725345543-1003...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: User Shell Policy, Shell
where: S-1-5-20...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Run, run
where: S-1-5-18...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Run, run
where: S-1-5-21-1844237615-515967899-725345543-1003...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Run, run
where: S-1-5-20...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Run, run
where: S-1-5-19...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Run, run
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Load, load
where: S-1-5-19...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Load, load
where: S-1-5-20...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Load, load
where: S-1-5-18...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Load, load
where: S-1-5-21-1844237615-515967899-725345543-1003...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Load, load
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: CP AutoRun (user), AutoRun
where: S-1-5-18...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: CP AutoRun (user), AutoRun
where: S-1-5-21-1844237615-515967899-725345543-1003...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: CP AutoRun (user), AutoRun
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: CP AutoRun (user), AutoRun
where: S-1-5-20...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: CP AutoRun (user), AutoRun
where: S-1-5-19...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: CP AutoRun (common), AutoRun
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Boot Execute, BootExecute
command: autocheck autochk *
file: autocheck autochk *
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: GINA, GinaDLL
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT System, System
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Task Manager, TaskMan
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: User Init, UserInit
command: C:\WINDOWS\system32\userinit.exe,
file: C:\WINDOWS\system32\userinit.exe,
size: 26112
MD5: A93AEE1928A9D7CE3E16D24EC7380F89
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, !SASWinLogon
command: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
file: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
size: 352256
MD5: D8EDAEEAF63BBF45ED9B7A3666641C2A
Located: HK_CU:Run, SUPERAntiSpyware
where: S-1-5-21-1844237615-515967899-725345543-1003...
command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 1805552
MD5: 4856261E332E9AA23957E20EE5C75AD0
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1844237615-515967899-725345543-1003...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 34672
MD5: 69B16C7B7746BA5C642FC05B3561FC73
Located: HK_LM:Run, COMODO Firewall Pro
command: "C:\Program Files\Comodo\Firewall\CPF.exe" /background
file: C:\Program Files\Comodo\Firewall\CPF.exe
size: 1115728
MD5: 1F5882037BAD07E9926F47A3A32F0931
Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1261336
MD5: B5C69900C0F9541CEF80EDC60A88E691
Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\NvMcTray.dll
size: 86016
MD5: C01F5EFFCF7D51921722D96AE4140727
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\NvCpl.dll
size: 13574144
MD5: 89C7169D6161D98585880E3079D721F3
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1657376
MD5: 7ADC35508F0C8D21197DD9988BDD42A4
--- Startup entries list ---
Located: CP AutoRun (common), AutoRun
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- System Services ---
Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ASP.NET_2.0.50727
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): avg8wd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Free8 WatchDog
Object name: LocalSystem
Image path: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
Image size: 231704
Image MD5: 9B40D378D4E521464212E878BE8216A4
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): AvgLdx86
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Free AVI Loader Driver x86
Image path: \SystemRoot\System32\Drivers\avgldx86.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): AvgMfx86
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Free On-access Scanner Minifilter Driver x86
Image path: \SystemRoot\System32\Drivers\avgmfx86.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): CmdAgent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Comodo Application Agent
Description: COMODO Firewall Pro Application Agent
Object name: LocalSystem
Image path: C:\Program Files\Comodo\Firewall\cmdagent.exe
Image size: 361040
Image MD5: 2EDB74E72FEEB39C8906E4C8C54D91A5
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Service (registry key): CmdMon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Comodo Application Engine
Description: COMODO Firewall Pro Application Engine
Image path: System32\DRIVERS\cmdmon.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip,
Service (registry key): Cpqarray
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): E100B
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PRO Network Connection Driver
Image path: system32\DRIVERS\e100b325.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Fastfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Service (registry key): Inspect
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Comodo Network Engine
Description: COMODO Firewall Pro Network Engine
Image path: System32\DRIVERS\inspect.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Depends On services: NDIS,
Depends On group: "NDIS Wrapper",
Service (registry key): NVSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NVIDIA Display Driver Service
Description: Provides system and desktop level support to the NVIDIA display driver
Object name: LocalSystem
Image path: %SystemRoot%\system32\nvsvc32.exe
Image size: 163908
Image MD5: F96DF45CFBDC670584293E03C2AB602A
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): PageDefrag
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PORTMON
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PORTMON
Image path: \??\C:\Documents and Settings\j&8pHtwaqs-\Desktop\PORTMSYS.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): PROCMON20
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): SASDIFSV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SASDIFSV
Image path: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): SASENUM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SASENUM
