IE 6, Outlook & Skype Freezing/Hanging

H

Hardy159

New member
Having problems with computer hanging while operating on or all of above programs. No exact pattern in what makes the it hang. No specific websites that trigger it to hang either. In the attached HJT log i noticed Entry which apparently is from my Antivirus Software (Vexira/CentralCommand) which appear 9 times with same entry Could this be the problem.:scratch:

O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll

Have been running: Vexira Virus Scan, Spybot, Ad-Aware, Trojan Hunter, Outpost scan, Ewido.

I hope that somebody :angel: can help me sort this problem.
 
Forgot to include other logs so here they are....

Addional problem occured after having run this programs now the entire computer is slowing down. And webpages with pictures which you can click on in *asp are not displayed as well.

Other logs are attached to this message. For spybot Log only first half due to size.

Hopes that somebody has an idea of what is wrong
 
Hardy159 said:
In the attached HJT log i noticed Entry which apparently is from my Antivirus Software (Vexira/CentralCommand) which appear 9 times with same entry Could this be the problem.:scratch:

O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
Click to expand...
No, that is not the problem. Those entries are legit and normal because it is a known, valid LSP entry (just not recognized by HijackThis, but WE know it is :) )

Let me paste in your reports for easier reading and I'll be back with some recommendations and steps to take after reviewing them.

Logfile of HijackThis v1.99.1
Scan saved at 04:42:51, on 21-03-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Programmer\Agnitum\Outpost Firewall\outpost.exe
C:\PROGRA~1\VEXIRA~1\Bin\vbcmserv.exe
C:\Programmer\Analog Devices\Core\smax4pnp.exe
C:\PROGRAMMER\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\VEXIRA~1\Bin\vbsystry.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\Programmer\TrojanHunter 4.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Google\Google Video Player\GoogleVideoPlayer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\DOCUME~1\BHT-AD~1\LOKALE~1\Temp\Rar$EX00.047\HijackThis.exe
C:\Programmer\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlido11custreg?clid=1030
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmer\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programmer\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAMMER\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [VBSysTray] "C:\PROGRA~1\VEXIRA~1\Bin\vbsystry.exe"
O4 - HKLM\..\Run: [AVLoginToDo] "C:\PROGRA~1\VEXIRA~1\Bin\avltd.exe"
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmer\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmer\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [PCShowBuzz] C:\Documents and Settings\BHT-Admin\Skrivebord\tv\Smetana_WEB_TV.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmer\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmer\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmer\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programmer\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\vexira~1\bin\vblsp.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142278422656
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programmer\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Vexira Antivirus Component Manager Service (VACompManService) - Central Command, Inc. - C:\PROGRA~1\VEXIRA~1\Bin\vbcmserv.exe

.
 
---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den: 18:21:33, 21-03-2006
+ Rapport-Checksum: 364F4BBA

+ Scanningsresultat:

C:\Documents and Settings\BHT-Admin\Cookies\bht-admin@com[1].txt -> TrackingCookie.Com : Renset med backup
C:\Documents and Settings\BHT-Admin\Cookies\bht-admin@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Renset med backup
C:\Documents and Settings\BHT-Admin\Cookies\bht-admin@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Renset med backup

::Rapport slut
..........................................................
smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [version 5.1.2600]

Running from
C:\Documents and Settings\BHT-Admin\Skrivebord\smitrem\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1012 'explorer.exe'
Killing PID 1012 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :)
.........................................................
 
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-03-18 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-03-10 Includes\Cookies.sbi (*)
2006-03-10 Includes\Dialer.sbi (*)
2006-03-10 Includes\Hijackers.sbi (*)
2006-03-10 Includes\Keyloggers.sbi (*)
2006-03-10 Includes\Malware.sbi (*)
2006-03-10 Includes\PUPS.sbi (*)
2006-03-10 Includes\Revision.sbi (*)
2006-03-10 Includes\Security.sbi (*)
2006-03-10 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-03-10 Includes\Trojans.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Opdatering til Windows XP (KB894391)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB896358)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB896422)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB896423)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB896424)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB896428)
/ Windows XP / SP3: Opdatering til Windows XP (KB898461)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB899587)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB899589)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB899591)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB900725)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB901017)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB901190)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB901214)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB902400)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB904706)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB905414)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB905749)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB905915)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB908519)
/ Windows XP / SP3: Opdatering til Windows XP (KB910437)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB911927)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB912919)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB913446)


--- Startup entries list ---
Located: HK_LM:Run, ATIPTA
command: C:\PROGRAMMER\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
file: C:\PROGRAMMER\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
size: 339968
MD5: acc7b414ef1abea6aa654b74cc9a90cf

Located: HK_LM:Run, AVLoginToDo
command: "C:\PROGRA~1\VEXIRA~1\Bin\avltd.exe"
file: C:\PROGRA~1\VEXIRA~1\Bin\avltd.exe
size: 50816
MD5: ed5e7858f7da62dd780a145b4a5403e9

