• Content Count

  • Joined

  • Last visited

About raynertj

  • Rank
    Full Member
  1. It's an Intel Pentium 4 CPU, with 2 GB of Ram and # Ghz. I run CCleaner as well as ATF Cleaner and Comodo disk cleaner. and have defraged a couple of ways. Not sure about the other that you ask about. Where do I find that info. I'm running Panda, Comodo and Webroot Internet Security Essentials at startup. It just did it again, the message was: "Insufficient system resources exist to complete the requested service" The service that I was requesting was to open my Outlook Express. When I shut it down and restart then it will run.
  2. It's an Intel Pentium 4 CPU, with 2 GB of Ram and # Ghz. I run CCleaner as well as ATF Cleaner and Comodo disk cleaner. and have defraged a couple of ways. Not sure about the other that you ask about. Where do I find that info. I'm running Panda, Comodo and Webroot Internet Security Essentials at startup.
  3. Free space is 101GB. The downloads are coming from Microsoft update and I've also tried Secunia.
  4. I'm having trouble loading the security update shown "Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP,(KB2416447)" as well as 2.x and 3.x and I keep running in insufficient memory issues lately
  5. Sure seems to. Hey one last thing. In my HJT eacceleration keeps "reloading" itself' It's not in the add/remove to remove, it's not in the programs files as I searched on both files and folders. How do I get rid of it.
  6. So far so good I've loaded AVG and run it then rebooted and haven't seen a change in speed. Thanks for the lead on AVG.
  7. We tried a number of different combinations in msconfig services with reboots each time and looked at the time to load a web page. This was after we'd tried a test in Safe mode connected and found a big difference in speed. The only combination that consistently slowed the Browser response time was the ones mentioned above. ps I've uninstalled Norton and am in the process of installing / running the AVG option. Once it's done I'll take a look at browser response speed. I have no idea which game the the runservice.exe is associated with.
  8. Interesting as with allthe combinations that we tried it was the only one that caused a significant decrease in browser speed.
  9. Before I uninstall Norton AV are there any known conflicts between the AV you've suggested and runservice.exe
  10. Sounds like being between a rock and a hard place. I still have Spybot resident running, spywareguard, and Cyberhawk and can reinstall CA security. I also have Adaware SE, Spyware blaster and Xoftspy available. Question is will those suffice in the absence of Norton AV. I don't have McAfee.
  11. I contacted Sympatico and went through the system with them and found that what the Modem was seeing was the right speed which narrowed the issue to the Browser. I then contacted Microsoft and went through a long process of trying to determine what the issue was that was causing the slowdown. In the end it looks like there was a conflict between: 1) DefWatch which looks like it's related to C:\\program files\NavNT\defwatch.exe (what's this do) 2) LicCtrl Service which look like it's related to c:\windows\runservice.exe (what's this) 3) Norton antivirus Disabling all 3 has the speed back to normal. Any comments on the above conflict.
  12. Looks like someone does some reading and is learning from other peoples mistakes. /me pats Liz on the back and says nice observation m'am. M I went in and did the deletions on the HJT file and used regedit to get at the HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\P references\HME and set the DWORD value DisableDiscovery to 2 The one that couldn't find was HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" you'll find "quicktime task" with the value "c:\programfiler\quicktime\qttask.exe -atboottime". Remove it to avoid the file from loading on boot. I also could not delete the eacceleration using the add/removes programs as it wasn't there and didn't show in the Programs file but keeps coming up on reboot as an error. I also couldn't delete the Yahoo Companion for the add/remove. The computer is still slow running. I'm on a high speed DSL, with a network of two. I've changed it so that the Dell ran only through the Speedstream with no change and changed the cables, with no change and changed wall jacks, with no change. I suspect the ISP somewhat but there are also some progrmas not related to IE access that are also slow loading. Most IE sites are very slow loading.
  13. Here's the silent runners file: "Silent Runners.vbs", revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS] "Window Washer" = "C:\Program Files\Webroot\Washer\wwDisp.exe" ["Webroot Software"] "INetBooster" = "C:\Program Files\OSS\Internet Booster\ISpBos.exe" ["Onestopsoft.com"] "DellSupport" = ""C:\Program Files\Dell Support\DSAgnt.exe" /startup" ["Gteko Ltd."] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS] "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "vptray" = "C:\Program Files\NavNT\vptray.exe" ["Symantec Corporation"] "UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"] "SpybotSnD" = ""C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck" ["Safer Networking Limited"] "SoundMAXPnP" = "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" ["Analog Devices, Inc."] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "PCMService" = ""C:\Program Files\Dell\Media Experience\PCMService.exe"" ["CyberLink Corp."] "mmtask" = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" ["Musicmatch Inc."] "KernelFaultCheck" = "%systemroot%\system32\dumprep 0 -k" [MS] "igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"] "igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"] "igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"] "DXM6Patch_981116" = "C:\WINDOWS\p_981116.exe /Q:A" [MS] "dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"] "Cyberhawk" = "C:\Program Files\Novatix\Cyberhawk\CHTray.exe" ["Novatix Corporation"] HKLM\Software\Microsoft\Active Setup\Installed Components\ <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}\(Default) = "IE7 Uninstall Stub" \StubPath = "C:\WINDOWS\system32\ieudinit.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = (no title provided) -> {HKLM...CLSID} = "Yahoo! Companion BHO" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll" ["Yahoo! Inc."] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {4A368E80-174F-4872-96B5-0B27DDD11DB2}\(Default) = "SpywareGuard Download Protection" -> {HKLM...CLSID} = "SpywareGuardDLBLOCK.CBrowserHelper" \InProcServer32\(Default) = "C:\Program Files\SpywareGuard\dlprotect.dll" [null data] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided) -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt" -> {HKLM...CLSID} = "RecordNow! SendToExt" \InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data] "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions" -> {HKLM...CLSID} = "VpshellEx Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension" -> {HKLM...CLSID} = "KodakShellExtension" \InProcServer32\(Default) = "C:\Program Files\Common Files\KODAK\IFSCore\kodakshx.dll" ["Eastman Kodak Company"] "{6EE51AA0-77A0-11D7-B4E1-000347126E46}" = "Window Washer Shell Shredding Utility" -> {HKLM...CLSID} = "Window Washer Shell Shredding Utility" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"] "{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess" -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"] "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a-squared Context Menu Shell Extension" -> {HKLM...CLSID} = "a-squared context menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [file not found] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] "{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension" -> {HKLM...CLSID} = "Trojan Remover Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" [file not found] "{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE}" = "eLicense Control" -> {HKLM...CLSID} = "eLicense Control" \InProcServer32\(Default) = "C:\WINDOWS\lcmmfu.cpl" [null data] "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard" -> {HKLM...CLSID} = "SpywareGuard.Handler" \InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard" -> {HKLM...CLSID} = "SpywareGuard.Handler" \InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "AppInit_DLLs" = "°b" [file not found] HKLM\System\CurrentControlSet\Control\SecurityProviders\ <<!>> ("zwebauth.dll" [MS]) "SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll" HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"] <<!>> NavLogon\DLLName = "C:\WINDOWS\system32\NavLogon.dll" [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ EncodeDivXExt\(Default) = "{E9F5B111-CACC-4FD4-81FD-4EB4FD6765A3}" -> {HKLM...CLSID} = "EncodeDivXContextMenu Class" \InProcServer32\(Default) = "C:\Documents and Settings\Jeff\My Documents\Jeff's folder\DivX\Dr.DivX\EncodeDivXExt.dll" [file not found] LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" -> {HKLM...CLSID} = "VpshellEx Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}" -> {HKLM...CLSID} = "Trojan Remover Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" [file not found] Washer\(Default) = "{6EE51AA0-77A0-11D7-B4E1-000347126E46}" -> {HKLM...CLSID} = "Window Washer Shell Shredding Utility" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ Washer\(Default) = "{6EE51AA0-77A0-11D7-B4E1-000347126E46}" -> {HKLM...CLSID} = "Window Washer Shell Shredding Utility" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" -> {HKLM...CLSID} = "a-squared context menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [file not found] LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" -> {HKLM...CLSID} = "VpshellEx Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}" -> {HKLM...CLSID} = "Trojan Remover Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" [file not found] UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" -> {HKLM...CLSID} = "a-squared context menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [file not found] UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "ForceActiveDesktopOn" = (REG_DWORD) hex:0x00000000 {Enable Active Desktop} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableTaskMgr" = (REG_DWORD) hex:0x00000000 {Remove Task Manager} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Terry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\SSSTARS.SCR" [MS] Startup items in "Terry" & "All Users" startup folders: ------------------------------------------------------- C:\Documents and Settings\Terry\Start Menu\Programs\Startup "SpywareGuard" -> shortcut to: "C:\Program Files\SpywareGuard\sgmain.exe" [null data] C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" ["BVRP Software"] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Companion" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll" ["Yahoo! Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Companion" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll" ["Yahoo! Inc."] "{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint" -> {HKLM...CLSID} = "Easy-WebPrint" \InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided) -> {HKLM...CLSID} = "Real.com" \InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS] HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" -> {HKLM...CLSID} = "Web Browser Applet Control" \InProcServer32\(Default) = "C:\WINDOWS\system32\msjava.dll" [MS] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"] Cyberhawk, Cyberhawk, ""C:\Program Files\Common Files\Novatix\Cyberhawk\CHService.exe" service" ["Novatix Corporation"] DefWatch, DefWatch, ""C:\Program Files\NavNT\defwatch.exe"" ["Symantec Corporation"] HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]} Kodak Camera Connection Software, KodakCCS, "C:\WINDOWS\system32\drivers\KodakCCS.exe" ["Eastman Kodak Company"] LicCtrl Service, LicCtrlService, "C:\WINDOWS\runservice.exe" [null data] Norton AntiVirus Client, Norton AntiVirus Server, ""C:\Program Files\NavNT\rtvscan.exe"" ["Symantec Corporation"] ScsiAccess, ScsiAccess, "C:\WINDOWS\system32\ScsiAccess.EXE" [null data] Windows Media Player Network Sharing Service, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\WMPNetwk.exe"" [MS] Keyboard Driver Filters: ------------------------ HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\ "UpperFilters" = <<!>> "NxKbMon" ["Novatix Corporation"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor iP4200\Driver = "CNMLM78.DLL" ["CANON INC."] Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 64 seconds. ---------- (total run time: 336 seconds)