Image path: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SASKUTIL
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SASKUTIL
Image path: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): SwPrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{AB16764B-D3E8-440E-B41C-48D39FCF5107}
Image size: 5120
Image MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: rpcss
Service (registry key): {65D66407-E4BA-46EC-A326-E1B631B27DA6}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
--- Winsock Layered Service Provider list ---
--- Scheduled Tasks list ---
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 6/11/2008 10:33:16 PM
Date (last access): 12/16/2008 7:59:22 AM
Date (last write): 6/11/2008 10:33:16 PM
Filesize: 75128
Attributes: archive
MD5: E96C752BBA0E22330A43258FC800200E
CRC32: E5D72083
Version: 9.0.0.332
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files\AVG\AVG8\
Long name: avgssie.dll
Short name:
Date (created): 12/7/2008 9:13:30 PM
Date (last access): 12/16/2008 7:55:14 AM
Date (last write): 12/7/2008 9:13:30 PM
Filesize: 455960
Attributes: archive
MD5: 19A9C541D4EE8E3471B26986D785AB4D
CRC32: 93FD7D83
Version: 8.0.0.152
{A057A204-BACC-4D26-9990-79A187E2698E} (AVG Security Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AVG Security Toolbar
Path: C:\PROGRA~1\AVG\AVG8\
Long name: avgtoolbar.dll
Short name: AVGTOO~1.DLL
Date (created): 12/7/2008 9:13:38 PM
Date (last access): 12/16/2008 7:55:14 AM
Date (last write): 12/7/2008 9:13:38 PM
Filesize: 2055960
Attributes: archive
MD5: 8741B6028EFBDA19150E4BDFDCF5E12F
CRC32: 18BAD567
Version: 5.0.2.400
{4D5C8C25-D075-11d0-B416-00C04FB90376} (&Tip of the Day)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
BHO name:
CLSID name: &Tip of the Day
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: 65280C89C68C6834C08B99250CF79576
Filesize: 1499136
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} (NetMeeting 3.01)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: NetMeeting 3.01
CLSID name:
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\
Long name: msnetmtg.inf,NetMtg.Install.PerUser.NT
MD5: 774348DE1DEA6262E06BFE1906D13D4D
Filesize: 99840
{5945c046-1e7d-11d1-bc44-00c04fd912be} (Windows Messenger 4.7)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: Windows Messenger 4.7
CLSID name:
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\
Long name: msmsgs.inf,BLC.QuietInstall.PerUser
MD5: 774348DE1DEA6262E06BFE1906D13D4D
Filesize: 99840
{5A8D6EE0-3E18-11D0-821E-444553540000} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{6BF52A52-394A-11d3-B153-00C04F79FAA6} (Microsoft Windows Media Player)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: Microsoft Windows Media Player
CLSID name: Windows Media Player
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\
Long name: wmp.inf,PerUserStub
MD5: 774348DE1DEA6262E06BFE1906D13D4D
Filesize: 99840
{B508B3F1-A24A-32C0-B310-85786919EF28} (.NET Framework)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: .NET Framework
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{D27CDB6E-AE6D-11cf-96B8-444553540000} (Adobe Flash Player)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: Adobe Flash Player
CLSID name: Shockwave Flash Object
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash10a.ocx
Short name:
Date (created): 10/4/2008 6:16:26 PM
Date (last access): 12/16/2008 7:57:32 AM
Date (last write): 10/4/2008 6:16:26 PM
Filesize: 3789728
Attributes: readonly archive
MD5: 466C1355934925768822E380DA6E6E4A
CRC32: 48EC1E52
Version: 10.0.12.36
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} (Microsoft NetShow Player)
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Microsoft NetShow Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:57:24 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 233472
Attributes: archive
MD5: F9B71392630B35EE19D72C986F2F0EEC
CRC32: 93263D8C
Version: 9.0.0.4503
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} (Windows Media Player)
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:57:24 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 233472
Attributes: archive
MD5: F9B71392630B35EE19D72C986F2F0EEC
CRC32: 93263D8C
Version: 9.0.0.4503
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} ()
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{6BF52A52-394A-11d3-B153-00C04F79FAA6} (Windows Media Player)
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmp.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 8:04:30 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 4874240
Attributes: archive
MD5: 723CCB70BB35576B5E64EBE7BB479802
CRC32: 642412F2
Version: 9.0.0.4503
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} (Microsoft NetShow Player)
location: HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Microsoft NetShow Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:57:24 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 233472
Attributes: archive
MD5: F9B71392630B35EE19D72C986F2F0EEC
CRC32: 93263D8C
Version: 9.0.0.4503
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} (Windows Media Player)
location: HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:57:24 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 233472
Attributes: archive
MD5: F9B71392630B35EE19D72C986F2F0EEC
CRC32: 93263D8C
Version: 9.0.0.4503
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} ()
location: HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{6BF52A52-394A-11d3-B153-00C04F79FAA6} (Windows Media Player)
location: HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmp.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 8:04:30 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 4874240
Attributes: archive
MD5: 723CCB70BB35576B5E64EBE7BB479802
CRC32: 642412F2
Version: 9.0.0.4503
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} (Microsoft NetShow Player)
location: HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Microsoft NetShow Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:57:24 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 233472
Attributes: archive
MD5: F9B71392630B35EE19D72C986F2F0EEC
CRC32: 93263D8C
Version: 9.0.0.4503
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} (Windows Media Player)
location: HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:57:24 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 233472
Attributes: archive