Located: HK_LM:Run, DAEMON Tools
command: "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
file: C:\Programmer\DAEMON Tools\daemon.exe
size: 133016
MD5: d050311a72d10d4d2cffacf5728fc978

Located: HK_LM:Run, IMJPMIG8.1
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208952
MD5: 7bbe4cf421aecc7f0226edd75f12079f

Located: HK_LM:Run, InCD
command: C:\Programmer\Ahead\InCD\InCD.exe
file: C:\Programmer\Ahead\InCD\InCD.exe
size: 1450094
MD5: 2f7ca1b8ae0f6b34b2a9537f603b0d0a

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, Outpost Firewall
command: C:\Programmer\Agnitum\Outpost Firewall\outpost.exe /waitservice
file:

Located: HK_LM:Run, OutpostFeedBack
command: C:\Programmer\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
file:

Located: HK_LM:Run, PCShowBuzz
command: C:\Documents and Settings\BHT-Admin\Skrivebord\tv\Smetana_WEB_TV.exe
file: C:\Documents and Settings\BHT-Admin\Skrivebord\tv\Smetana_WEB_TV.exe
size: 5066752
MD5: d17dec3abb5903f5b0ce693846039dc7

Located: HK_LM:Run, PHIME2002A
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6

Located: HK_LM:Run, PHIME2002ASync
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6

Located: HK_LM:Run, QuickTime Task
command: "C:\Programmer\QuickTime\qttask.exe" -atboottime
file: C:\Programmer\QuickTime\qttask.exe
size: 155648
MD5: c74c7963eec07af49dce44d64819b2bf

Located: HK_LM:Run, SoundMAXPnP
command: C:\Programmer\Analog Devices\Core\smax4pnp.exe
file: C:\Programmer\Analog Devices\Core\smax4pnp.exe
size: 1404928
MD5: 10247c15d999cc116c87da36bd0ad64d

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
file: C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
size: 32881
MD5: ed85b344e6edc30c1bc57ec1a2a56bf3

Located: HK_LM:Run, THGuard
command: "C:\Programmer\TrojanHunter 4.0\THGuard.exe"
file: C:\Programmer\TrojanHunter 4.0\THGuard.exe
size: 1073664
MD5: bf9cd59a495e2b67160de668da10a63f

Located: HK_LM:Run, TkBellExe
command: "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
file: C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
size: 180269
MD5: b8e684df9a97497edd2f87444a6307fb

Located: HK_LM:Run, VBSysTray
command: "C:\PROGRA~1\VEXIRA~1\Bin\vbsystry.exe"
file: C:\PROGRA~1\VEXIRA~1\Bin\vbsystry.exe
size: 169624
MD5: af44c482861cdbd0f9fde21d41db01db

Located: HK_LM:Run, WinampAgent
command: C:\Programmer\Winamp\winampa.exe
file: C:\Programmer\Winamp\winampa.exe
size: 35328
MD5: ffaff01c4c38b538a183f104527240f7

Located: HK_CU:Run, CTFMON.EXE
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 8289923e26d00213080e3e3d7e219f4c

Located: HK_CU:Run, Skype
command: "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
file: C:\Programmer\Skype\Phone\Skype.exe
size: 19490344
MD5: 42b65adc825a87cb86b3f2ab5bf2b84f

Located: Startup (fælles), Adobe Gamma Loader.lnk
command: C:\Programmer\Fælles filer\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Programmer\Fælles filer\Adobe\Calibration\Adobe Gamma Loader.exe
size: 110592
MD5: 5cd0cd0ec4dc5df459b3ac016764f5aa

Located: Startup (fælles), Adobe Reader Hurtigstart.lnk
command: C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Startup (fælles), GetRight - Tray Icon.lnk
command: C:\Programmer\GetRight\getright.exe
file: C:\Programmer\GetRight\getright.exe
size: 2301952
MD5: 47ae8e7b1ee6479ffacf6962d2e738e3

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Programmer\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 12-01-2006 20:38:22
Date (last access): 21-03-2006 13:53:08
Date (last write): 12-01-2006 20:38:22
Filesize: 63128
Attributes: archive
MD5: F17B2B264072B921FC66A0BE16626BAB
CRC32: 5184CFEA
Version: 7.0.7.142

{31FF080D-12A3-439A-A2EF-4BA95A3148E8} (bho2gr Class)
BHO name:
CLSID name: bho2gr Class
description: GetRight
classification: Legitimate
known filename: msie2gr.dll
info link: http://www.getright.com/
info source: TonyKlein
Path: C:\Programmer\GetRight\
Long name: xx2gr.dll
Short name:
Date (created): 06-03-2006 02:15:38
Date (last access): 21-03-2006 14:20:40
Date (last write): 14-02-2005 12:08:50
Filesize: 233472
Attributes: archive
MD5: 06EE81C0ABBCFCD09ED3B3A9798871D3
CRC32: 752B81F8
Version: 5.2.0.3

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 18-03-2006 02:01:44
Date (last access): 21-03-2006 14:20:40
Date (last write): 31-05-2005 01:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{E5A1691B-D188-4419-AD02-90002030B8EE} (FlashFXP Helper for Internet Explorer)
BHO name:
CLSID name: FlashFXP Helper for Internet Explorer
Path: C:\Programmer\FlashFXP\
Long name: IEFlash.dll
Short name:
Date (created): 04-05-2005 12:46:46
Date (last access): 21-03-2006 14:20:40
Date (last write): 04-05-2005 12:46:46
Filesize: 191096
Attributes: archive
MD5: DEF399BD3D07FFF1E22CE791A965F0FA
CRC32: 77F168B8
Version: 3.0.0.1015



--- ActiveX list ---
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase: http://office.microsoft.com/officeupdate/content/opuc3.cab
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 17-11-2005 23:12:26
Date (last access): 21-03-2006 14:22:18
Date (last write): 17-11-2005 23:12:26
Filesize: 533504
Attributes: archive
MD5: 24F3058766D5FC3FD0F37F6D6EE6FE9B
CRC32: F1FAEDE3
Version: 12.0.3208.1014

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142278422656
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 26-05-2005 04:19:32
Date (last access): 21-03-2006 11:49:10
Date (last write): 26-05-2005 04:19:32
Filesize: 178408
Attributes: archive
MD5: EE37AA2C0700221CD8B02FADCD4C7FB5
CRC32: F5494B06
Version: 5.8.0.2469

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_03
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Programmer\Java\j2re1.4.2_03\bin\
Long name: NPJPI142_03.dll
Short name: NPJPI1~1.DLL
Date (created): 19-11-2003 17:48:18
Date (last access): 19-03-2006 17:41:14
Date (last write): 19-11-2003 17:48:12
Filesize: 65650
Attributes: archive
MD5: 2AD31341BE41AC9B086128AD86A2B53F
CRC32: 081CFB35
Version: 1.4.2.30

{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_03
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi142_03.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programmer\Java\j2re1.4.2_03\bin\
Long name: NPJPI142_03.dll
Short name: NPJPI1~1.DLL
Date (created): 19-11-2003 17:48:18
Date (last access): 21-03-2006 14:28:46
Date (last write): 19-11-2003 17:48:12
Filesize: 65650
Attributes: archive
MD5: 2AD31341BE41AC9B086128AD86A2B53F
CRC32: 081CFB35
Version: 1.4.2.30

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8a.ocx
Short name:
Date (created): 02-01-2006 11:13:28
Date (last access): 21-03-2006 14:05:04
Date (last write): 02-01-2006 11:13:28
Filesize: 1443464
Attributes: readonly archive
MD5: 3066BB99502AE33AE44F17954AF56B8F
CRC32: 658FAE72
Version: 8.0.24.0

{D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey)
DPF name:
CLSID name: e-Safekey
Installer: C:\WINDOWS\Downloaded Program Files\e-Safekey.inf
Codebase: https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: e-Safekey.dll
Short name: E-SAFE~1.DLL
Date (created): 02-11-2005 19:58:36
Date (last access): 21-03-2006 14:19:14
Date (last write): 02-11-2005 19:58:36
Filesize: 708608
Attributes: archive
MD5: 24C64A84E84BAC164CFB8CFF38D87410
CRC32: 4F92B147
Version: 4.0.2.6



--- Process list ---
PID: 0 ( 0) [System]
PID: 220 ( 4) \SystemRoot\System32\smss.exe
PID: 284 ( 220) \??\C:\WINDOWS\system32\csrss.exe
PID: 308 ( 220) \??\C:\WINDOWS\system32\winlogon.exe
PID: 356 ( 308) C:\WINDOWS\system32\services.exe
size: 108032
MD5: 55BBE54A196B1A9F99EC2E01F4AC1215
PID: 368 ( 308) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 9086126FB5FD15CEB387121506400244
PID: 524 ( 356) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 46FE2ED518FDFBFD289F014A3078575C
PID: 588 ( 356) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 46FE2ED518FDFBFD289F014A3078575C
PID: 656 ( 356) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 46FE2ED518FDFBFD289F014A3078575C
PID: 900 ( 872) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: DA77B9561CC9AC54584C86CAB36EBF25
PID: 1016 ( 900) C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
size: 12037688
MD5: 1EEA7DD2F1EA6EFEF380B99A90228D2F
PID: 1228 ( 900) C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System
 
Last edited:
Remainder of Spybot report
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 21-03-2006 14:28:49

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.dk/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: VEXIRA over [MSAFD Tcpip [TCP/IP]]
GUID: {DE7D8B93-B435-4A3E-8062-70665D279E50}
Filename: C:\PROGRA~1\VEXIRA~1\Bin\vblsp.dll

Protocol 1: VEXIRA over [MSAFD Tcpip [UDP/IP]]
GUID: {DE7D8B93-B435-4A3E-8062-70665D279E50}
Filename: C:\PROGRA~1\VEXIRA~1\Bin\vblsp.dll