MD5: F9B71392630B35EE19D72C986F2F0EEC
CRC32: 93263D8C
Version: 9.0.0.4503
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} ()
location: HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{6BF52A52-394A-11d3-B153-00C04F79FAA6} (Windows Media Player)
location: HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmp.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 8:04:30 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 4874240
Attributes: archive
MD5: 723CCB70BB35576B5E64EBE7BB479802
CRC32: 642412F2
Version: 9.0.0.4503
>{26923b43-4d38-484f-9b9e-de460746276c} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
InitiallyClear ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} (Microsoft NetShow Player)
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Microsoft NetShow Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:57:24 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 233472
Attributes: archive
MD5: F9B71392630B35EE19D72C986F2F0EEC
CRC32: 93263D8C
Version: 9.0.0.4503
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} (Windows Media Player)
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:57:24 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 233472
Attributes: archive
MD5: F9B71392630B35EE19D72C986F2F0EEC
CRC32: 93263D8C
Version: 9.0.0.4503
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{4b218e3e-bc98-4770-93d3-2731b9329278} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{5945c046-1e7d-11d1-bc44-00c04fd912be} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{6BF52A52-394A-11d3-B153-00C04F79FAA6} (Windows Media Player)
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmp.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 8:04:30 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 4874240
Attributes: archive
MD5: 723CCB70BB35576B5E64EBE7BB479802
CRC32: 642412F2
Version: 9.0.0.4503
{7790769C-0471-11d2-AF11-00C04FA35D02} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{89820200-ECBD-11cf-8B85-00AA005B4340} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{89820200-ECBD-11cf-8B85-00AA005B4383} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{89B4C1CD-B018-4511-B0A1-5476DBF70820} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} (Microsoft NetShow Player)
location: HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Microsoft NetShow Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:57:24 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 233472
Attributes: archive
MD5: F9B71392630B35EE19D72C986F2F0EEC
CRC32: 93263D8C
Version: 9.0.0.4503
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} (Windows Media Player)
location: HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:57:24 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 233472
Attributes: archive
MD5: F9B71392630B35EE19D72C986F2F0EEC
CRC32: 93263D8C
Version: 9.0.0.4503
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} ()
location: HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{6BF52A52-394A-11d3-B153-00C04F79FAA6} (Windows Media Player)
location: HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmp.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 8:04:30 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 4874240
Attributes: archive
MD5: 723CCB70BB35576B5E64EBE7BB479802
CRC32: 642412F2
Version: 9.0.0.4503
{e2e2dd38-d088-4134-82b7-f2ba38496583} (Diagnose Connection Problems...)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
BHO name: @xpsp3res.dll,-20001
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
CmdMapping ()
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
CmdMapping ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
CmdMapping ()
location: HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} (SABShellExecuteHook Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
BHO name:
CLSID name: SABShellExecuteHook Class
Path: C:\Program Files\SUPERAntiSpyware\
Long name: SASSEH.DLL
Short name:
Date (created): 5/13/2008 9:13:36 AM
Date (last access): 12/16/2008 7:53:24 AM
Date (last write): 5/13/2008 9:13:36 AM
Filesize: 77824
Attributes: archive
MD5: ECD5517A6633826057D4F050927DDF56
CRC32: 1E3B2638
Version: 1.0.0.1012
{60254CA5-953B-11CF-8C96-00AA00B8708C} (Shell extensions for Windows Script Host)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Shell extensions for Windows Script Host
CLSID name: Shell Extension For Windows Script Host
Path: C:\WINDOWS\system32\
Long name: wshext.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:07:00 AM
Date (last write): 5/9/2008 1:53:40 AM
Filesize: 90112
Attributes: archive
MD5: 3A6D465F379E5C815F4AD565391E654C
CRC32: 8A0C0058
Version: 5.7.0.18066
{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} (Set Program Access and Defaults)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Set Program Access and Defaults
CLSID name: Set Program Access and Defaults
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: 65280C89C68C6834C08B99250CF79576
Filesize: 1499136
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} (Auto Update Property Sheet Extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Auto Update Property Sheet Extension
CLSID name: Auto Update Property Sheet Extension
Path: C:\WINDOWS\system32\
Long name: wuaucpl.cpl
Short name:
Date (created): 11/8/2008 2:28:52 PM
Date (last access): 12/16/2008 7:55:18 AM
Date (last write): 10/16/2008 2:12:20 PM
Filesize: 213528
Attributes: archive
MD5: 55E6C9BC8AA0481FC2FCFCFE199EA0CD
CRC32: EF11B0AA
Version: 7.2.6001.788
{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} (Search)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Search
CLSID name: Search
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: 65280C89C68C6834C08B99250CF79576
Filesize: 1499136
{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} (Help and Support)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Help and Support
CLSID name: Help and Support
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: 65280C89C68C6834C08B99250CF79576
Filesize: 1499136
{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} (Help and Support)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Help and Support
CLSID name: Windows Security
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: 65280C89C68C6834C08B99250CF79576
Filesize: 1499136
{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} (Run...)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Run...
CLSID name: Run...
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: 65280C89C68C6834C08B99250CF79576
Filesize: 1499136
{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} (Internet)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Internet
CLSID name: Internet
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: 65280C89C68C6834C08B99250CF79576
Filesize: 1499136
{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} (E-mail)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: E-mail
CLSID name: E-mail
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: 65280C89C68C6834C08B99250CF79576
Filesize: 1499136
{D20EA4E1-3957-11d2-A40B-0C5020524152} (Fonts)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Fonts
CLSID name: Fonts
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: 65280C89C68C6834C08B99250CF79576
Filesize: 1499136
{D20EA4E1-3957-11d2-A40B-0C5020524153} (Administrative Tools)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Administrative Tools
CLSID name: Administrative Tools
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: 65280C89C68C6834C08B99250CF79576
Filesize: 1499136
{30D02401-6A81-11d0-8274-00C04FD5AE38} (IE Search Band)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: IE Search Band
CLSID name: IE Search Band
Path: %SystemRoot%\system32\
Long name: browseui.dll
MD5: E392E172687BE172F8600C5F41AB03D9
Filesize: 1025024
{3028902F-6374-48b2-8DC6-9725E775B926} (IE Microsoft AutoComplete)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: IE Microsoft AutoComplete
CLSID name: IE Microsoft AutoComplete
Path: %SystemRoot%\system32\
Long name: browseui.dll
MD5: E392E172687BE172F8600C5F41AB03D9
Filesize: 1025024
C
--- ActiveX list ---
where do I locate... File extension handler (user), so I might see that they all have a 0 bytes value.
I was not able to post the hole log but I think that is ok in this case.:)
RunAlyzer 0.7.3. Copyright © 2000-2007 Safer Networking Limited. All rights reserved.
SBSD compatible log file. All rights reserved.
This log includes only active entries.
This log includes only unknown and bad entries.
--- Startup entries list ---
Located: File extension handler (user),
where: S-1-5-21-1844237615-515967899-725345543-1003...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: File extension handler (user),
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: File extension handler (user),
where: S-1-5-18...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: File extension handler (user),
where: S-1-5-20...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: File extension handler (user),
where: S-1-5-19...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: File extension handler (common),
command: "%1" %*
file: "%1" %*
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Print Monitor, PJL Language Monitor
command: pjlmon.dll
file: pjlmon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Print Monitor, Standard TCP/IP Port
command: tcpmon.dll
file: tcpmon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Print Monitor, BJ Language Monitor
command: cnbjmon.dll
file: cnbjmon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Print Monitor, USB Monitor
command: usbmon.dll
file: usbmon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, oleaut32
command: oleaut32.dll
file: oleaut32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, ole32
command: ole32.dll
file: ole32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, olecnv32
command: olecnv32.dll
file: olecnv32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, olecli32
command: olecli32.dll
file: olecli32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, kernel32
command: kernel32.dll
file: kernel32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, imagehlp
command: imagehlp.dll
file: imagehlp.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, lz32
command: lz32.dll
file: lz32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, wldap32
command: wldap32.dll
file: wldap32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, olesvr32
command: olesvr32.dll
file: olesvr32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, user32
command: user32.dll
file: user32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, shell32
command: shell32.dll
file: shell32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, urlmon
command: urlmon.dll
file: urlmon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, url
command: url.dll
file: url.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, wininet
command: wininet.dll
file: wininet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, olethk32
command: olethk32.dll
file: olethk32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, rpcrt4
command: rpcrt4.dll
file: rpcrt4.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, version
command: version.dll
file: version.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, comdlg32
command: comdlg32.dll
file: comdlg32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, DllDirectory
command: %SystemRoot%\system32
file: %SystemRoot%\system32
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, gdi32
command: gdi32.dll
file: gdi32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, advapi32
command: advapi32.dll
file: advapi32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Safe Boot Shell, AlternateShell
command: cmd.exe
file: cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: Screen Saver Policy, SCRNSAVE.EXE
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver Policy, SCRNSAVE.EXE
where: S-1-5-20...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver Policy, SCRNSAVE.EXE
where: S-1-5-18...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver Policy, SCRNSAVE.EXE
where: S-1-5-19...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver Policy, SCRNSAVE.EXE
where: S-1-5-21-1844237615-515967899-725345543-1003...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver, SCRNSAVE.EXE
where: S-1-5-21-1844237615-515967899-725345543-1003...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver, SCRNSAVE.EXE
where: S-1-5-18...