Protocol 2: VEXIRA over [MSAFD Tcpip [RAW/IP]]
GUID: {DE7D8B93-B435-4A3E-8062-70665D279E50}
Filename: C:\PROGRA~1\VEXIRA~1\Bin\vblsp.dll

Protocol 3: VEXIRA over [RSVP UDP Service Provider]
GUID: {DE7D8B93-B435-4A3E-8062-70665D279E50}
Filename: C:\PROGRA~1\VEXIRA~1\Bin\vblsp.dll

Protocol 4: VEXIRA over [RSVP TCP Service Provider]
GUID: {DE7D8B93-B435-4A3E-8062-70665D279E50}
Filename: C:\PROGRA~1\VEXIRA~1\Bin\vblsp.dll

Protocol 5: VEXIRA over [MSAFD Tcpip [TCP/IPv6]]
GUID: {DE7D8B93-B435-4A3E-8062-70665D279E50}
Filename: C:\PROGRA~1\VEXIRA~1\Bin\vblsp.dll

Protocol 6: VEXIRA over [MSAFD Tcpip [UDP/IPv6]]
GUID: {DE7D8B93-B435-4A3E-8062-70665D279E50}
Filename: C:\PROGRA~1\VEXIRA~1\Bin\vblsp.dll

Protocol 7: VEXIRA over [MSAFD Tcpip [RAW/IPv6]]
GUID: {DE7D8B93-B435-4A3E-8062-70665D279E50}
Filename: C:\PROGRA~1\VEXIRA~1\Bin\vblsp.dll

Protocol 8: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 9: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 10: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 11: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 12: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 13: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 14: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 15: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 16: VEXIRA CONTENT FILTER PROVIDER
GUID: {7F9EB0B5-7444-4497-AEEF-D0E2C76F9FAD}
Filename: C:\PROGRA~1\VEXIRA~1\Bin\vblsp.dll

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7212B933-C126-4542-B77B-940522A9C71D}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7212B933-C126-4542-B77B-940522A9C71D}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{86FC69B3-33EE-4395-84BC-CBF06DAB714A}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{86FC69B3-33EE-4395-84BC-CBF06DAB714A}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7212B933-C126-4542-B77B-940522A9C71D}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7212B933-C126-4542-B77B-940522A9C71D}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5BE67B07-E437-4CEF-9941-E87AA15EFD29}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5BE67B07-E437-4CEF-9941-E87AA15EFD29}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{51D6EFD5-6A3F-407C-9CA2-7308E6F3FFB1}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{51D6EFD5-6A3F-407C-9CA2-7308E6F3FFB1}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E4336136-CA79-480B-B8CF-DF2269CBEAFA}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E4336136-CA79-480B-B8CF-DF2269CBEAFA}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: NLA-navneområde (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: Provider til navneområde for PNRP-sky
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename: C:\WINDOWS\system32\pnrpnsp.dll

Namespace Provider 4: Provider til navneområde for PNRP-navne
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename: C:\WINDOWS\system32\pnrpnsp.dll
 
Ok, reviewed all those and don't see any evidence of a malware problem.

Your Sun Java is out of date and while not the cause of your slowdowns or freezes, it is a security risk that you should remedy as soon as possible
See here:
Sun Microsystems~Java. Check it is up-to-date & old versions removed
http://forums.spybot.info/showthread.php?t=2559

Additional slowness after running through those fixes, perhaps uninstalling the Ewido Antimalware program will help. That's the only one that might use additional resources in all of those you used.

Delete the Smitrem folder as well - it is not needed.

I can't diagnose what is causing your problems, but it doesn't appear to be malware anyway
 
Hi, got your email. It is much better to reply in this thread. I'll attach your entire log of which this is but this is just an except:
(And I can't read it since it is in a foreign language). I'll see if I can find someone who can.