command: logon.scr
file: logon.scr
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver, SCRNSAVE.EXE
where: S-1-5-20...
command: %SystemRoot%\System32\logon.scr
file: %SystemRoot%\System32\logon.scr
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver, SCRNSAVE.EXE
where: S-1-5-19...
command: %SystemRoot%\System32\logon.scr
file: %SystemRoot%\System32\logon.scr
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver, SCRNSAVE.EXE
where: .DEFAULT...
command: logon.scr
file: logon.scr
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: User Shell Policy, Shell
where: S-1-5-18...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: User Shell Policy, Shell
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: User Shell Policy, Shell
where: S-1-5-19...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: User Shell Policy, Shell
where: S-1-5-21-1844237615-515967899-725345543-1003...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: User Shell Policy, Shell
where: S-1-5-20...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Run, run
where: S-1-5-18...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Run, run
where: S-1-5-21-1844237615-515967899-725345543-1003...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Run, run
where: S-1-5-20...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Run, run
where: S-1-5-19...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Run, run
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Load, load
where: S-1-5-19...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Load, load
where: S-1-5-20...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Load, load
where: S-1-5-18...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Load, load
where: S-1-5-21-1844237615-515967899-725345543-1003...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Load, load
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: CP AutoRun (user), AutoRun
where: S-1-5-18...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: CP AutoRun (user), AutoRun
where: S-1-5-21-1844237615-515967899-725345543-1003...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: CP AutoRun (user), AutoRun
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: CP AutoRun (user), AutoRun
where: S-1-5-20...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: CP AutoRun (user), AutoRun
where: S-1-5-19...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: CP AutoRun (common), AutoRun
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Boot Execute, BootExecute
command: autocheck autochk *
file: autocheck autochk *
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: GINA, GinaDLL
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT System, System
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Task Manager, TaskMan
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: User Init, UserInit
command: C:\WINDOWS\system32\userinit.exe,
file: C:\WINDOWS\system32\userinit.exe,
size: 26112
MD5: A93AEE1928A9D7CE3E16D24EC7380F89
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, !SASWinLogon
command: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
file: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
size: 352256
MD5: D8EDAEEAF63BBF45ED9B7A3666641C2A
Located: HK_CU:Run, SUPERAntiSpyware
where: S-1-5-21-1844237615-515967899-725345543-1003...