26-03-2006 05:06:07 Application Hang Error Ingen 1001 Ikke tilgængelig BHT Error-bucket 126637809.
26-03-2006 05:05:58 Application Hang Error (101) 1002 Ikke tilgængelig BHT Stoppet program IEXPLORE.EXE, version 6.0.2900.2180, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000.
26-03-2006 03:54:19 SecurityCenter Infos Ingen 1800 Ikke tilgængelig BHT Tjenesten Windows Sikkerhedscenter er startet.
26-03-2006 03:54:12 MSSQL$MICROSOFTBCM warning (8) 19011 Ikke tilgængelig BHT Beskrivelsen for hændelses-id ( 19011 ) i kilden ( MSSQL$MICROSOFTBCM ) blev ikke fundet. Den lokale computer har muligvis ikke de nødvendige Infos i registreringsdatabasen eller DLL-meddelelsesfiler til at vise meddelelser fra en fjerncomputer. Du kan muligvis bruge flaget /AUXSOURCE= til at vise denne beskrivelse. Se i Hjælp og support for at få flere Infos. Følgende Infos er en del af hændelsen: (SpnRegister) : Error 1355.
26-03-2006 03:54:04 ATI Smart Infos Ingen 105 Ikke tilgængelig BHT The service was started.
26-03-2006 03:52:52 InCDsrvR Infos Ingen 4096 Ikke tilgængelig BHT Beskrivelsen for hændelses-id ( 4096 ) i kilden ( InCDsrvR ) blev ikke fundet. Den lokale computer har muligvis ikke de nødvendige Infos i registreringsdatabasen eller DLL-meddelelsesfiler til at vise meddelelser fra en fjerncomputer. Du kan muligvis bruge flaget /AUXSOURCE= til at vise denne beskrivelse. Se i Hjælp og support for at få flere Infos. Følgende Infos er en del af hændelsen: InCD Reader detected presence of InCD. The service will not start because it is not required..
26-03-2006 03:50:09 SecurityCenter Infos Ingen 1800 Ikke tilgængelig BHT Tjenesten Windows Sikkerhedscenter er startet.
26-03-2006 03:49:55 MSSQL$MICROSOFTBCM warning (8) 19011 Ikke tilgængelig BHT Beskrivelsen for hændelses-id ( 19011 ) i kilden ( MSSQL$MICROSOFTBCM ) blev ikke fundet. Den lokale computer har muligvis ikke de nødvendige Infos i registreringsdatabasen eller DLL-meddelelsesfiler til at vise meddelelser fra en fjerncomputer. Du kan muligvis bruge flaget /AUXSOURCE= til at vise denne beskrivelse. Se i Hjælp og support for at få flere Infos. Følgende Infos er en del af hændelsen: (SpnRegister) : Error 1355.
26-03-2006 03:49:48 ATI Smart Infos Ingen 105 Ikke tilgængelig BHT The service was started.
26-03-2006 03:48:38 InCDsrvR Infos Ingen 4096 Ikke tilgængelig BHT Beskrivelsen for hændelses-id ( 4096 ) i kilden ( InCDsrvR ) blev ikke fundet. Den lokale computer har muligvis ikke de nødvendige Infos i registreringsdatabasen eller DLL-meddelelsesfiler til at vise meddelelser fra en fjerncomputer. Du kan muligvis bruge flaget /AUXSOURCE= til at vise denne beskrivelse. Se i Hjælp og support for at få flere Infos. Følgende Infos er en del af hændelsen: InCD Reader detected presence of InCD. The service will not start because it is not required..
26-03-2006 03:47:47 Userenv warning Ingen 1517 NT AUTHORITY\SYSTEM BHT Registreringsdatabasen for brugeren BHT\BHT-Admin blev gemt, da et program eller en tjeneste brugte den, da der blev logget af. Den hukommelse, der blev brugt af brugerens registreringsdatabase, er ikke frigjort. Registreringsdatabasen fjernes, når den ikke længere er i brug.

Det skyldes i de fleste tilfælde tjenester, der kører som brugerkonto. Forsøg at konfigurere tjenesterne til at køre i enten kontoen LocalService eller NetworkService.
25-03-2006 20:27:41 SecurityCenter Infos Ingen 1800 Ikke tilgængelig BHT Tjenesten Windows Sikkerhedscenter er startet.
25-03-2006 20:26:57 MSSQL$MICROSOFTBCM warning (8) 19011 Ikke tilgængelig BHT Beskrivelsen for hændelses-id ( 19011 ) i kilden ( MSSQL$MICROSOFTBCM ) blev ikke fundet. Den lokale computer har muligvis ikke de nødvendige Infos i registreringsdatabasen eller DLL-meddelelsesfiler til at vise meddelelser fra en fjerncomputer. Du kan muligvis bruge flaget /AUXSOURCE= til at vise denne beskrivelse. Se i Hjælp og support for at få flere Infos. Følgende Infos er en del af hændelsen: (SpnRegister) : Error 1355.
25-03-2006 20:26:42 ATI Smart Infos Ingen 105 Ikke tilgængelig BHT The service was started.
25-03-2006 20:26:28 InCDsrvR Infos Ingen 4096 Ikke tilgængelig BHT Beskrivelsen for hændelses-id ( 4096 ) i kilden ( InCDsrvR ) blev ikke fundet. Den lokale computer har muligvis ikke de nødvendige Infos i registreringsdatabasen eller DLL-meddelelsesfiler til at vise meddelelser fra en fjerncomputer. Du kan muligvis bruge flaget /AUXSOURCE= til at vise denne beskrivelse. Se i Hjælp og support for at få flere Infos. Følgende Infos er en del af hændelsen: InCD Reader detected presence of InCD. The service will not start because it is not required..
25-03-2006 20:25:20 Userenv warning Ingen 1517 NT AUTHORITY\SYSTEM BHT Registreringsdatabasen for brugeren BHT\BHT-Admin blev gemt, da et program eller en tjeneste brugte den, da der blev logget af. Den hukommelse, der blev brugt af brugerens registreringsdatabase, er ikke frigjort. Registreringsdatabasen fjernes, når den ikke længere er i brug.