command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 1805552
MD5: 4856261E332E9AA23957E20EE5C75AD0
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1844237615-515967899-725345543-1003...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 34672
MD5: 69B16C7B7746BA5C642FC05B3561FC73
Located: HK_LM:Run, COMODO Firewall Pro
command: "C:\Program Files\Comodo\Firewall\CPF.exe" /background
file: C:\Program Files\Comodo\Firewall\CPF.exe
size: 1115728
MD5: 1F5882037BAD07E9926F47A3A32F0931
Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1261336
MD5: B5C69900C0F9541CEF80EDC60A88E691
Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\NvMcTray.dll
size: 86016
MD5: C01F5EFFCF7D51921722D96AE4140727
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\NvCpl.dll
size: 13574144
MD5: 89C7169D6161D98585880E3079D721F3
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1657376
MD5: 7ADC35508F0C8D21197DD9988BDD42A4
--- Startup entries list ---
Located: CP AutoRun (common), AutoRun
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- System Services ---
Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ASP.NET_2.0.50727
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): avg8wd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Free8 WatchDog
Object name: LocalSystem
Image path: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
Image size: 231704
Image MD5: 9B40D378D4E521464212E878BE8216A4
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): AvgLdx86
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Free AVI Loader Driver x86
Image path: \SystemRoot\System32\Drivers\avgldx86.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): AvgMfx86
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Free On-access Scanner Minifilter Driver x86
Image path: \SystemRoot\System32\Drivers\avgmfx86.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): CmdAgent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Comodo Application Agent
Description: COMODO Firewall Pro Application Agent
Object name: LocalSystem
Image path: C:\Program Files\Comodo\Firewall\cmdagent.exe
Image size: 361040
Image MD5: 2EDB74E72FEEB39C8906E4C8C54D91A5
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Service (registry key): CmdMon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Comodo Application Engine
Description: COMODO Firewall Pro Application Engine
Image path: System32\DRIVERS\cmdmon.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip,
Service (registry key): Cpqarray
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): E100B
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PRO Network Connection Driver
Image path: system32\DRIVERS\e100b325.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Fastfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Service (registry key): Inspect
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Comodo Network Engine
Description: COMODO Firewall Pro Network Engine
Image path: System32\DRIVERS\inspect.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Depends On services: NDIS,
Depends On group: "NDIS Wrapper",
Service (registry key): NVSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NVIDIA Display Driver Service
Description: Provides system and desktop level support to the NVIDIA display driver
Object name: LocalSystem
Image path: %SystemRoot%\system32\nvsvc32.exe
Image size: 163908
Image MD5: F96DF45CFBDC670584293E03C2AB602A
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): PageDefrag
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PORTMON
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PORTMON
Image path: \??\C:\Documents and Settings\j&8pHtwaqs-\Desktop\PORTMSYS.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): PROCMON20
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): SASDIFSV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SASDIFSV
Image path: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): SASENUM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SASENUM
Image path: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SASKUTIL
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SASKUTIL
Image path: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): SwPrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{AB16764B-D3E8-440E-B41C-48D39FCF5107}
Image size: 5120
Image MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: rpcss
Service (registry key): {65D66407-E4BA-46EC-A326-E1B631B27DA6}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
--- Winsock Layered Service Provider list ---
--- Scheduled Tasks list ---
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 6/11/2008 10:33:16 PM
Date (last access): 12/16/2008 7:59:22 AM
Date (last write): 6/11/2008 10:33:16 PM
Filesize: 75128
Attributes: archive
MD5: E96C752BBA0E22330A43258FC800200E
CRC32: E5D72083
Version: 9.0.0.332
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files\AVG\AVG8\
Long name: avgssie.dll
Short name:
Date (created): 12/7/2008 9:13:30 PM
Date (last access): 12/16/2008 7:55:14 AM
Date (last write): 12/7/2008 9:13:30 PM
Filesize: 455960
Attributes: archive
MD5: 19A9C541D4EE8E3471B26986D785AB4D
CRC32: 93FD7D83
Version: 8.0.0.152
{A057A204-BACC-4D26-9990-79A187E2698E} (AVG Security Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AVG Security Toolbar
Path: C:\PROGRA~1\AVG\AVG8\
Long name: avgtoolbar.dll
Short name: AVGTOO~1.DLL
Date (created): 12/7/2008 9:13:38 PM
Date (last access): 12/16/2008 7:55:14 AM
Date (last write): 12/7/2008 9:13:38 PM
Filesize: 2055960
Attributes: archive
MD5: 8741B6028EFBDA19150E4BDFDCF5E12F
CRC32: 18BAD567
Version: 5.0.2.400
{4D5C8C25-D075-11d0-B416-00C04FB90376} (&Tip of the Day)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
BHO name:
CLSID name: &Tip of the Day
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: 65280C89C68C6834C08B99250CF79576
Filesize: 1499136
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} (NetMeeting 3.01)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: NetMeeting 3.01
CLSID name:
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\
Long name: msnetmtg.inf,NetMtg.Install.PerUser.NT
MD5: 774348DE1DEA6262E06BFE1906D13D4D
Filesize: 99840
{5945c046-1e7d-11d1-bc44-00c04fd912be} (Windows Messenger 4.7)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: Windows Messenger 4.7
CLSID name:
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\
Long name: msmsgs.inf,BLC.QuietInstall.PerUser
MD5: 774348DE1DEA6262E06BFE1906D13D4D
Filesize: 99840
{5A8D6EE0-3E18-11D0-821E-444553540000} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{6BF52A52-394A-11d3-B153-00C04F79FAA6} (Microsoft Windows Media Player)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: Microsoft Windows Media Player
CLSID name: Windows Media Player
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\
Long name: wmp.inf,PerUserStub
MD5: 774348DE1DEA6262E06BFE1906D13D4D
Filesize: 99840
{B508B3F1-A24A-32C0-B310-85786919EF28} (.NET Framework)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: .NET Framework
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{D27CDB6E-AE6D-11cf-96B8-444553540000} (Adobe Flash Player)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: Adobe Flash Player
CLSID name: Shockwave Flash Object
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash10a.ocx
Short name:
Date (created): 10/4/2008 6:16:26 PM
Date (last access): 12/16/2008 7:57:32 AM
Date (last write): 10/4/2008 6:16:26 PM
Filesize: 3789728
Attributes: readonly archive
MD5: 466C1355934925768822E380DA6E6E4A
CRC32: 48EC1E52
Version: 10.0.12.36
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} (Microsoft NetShow Player)
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Microsoft NetShow Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:57:24 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 233472
Attributes: archive
MD5: F9B71392630B35EE19D72C986F2F0EEC
CRC32: 93263D8C
Version: 9.0.0.4503
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} (Windows Media Player)
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:57:24 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 233472
Attributes: archive
MD5: F9B71392630B35EE19D72C986F2F0EEC
CRC32: 93263D8C
Version: 9.0.0.4503
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} ()
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{6BF52A52-394A-11d3-B153-00C04F79FAA6} (Windows Media Player)
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmp.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 8:04:30 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 4874240
Attributes: archive
MD5: 723CCB70BB35576B5E64EBE7BB479802
CRC32: 642412F2
Version: 9.0.0.4503
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} (Microsoft NetShow Player)
location: HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Microsoft NetShow Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:57:24 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 233472
Attributes: archive
MD5: F9B71392630B35EE19D72C986F2F0EEC
CRC32: 93263D8C
Version: 9.0.0.4503
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} (Windows Media Player)
location: HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:57:24 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 233472
Attributes: archive
MD5: F9B71392630B35EE19D72C986F2F0EEC
CRC32: 93263D8C
Version: 9.0.0.4503
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} ()
location: HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{6BF52A52-394A-11d3-B153-00C04F79FAA6} (Windows Media Player)
location: HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmp.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 8:04:30 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 4874240
Attributes: archive
MD5: 723CCB70BB35576B5E64EBE7BB479802
CRC32: 642412F2
Version: 9.0.0.4503
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} (Microsoft NetShow Player)
location: HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Microsoft NetShow Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:57:24 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 233472
Attributes: archive
MD5: F9B71392630B35EE19D72C986F2F0EEC
CRC32: 93263D8C
Version: 9.0.0.4503
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} (Windows Media Player)
location: HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:57:24 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 233472
Attributes: archive
MD5: F9B71392630B35EE19D72C986F2F0EEC
CRC32: 93263D8C
Version: 9.0.0.4503
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} ()
location: HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{6BF52A52-394A-11d3-B153-00C04F79FAA6} (Windows Media Player)
location: HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmp.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 8:04:30 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 4874240
Attributes: archive
MD5: 723CCB70BB35576B5E64EBE7BB479802
CRC32: 642412F2
Version: 9.0.0.4503
>{26923b43-4d38-484f-9b9e-de460746276c} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
InitiallyClear ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} (Microsoft NetShow Player)
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Microsoft NetShow Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:57:24 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 233472
Attributes: archive
MD5: F9B71392630B35EE19D72C986F2F0EEC
CRC32: 93263D8C
Version: 9.0.0.4503
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} (Windows Media Player)
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:57:24 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 233472
Attributes: archive
MD5: F9B71392630B35EE19D72C986F2F0EEC
CRC32: 93263D8C
Version: 9.0.0.4503
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{4b218e3e-bc98-4770-93d3-2731b9329278} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{5945c046-1e7d-11d1-bc44-00c04fd912be} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{6BF52A52-394A-11d3-B153-00C04F79FAA6} (Windows Media Player)
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmp.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 8:04:30 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 4874240
Attributes: archive
MD5: 723CCB70BB35576B5E64EBE7BB479802
CRC32: 642412F2
Version: 9.0.0.4503