Det skyldes i de fleste tilfælde tjenester, der kører som brugerkonto. Forsøg at konfigurere tjenesterne til at køre i enten kontoen LocalService eller NetworkService.
25-03-2006 19:25:34 LoadPerf Infos Ingen 1000 Ikke tilgængelig BHT Ydelsestællerne for tjenesten Outlook (Outlook) blev indlæst. Postdata indeholder de nye indeksværdier, som er tildelt denne tjeneste.
25-03-2006 19:25:34 LoadPerf warning Ingen 2002 Ikke tilgængelig BHT MOF-filen, der blev oprettet til tjenesten Outlook kunne ikke indlæses. Errorkoden, der blev returneret af MOF-compileren, findes i postdataene. Inden denne tjenestes ydelsestæller kan indsamles af WMI skal MOF-filen indlæses manuelt. Kontakt leverandøren af denne tjeneste for at få yderligere Infos.
25-03-2006 19:25:34 LoadPerf Infos Ingen 1001 Ikke tilgængelig BHT Ydelsestællerne for tjenesten outlook (outlook) blev fjernet. Postdata indeholder de nye værdier for registreringsdatabaseposterne Last Counter og Last Help.
25-03-2006 19:25:32 Microsoft Office 11 Error Ingen 2001 Ikke tilgængelig BHT Rejected Safe Mode action : Microsoft Office Outlook.
25-03-2006 19:21:29 MsiInstaller Infos Ingen 11728 BHT\BHT-Admin BHT Produkt: Business Contact Manager til Outlook 2003-Konfigurationen blev fuldført.
25-03-2006 19:21:29 MsiInstaller Infos Ingen 1022 BHT\BHT-Admin BHT Produkt: Business Contact Manager til Outlook 2003 - Opdateringen '{A9CC656F-BB8A-48B2-B479-5523599B9CCA}' blev installeret.
25-03-2006 19:21:25 MSSQL$MICROSOFTBCM warning (8) 19011 Ikke tilgængelig BHT Beskrivelsen for hændelses-id ( 19011 ) i kilden ( MSSQL$MICROSOFTBCM ) blev ikke fundet. Den lokale computer har muligvis ikke de nødvendige Infos i registreringsdatabasen eller DLL-meddelelsesfiler til at vise meddelelser fra en fjerncomputer. Du kan muligvis bruge flaget /AUXSOURCE= til at vise denne beskrivelse. Se i Hjælp og support for at få flere Infos. Følgende Infos er en del af hændelsen: (SpnRegister) : Error 1355.
25-03-2006 19:21:21 LoadPerf Infos Ingen 1000 Ikke tilgængelig BHT Ydelsestællerne for tjenesten MSSQL$MICROSOFTBCM (MSSQL$MICROSOFTBCM) blev indlæst. Postdata indeholder de nye indeksværdier, som er tildelt denne tjeneste.
25-03-2006 19:21:21 LoadPerf Infos Ingen 1001 Ikke tilgængelig BHT Ydelsestællerne for tjenesten MSSQL$MICROSOFTBCM (MSSQL$MICROSOFTBCM) blev fjernet. Postdata indeholder de nye værdier for registreringsdatabaseposterne Last Counter og Last Help.
25-03-2006 19:19:11 MsiInstaller warning Ingen 1015 BHT\BHT-Admin BHT Der kunne ikke oprettes forbindelse til serveren. Error: 0x800401F0
25-03-2006 19:10:54 OfficeUpdateV3 Overvågning af vellykkede forsøg Ingen 0 Ikke tilgængelig BHT Beskrivelsen for hændelses-id ( 0 ) i kilden ( OfficeUpdateV3 ) blev ikke fundet. Den lokale computer har muligvis ikke de nødvendige Infos i registreringsdatabasen eller DLL-meddelelsesfiler til at vise meddelelser fra en fjerncomputer. Du kan muligvis bruge flaget /AUXSOURCE= til at vise denne beskrivelse. Se i Hjælp og support for at få flere Infos. Følgende Infos er en del af hændelsen: V3_2|513598|INSTALL|EXCEL_8012_INTL||2006-03-25 19:04:50|9|SUCCESS|||.
25-03-2006 19:10:54 OfficeUpdateV3 Overvågning af vellykkede forsøg Ingen 0 Ikke tilgængelig BHT Beskrivelsen for hændelses-id ( 0 ) i kilden ( OfficeUpdateV3 ) blev ikke fundet. Den lokale computer har muligvis ikke de nødvendige Infos i registreringsdatabasen eller DLL-meddelelsesfiler til at vise meddelelser fra en fjerncomputer. Du kan muligvis bruge flaget /AUXSOURCE= til at vise denne beskrivelse. Se i Hjælp og support for at få flere Infos. Følgende Infos er en del af hændelsen: V3_2|513557|INSTALL|OUTLOOK_8010_INTL||2006-03-25 19:04:50|9|SUCCESS|||.
25-03-2006 19:10:54 OfficeUpdateV3 Overvågning af vellykkede forsøg Ingen 0 Ikke tilgængelig BHT Beskrivelsen for hændelses-id ( 0 ) i kilden ( OfficeUpdateV3 ) blev ikke fundet. Den lokale computer har muligvis ikke de nødvendige Infos i registreringsdatabasen eller DLL-meddelelsesfiler til at vise meddelelser fra en fjerncomputer. Du kan muligvis bruge flaget /AUXSOURCE= til at vise denne beskrivelse. Se i Hjælp og support for at få flere Infos. Følgende Infos er en del af hændelsen: V3_2|513525|INSTALL|OLKINTL_8010_DAN||2006-03-25 19:04:50|9|SUCCESS|||.