{7790769C-0471-11d2-AF11-00C04FA35D02} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{89820200-ECBD-11cf-8B85-00AA005B4340} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{89820200-ECBD-11cf-8B85-00AA005B4383} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{89B4C1CD-B018-4511-B0A1-5476DBF70820} ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} (Microsoft NetShow Player)
location: HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Microsoft NetShow Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:57:24 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 233472
Attributes: archive
MD5: F9B71392630B35EE19D72C986F2F0EEC
CRC32: 93263D8C
Version: 9.0.0.4503
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} (Windows Media Player)
location: HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:57:24 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 233472
Attributes: archive
MD5: F9B71392630B35EE19D72C986F2F0EEC
CRC32: 93263D8C
Version: 9.0.0.4503
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} ()
location: HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{6BF52A52-394A-11d3-B153-00C04F79FAA6} (Windows Media Player)
location: HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmp.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 8:04:30 AM
Date (last write): 4/14/2008 5:42:10 AM
Filesize: 4874240
Attributes: archive
MD5: 723CCB70BB35576B5E64EBE7BB479802
CRC32: 642412F2
Version: 9.0.0.4503
{e2e2dd38-d088-4134-82b7-f2ba38496583} (Diagnose Connection Problems...)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
BHO name: @xpsp3res.dll,-20001
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
CmdMapping ()
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
CmdMapping ()
location: HKEY_USERS\S-1-5-21-1844237615-515967899-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
CmdMapping ()
location: HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} (SABShellExecuteHook Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
BHO name:
CLSID name: SABShellExecuteHook Class
Path: C:\Program Files\SUPERAntiSpyware\
Long name: SASSEH.DLL
Short name:
Date (created): 5/13/2008 9:13:36 AM
Date (last access): 12/16/2008 7:53:24 AM
Date (last write): 5/13/2008 9:13:36 AM
Filesize: 77824
Attributes: archive
MD5: ECD5517A6633826057D4F050927DDF56
CRC32: 1E3B2638
Version: 1.0.0.1012
{60254CA5-953B-11CF-8C96-00AA00B8708C} (Shell extensions for Windows Script Host)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Shell extensions for Windows Script Host
CLSID name: Shell Extension For Windows Script Host
Path: C:\WINDOWS\system32\
Long name: wshext.dll
Short name:
Date (created): 2/28/2006 3:00:00 AM
Date (last access): 12/16/2008 7:07:00 AM
Date (last write): 5/9/2008 1:53:40 AM
Filesize: 90112
Attributes: archive
MD5: 3A6D465F379E5C815F4AD565391E654C
CRC32: 8A0C0058
Version: 5.7.0.18066
{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} (Set Program Access and Defaults)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Set Program Access and Defaults
CLSID name: Set Program Access and Defaults
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: 65280C89C68C6834C08B99250CF79576
Filesize: 1499136
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} (Auto Update Property Sheet Extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Auto Update Property Sheet Extension
CLSID name: Auto Update Property Sheet Extension
Path: C:\WINDOWS\system32\
Long name: wuaucpl.cpl
Short name:
Date (created): 11/8/2008 2:28:52 PM
Date (last access): 12/16/2008 7:55:18 AM
Date (last write): 10/16/2008 2:12:20 PM
Filesize: 213528
Attributes: archive
MD5: 55E6C9BC8AA0481FC2FCFCFE199EA0CD
CRC32: EF11B0AA
Version: 7.2.6001.788
{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} (Search)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Search
CLSID name: Search
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: 65280C89C68C6834C08B99250CF79576
Filesize: 1499136
{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} (Help and Support)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Help and Support
CLSID name: Help and Support
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: 65280C89C68C6834C08B99250CF79576
Filesize: 1499136
{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} (Help and Support)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Help and Support
CLSID name: Windows Security
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: 65280C89C68C6834C08B99250CF79576
Filesize: 1499136
{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} (Run...)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Run...
CLSID name: Run...
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: 65280C89C68C6834C08B99250CF79576
Filesize: 1499136
{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} (Internet)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Internet
CLSID name: Internet
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: 65280C89C68C6834C08B99250CF79576
Filesize: 1499136
{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} (E-mail)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: E-mail
CLSID name: E-mail
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: 65280C89C68C6834C08B99250CF79576
Filesize: 1499136
{D20EA4E1-3957-11d2-A40B-0C5020524152} (Fonts)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Fonts
CLSID name: Fonts
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: 65280C89C68C6834C08B99250CF79576
Filesize: 1499136
{D20EA4E1-3957-11d2-A40B-0C5020524153} (Administrative Tools)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Administrative Tools
CLSID name: Administrative Tools
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: 65280C89C68C6834C08B99250CF79576
Filesize: 1499136
{30D02401-6A81-11d0-8274-00C04FD5AE38} (IE Search Band)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: IE Search Band
CLSID name: IE Search Band
Path: %SystemRoot%\system32\
Long name: browseui.dll
MD5: E392E172687BE172F8600C5F41AB03D9
Filesize: 1025024
{3028902F-6374-48b2-8DC6-9725E775B926} (IE Microsoft AutoComplete)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: IE Microsoft AutoComplete
CLSID name: IE Microsoft AutoComplete
Path: %SystemRoot%\system32\
Long name: browseui.dll
MD5: E392E172687BE172F8600C5F41AB03D9
Filesize: 1025024
C
--- ActiveX list ---