25-03-2006 19:10:52 MsiInstaller Infos Ingen 11728 BHT\BHT-Admin BHT Produkt: Microsoft Office Professional Edition 2003 -- Konfigurationen blev fuldført.
25-03-2006 19:10:52 MsiInstaller Infos Ingen 1022 BHT\BHT-Admin BHT Produkt: Microsoft Office Professional Edition 2003 - Opdateringen 'Opdatering til Outlook 2003 (KB913807): OLKINTLff' blev installeret.
25-03-2006 19:10:36 MsiInstaller Infos Ingen 11728 BHT\BHT-Admin BHT Produkt: Microsoft Office Professional Edition 2003 -- Konfigurationen blev fuldført.
25-03-2006 19:10:36 MsiInstaller Infos Ingen 1022 BHT\BHT-Admin BHT Produkt: Microsoft Office Professional Edition 2003 - Opdateringen 'Update for Outlook 2003 (KB913807): OUTLOOKff' blev installeret.
25-03-2006 19:10:17 MsiInstaller Infos Ingen 11728 BHT\BHT-Admin BHT Produkt: Microsoft Office Professional Edition 2003 -- Konfigurationen blev fuldført.
25-03-2006 19:10:17 MsiInstaller Infos Ingen 1022 BHT\BHT-Admin BHT Produkt: Microsoft Office Professional Edition 2003 - Opdateringen 'Security Update for Excel 2003 (KB905756): EXCELff' blev installeret.
25-03-2006 19:03:13 Application Hang Error Ingen 1001 Ikke tilgængelig BHT Error-bucket 212507700.
25-03-2006 19:02:26 Application Hang Error Ingen 1001 Ikke tilgængelig BHT Error-bucket 212507700.
25-03-2006 19:02:15 Application Hang Error Ingen 1001 Ikke tilgængelig BHT Error-bucket 212507700.
25-03-2006 19:02:03 Application Hang Error (101) 1002 Ikke tilgængelig BHT Stoppet program OUTLOOK.EXE, version 11.0.6565.0, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000.
25-03-2006 19:00:16 Application Hang Error (101) 1002 Ikke tilgængelig BHT Stoppet program OUTLOOK.EXE, version 11.0.6565.0, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000.
25-03-2006 19:00:16 Application Hang Error (101) 1002 Ikke tilgængelig BHT Stoppet program OUTLOOK.EXE, version 11.0.6565.0, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000.
25-03-2006 18:59:51 LoadPerf Infos Ingen 1000 Ikke tilgængelig BHT Ydelsestællerne for tjenesten Outlook (Outlook) blev indlæst. Postdata indeholder de nye indeksværdier, som er tildelt denne tjeneste.
25-03-2006 18:59:51 LoadPerf warning Ingen 2002 Ikke tilgængelig BHT MOF-filen, der blev oprettet til tjenesten Outlook kunne ikke indlæses. Errorkoden, der blev returneret af MOF-compileren, findes i postdataene. Inden denne tjenestes ydelsestæller kan indsamles af WMI skal MOF-filen indlæses manuelt. Kontakt leverandøren af denne tjeneste for at få yderligere Infos.
25-03-2006 18:59:44 LoadPerf Infos Ingen 1001 Ikke tilgængelig BHT Ydelsestællerne for tjenesten outlook (outlook) blev fjernet. Postdata indeholder de nye værdier for registreringsdatabaseposterne Last Counter og Last Help.
25-03-2006 18:55:24 SecurityCenter Infos Ingen 1800 Ikke tilgængelig BHT Tjenesten Windows Sikkerhedscenter er startet.
25-03-2006 18:54:13 MSSQL$MICROSOFTBCM warning (8) 19011 Ikke tilgængelig BHT Beskrivelsen for hændelses-id ( 19011 ) i kilden ( MSSQL$MICROSOFTBCM ) blev ikke fundet. Den lokale computer har muligvis ikke de nødvendige Infos i registreringsdatabasen eller DLL-meddelelsesfiler til at vise meddelelser fra en fjerncomputer. Du kan muligvis bruge flaget /AUXSOURCE= til at vise denne beskrivelse. Se i Hjælp og support for at få flere Infos. Følgende Infos er en del af hændelsen: (SpnRegister) : Error 1355.
25-03-2006 18:53:58 ATI Smart Infos Ingen 105 Ikke tilgængelig BHT The service was started.
25-03-2006 18:53:46 InCDsrvR Infos Ingen 4096 Ikke tilgængelig BHT Beskrivelsen for hændelses-id ( 4096 ) i kilden ( InCDsrvR ) blev ikke fundet. Den lokale computer har muligvis ikke de nødvendige Infos i registreringsdatabasen eller DLL-meddelelsesfiler til at vise meddelelser fra en fjerncomputer. Du kan muligvis bruge flaget /AUXSOURCE= til at vise denne beskrivelse. Se i Hjælp og support for at få flere Infos. Følgende Infos er en del af hændelsen: InCD Reader detected presence of InCD. The service will not start because it is not required..
25-03-2006 18:52:43 Userenv warning Ingen 1517 NT AUTHORITY\SYSTEM BHT Registreringsdatabasen for brugeren BHT\BHT-Admin blev gemt, da et program eller en tjeneste brugte den, da der blev logget af. Den hukommelse, der blev brugt af brugerens registreringsdatabase, er ikke frigjort. Registreringsdatabasen fjernes, når den ikke længere er i brug.

NOTE: Remainder of log is attached in a zip file
 
Part of log translatet [COLOR="Red"]Danish[/COLOR] [COLOR="Blue"]English[/COLOR]

I can translate parts of it to English but what in means that is the problem so I hereby quote some examples from the Log which appear again and again.

26-03-2006 03:54:12 MSSQL$MICROSOFTBCM warning (8) 19011 Ikke tilgængelig BHT Beskrivelsen for hændelses-id ( 19011 ) i kilden ( MSSQL$MICROSOFTBCM ) blev ikke fundet. Den lokale computer har muligvis ikke de nødvendige Infos i registreringsdatabasen eller DLL-meddelelsesfiler til at vise meddelelser fra en fjerncomputer. Du kan muligvis bruge flaget /AUXSOURCE= til at vise denne beskrivelse. Se i Hjælp og support for at få flere Infos. Følgende Infos er en del af hændelsen: (SpnRegister) : Error 1355.

MSSQL$MICROSOFTBCM warning (8) 19011 Not available BHT description for event-id ( 19011 ) in Suorce ( MSSQL$MICROSOFTBCM ) Was not found. The local computer has not the necessary informations in the reistration database or DLL-informationfiles to show these messages from a remote computer. You can maybe use the flag /AUXSOURCE= to see this description. Also look in Help & Support to get more information of the event.: (SpnRegister) : Error 1355

26-03-2006 03:47:47 Userenv warning Ingen 1517 NT AUTHORITY\SYSTEM BHT Registreringsdatabasen for brugeren BHT\BHT-Admin blev gemt, da et program eller en tjeneste brugte den, da der blev logget af. Den hukommelse, der blev brugt af brugerens registreringsdatabase, er ikke frigjort. Registreringsdatabasen fjernes, når den ikke længere er i brug.
Det skyldes i de fleste tilfælde tjenester, der kører som brugerkonto. Forsøg at konfigurere tjenesterne til at køre i enten kontoen LocalService eller NetworkService.

26-03-2006 03:47:47 Userenv warning No 1517 NT AUTHORITY\SYSTEM BHT Registrydatabase for User BHT\BHT-Admin Was saved, as a program or a service used it, when it was logget off. The memory used by the users regisrtybase is not released. The registrybase will be removed when it is no longer in use. This is under most circumstances caused by services which are operated under a user account. Try to configure these services to be executed under the account LocalService or NetworkService.

23-03-2006 02:00:14 MsiInstaller warning Ingen 1001 BHT\BHT-Admin BHT Identificeringen af funktionen 'MPEG2_Produce' i produktet '{1CB63C5C-DA69-4793-BD35-43BDE2A86D43}' mislykkedes under anmodningen om komponent '{4F1C55BF-1E25-4162-A3C2-9398197882E8}'

23-03-2006 02:00:14 MsiInstaller warning None 1001 BHT\BHT-Admin BHT Identification of the function 'MPEG2_Produce' in product '{1CB63C5C-DA69-4793-BD35-43BDE2A86D43}' failed during request of component '{4F1C55BF-1E25-4162-A3C2-9398197882E8}'
 
Hello Hardy,

My specialty is malware removal and I can't see any at all in the logs you posted earlier.

Your event logs probably have some clues but that is not my specialty. You might try the MS newsgroups for your language/location? On a search for some keywords for those errors, I found these links of descriptions. I'm not sure if this will help but I'll post it here for you.

I searched for these errors and got these pages at Microsoft knowledgebase:

MsiInstaller warning 1001
http://support.microsoft.com/kb/833183

Userenv warning 1517
http://support.microsoft.com/default.aspx?scid=kb;en-us;810616

MSSQL$MICROSOFTBCM warning 19011
http://support.microsoft.com/Default.aspx?id=828246
 
Thank you CalamityJane.

Hardy159 this topic will now be archived to prevent others with similar issues posting in it.
If you need it re-opened please send me a pm and provide a link to the thread.
 
You must log in or register to reply here.
Back
Top